Booki AI

Privacy Policy

Last updated: May 17, 2026

1. Who we are

Booki AI ("Booki," "we," "us") is an accounting-automation service operated by Nexor AI Korea. We help U.S. bookkeepers and CPAs convert PDF invoices, bank statements, and card statements into structured ledger data and into QuickBooks-compatible outputs.

2. Information we collect

  • Account information: name, email address, organization.
  • Customer-provided documents (PDFs, images, spreadsheets) uploaded for processing.
  • QuickBooks Online data accessed via the official Intuit API after the user grants OAuth consent (Chart of Accounts, customers, vendors, and the Journal Entries we are asked to post).
  • Usage logs and basic telemetry needed to operate the service.

3. How we use your data

  • Run the bookkeeping pipeline you requested (parsing, classification, IIF/Excel export, posting to QuickBooks Online when authorized).
  • Authenticate users and protect accounts.
  • Detect abuse and respond to support requests.

We do not sell your data and we do not use it to train third-party models without your explicit consent.

4. QuickBooks Online data

When you connect a QuickBooks Online company to Booki AI, we store the OAuth refresh and access tokens encrypted at rest (Fernet/AES) inside our database, scoped to the workspace that authorized the connection. We use those tokens only to (a) read the resources you ask us to read (e.g., your Chart of Accounts) and (b) post the Journal Entries you explicitly push. You can disconnect at any time from Settings > Integrations; revocation also removes our refresh token.

5. Data retention

Uploaded documents and derived data are retained for the lifetime of your