TruePath Accounting

Privacy Policy

Last updated: March 7, 2026

TruePath Professional Services Group ("TruePath," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use TruePath Accounting ("the Service").

1. Information We Collect

We collect the following categories of information:

  • Account Information. Names, email addresses, and organizational details provided during registration and account setup.
  • Financial Records. Transaction data, journal entries, invoices, purchase orders, bank statements, vendor and customer information, and other financial data you input into the Service as part of your accounting operations.
  • Usage Data. Information about how you interact with the Service, including login timestamps, feature usage patterns, and session duration, collected for the purpose of improving the Service.
  • Payment Information. Billing details required for subscription payments, processed securely through Stripe. We do not store credit card numbers on our servers.

2. How We Use Your Information

We use your information exclusively for the following purposes:

  • Providing and operating the accounting Service as described in our Terms of Service.
  • Processing subscription payments and managing your account.
  • Communicating with you about your account, including service announcements and security alerts.
  • Improving the Service based on aggregated, anonymized usage patterns.
  • Complying with legal obligations and responding to lawful requests from government authorities.

We do not sell, rent, or share your personal information or financial data with third parties for marketing or advertising purposes. Your financial records are used solely for providing the accounting Service to you.

3. Third-Party Processors

We use the following third-party service providers to operate the Service. Each processor handles data in accordance with their own privacy policies and our data processing agreements:

  • Clerk (clerk.com) — Authentication and user management. Processes email addresses, names, and authentication credentials.
  • Stripe (stripe.com) — Payment processing. Processes billing information and payment methods. Stripe is PCI DSS Level 1 compliant.
  • Neon (neon.tech) — Serverless PostgreSQL database hosting. Stores all application data with encryption at rest.
  • Vercel (vercel.com) — Application hosting and edge network delivery. Processes HTTP requests and serves application assets.

4. Data Retention

We retain your data according to the following schedule:

  • Financial Records. Seven (7) years from the date of creation, in compliance with IRS recordkeeping requirements under IRC Section 6001 and Revenue Procedure 98-25.
  • Audit Logs. Seven (7) years, to support regulatory compliance and provide a complete audit trail of accounting activities.
  • User Account Data. Three (3) years after account closure or termination.
  • Bank Import Data. Seven (7) years, consistent with financial records retention.

After the applicable retention period expires, data is permanently deleted from our systems and backups.

5. Your Rights

You have the following rights regarding your personal information:

  • Access. You may request a copy of the personal data we hold about you at any time.
  • Correction. You may request that we correct any inaccurate or incomplete personal data.
  • Deletion. You may request deletion of your personal data, subject to legal retention requirements. Financial records required by law will be retained for the mandated period.
  • Data Portability. You may export all of your data from the Service at any time using the built-in export functionality. We provide exports in standard formats (CSV, PDF) to facilitate transfer to other systems.

To exercise any of these rights, please contact us at privacy@truepathpsg.com.

6. Cookie Policy

The Service uses only essential authentication cookies managed by Clerk to maintain your login session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

No personal data is shared with advertising networks or analytics providers. The authentication cookies are strictly necessary for the operation of the Service and cannot be disabled while using the application.

7. Data Security

We implement robust security measures to protect your data:

  • Encryption at Rest. All stored data is encrypted using AES-256 encryption. Sensitive credentials such as hosting API keys receive an additional layer of application-level AES-256-GCM encryption.
  • Encryption in Transit. All data transmitted between your browser and our servers is protected using TLS 1.3 (HTTPS).
  • Role-Based Access Control. Access to data within each organization is governed by role-based permissions (admin, accountant, member), ensuring users can only access features and data appropriate to their role.
  • Tenant Isolation. Each organization's data is logically isolated at the database level. All queries are scoped to the authenticated organization, preventing cross-tenant data access.
  • Audit Trails. All data mutations are logged to an immutable audit trail, recording who performed each action and when.

8. Breach Notification

In the event of a data breach that affects your personal information, we will notify you within seventy-two (72) hours of becoming aware of the breach. The notification will include:

  • A description of the nature of the breach.
  • The categories and approximate number of records affected.
  • A description of the measures taken to address the breach.
  • Recommendations for steps you can take to protect yourself.

We will also notify relevant supervisory authorities as required by applicable law.

9. Children's Privacy

TruePath Accounting is a business-to-business (B2B) accounting application designed for use by businesses and professionals. The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will promptly delete that information.

10. California Consumer Privacy Act (CCPA) Notice

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you in the last 12 months.
  • Right to Delete. You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements for financial records).
  • Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.
  • No Sale of Personal Information. We do not sell personal information as defined under the CCPA, and we have not sold personal information in the preceding 12 months.

To exercise your CCPA rights, contact us at privacy@truepathpsg.com or use the data export and deletion features within the Service.

11. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact us at:

TruePath Professional Services Group
Privacy Inquiries: privacy@truepathpsg.com