Privacy Policy

  1. Introduction

Balance Technologies, Inc. ("Balance", "we", "us", or "our") operates the Balance financial reconciliation platform available at app.getbalance.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our Service.

Balance Technologies, Inc. is a Delaware corporation. Services are delivered through our group companies, including Balance Technologies Ltd (United Kingdom) and Balance Technologies ApS (Denmark). References to Balance in this policy include all group entities.

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679), and the Danish Data Protection Act (Databeskyttelsesloven).

  1. Data Controller

For personal data we collect about you as a user of our Service (such as your account information), Balance Technologies, Inc. is the Data Controller. Our contact details are:

  • Balance Technologies, Inc.

  • Email: prviacy@getbalance.ai.

  • Data Protection Contact: Gus Levinson, CTO.

When we process financial data on behalf of our customers (such as bank transactions, receipts, and invoices belonging to their clients), we act as a Data Processor. In that case, our customer is the Data Controller, and processing is governed by our Data Processing Agreement (DPA).

  1. What Personal Data We Collect

3.1 Customer and Contact Data

When you engage Balance as a customer, we collect:

  • Contact name and email address.

  • Phone number (for WhatsApp, Slack, or email communication).

  • Company name and CVR/company registration number.

3.2 Financial Data (Processed on Behalf of Customers)

As a Processor acting on our customers' instructions, we process:

  • Bank account details and transaction records (synced from accounting software such as E-conomic, Xero, or QuickBooks).

  • Receipts, invoices, and supporting documents (including PDFs and images).

  • Supplier and customer names, addresses, and identifiers.

  • Journal entries, chart of accounts, and VAT information.

3.3 Email Data

Where a customer authorises Gmail integration, we access:

  • Email body content (to identify and extract financial information).

  • Email metadata (subject lines, sender information, timestamps).

  • Email attachments (invoices and receipts for processing).

This access is limited to the specific mailbox authorised and is used solely for the purpose of financial document extraction and processing.

Google API Disclosure: Balance’s use of information received from the Gmail API adheres to Google’s API Services User Data Policy, including the Limited Use requirements. We do not use Gmail data to develop, improve, or train generalised AI or machine learning models. Gmail data is only used to provide and improve the financial document extraction features of our Service.

3.4 Communication Data

When you interact with us via WhatsApp, Slack, or email, we process:

  • Messages and queries sent to our AI assistant (Bea) and our team.

  • Slack user IDs and WhatsApp phone numbers used for communication.

Our internal platform generates technical logs (error logs, performance data) which may incidentally contain personal data. These logs are used for debugging and service reliability only.

  1. Lawful Basis for Processing

We process personal data under the following lawful bases:

  1. Use of Artificial Intelligence

Balance uses third-party AI services via API to provide automated receipt analysis, transaction matching, expense categorisation, journal entry creation, financial reporting, and to answer questions and analysis requests from our customers. Important information about our AI processing:

All AI processing occurs via API calls with zero data retention (ZDR) agreements in place. No customer data is currently used to train AI models. We may review this position in the future and will update this policy and seek appropriate consent or lawful basis before any such change.

For higher-complexity or higher-importance tasks, AI-generated results are reviewed by our internal team before being shared with customers. For routine, lower-complexity tasks, AI may communicate results directly to customers via WhatsApp, Slack, or email, with the AI escalating to our team when necessary.

We retain AI processing logs for service improvement and debugging purposes. These logs are subject to our Data Retention Policy.

  1. Sub-processors and Data Sharing

We share personal data with third-party service providers (sub-processors) who assist us in delivering the Service. A complete list of our sub-processors is maintained separately and available upon request. Key categories include:

  • Cloud infrastructure providers (hosting, storage, databases).

  • AI providers (document analysis, categorisation).

  • Authentication providers (identity verification).

  • Accounting software providers (integration partners such as E-conomic, Xero, and QuickBooks).

  • Communication providers (Slack, email, WhatsApp for notifications).

We do not sell personal data to third parties. We do not share personal data for advertising purposes.

  1. International Data Transfers

Balance Technologies, Inc. is incorporated in the United States. However, all primary data storage (databases and document storage) is hosted within the European Economic Area (EU, Amsterdam region). Customer data at rest remains within the EEA.

Limited transfers of personal data to the United States occur in the following circumstances:

  • AI processing: when documents are analysed by our AI providers, data is transmitted to US-based API servers for processing. These providers operate under zero data retention (ZDR) agreements — no customer data is stored after the API call completes.

  • Authentication: Firebase Authentication (Google) processes login credentials, which may transit US infrastructure.

  • AI agent execution: our AI assistant (Bea) runs tasks in isolated cloud sandboxes provided by E2B (FoundryLabs, Inc.), which may be hosted in the United States. Sandboxes are ephemeral and destroyed after each task.

  • Communication platforms: messages sent via Slack (Salesforce) and WhatsApp (Meta) transit US-based infrastructure.

For all transfers to the United States, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.

  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs.

  • Where applicable, participation in the EU-US Data Privacy Framework.

  1. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: retained for the duration of your account and deleted within 90 days of account closure.

  • Financial documents and transaction data: retained as directed by the customer (Controller) under the DPA, or for a default period of 7 years for tax/regulatory compliance.

  • AI processing logs: 12 months, with automated deletion.

  • Technical logs: retained for 12 months.

For full details, see our Data Retention Policy.

  1. Your Rights

Under the UK GDPR and EU GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.

  • Right to rectification: request correction of inaccurate data.

  • Right to erasure: request deletion of your data (subject to legal obligations).

  • Right to restrict processing: request limitation of how we use your data.

  • Right to data portability: receive your data in a structured, machine-readable format.

  • Right to object: object to processing based on legitimate interests.

  • Rights related to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal effects; our AI features assist but do not make final decisions without human review.

To exercise any of these rights, contact us at prviacy@getbalance.ai. We will respond within one month as required by law. If we process your data as a Processor on behalf of one of our customers, we will direct your request to the relevant Controller.

  1. . How We Protect Your Data

Keeping your data secure is important to us. We take the following steps to protect your personal data in line with good practice and GDPR requirements:

Step 1: Encrypt everything. All data is encrypted both in transit (TLS) and at rest. Third-party integration credentials are stored using Fernet/AES-128 symmetric encryption. Secrets and API keys are managed through a SOC 2 certified secrets manager.

Step 2: Control access. Multi-factor authentication (MFA) is enforced on all infrastructure and administrative accounts. We use role-based access controls with the principle of least privilege, so only employees who need access to your data to do their job have it.

Step 3: Isolate your data. Each customer’s data is logically separated. Our customers cannot access each other’s data. User identity is managed through Firebase Authentication.

Step 4: Minimise what we keep. AI processing logs are automatically deleted on a rolling basis. When a customer’s contract ends, all their data is deleted within 90 days (except where we are legally required to retain financial records).

Step 5: Monitor and improve. We regularly assess our security measures and update them as needed. We have a documented data breach response procedure with clear escalation steps.

  1. Nature of Service

Balance is a business-to-business (B2B) service. We provide financial reconciliation services to businesses, not to individual consumers. Our customers interact with us through business communication channels (WhatsApp, Slack, and email) rather than through a consumer-facing website or application. We do not knowingly collect personal data from children (individuals under 18). If we become aware that personal data of a child has been included in financial documents we process, we will notify the relevant customer.

  1. . Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The effective date at the top of this policy indicates when it was last revised.

  1. . Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority:

  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk

  • Denmark: Datatilsynet (Danish Data Protection Agency) — datatilsynet.dk

We encourage you to contact us first at prviacy@getbalance.ai so we can attempt to resolve your concern.

  1. . Contact Us

If you have questions about this Privacy Policy or our data protection practices:

  • Email: prviacy@getbalance.ai

  • Data Protection Contact: Gus Levinson, CTO

  • Company: Balance Technologies, Inc.


Back to top

LinkedIn

Y Combinator

Get Started

© 2026 Balance, Inc

Design by

skarlo

Back to top

LinkedIn

Y Combinator

Get Started

© 2026 Balance, Inc

Design by

skarlo

Get in Touch

Get in Touch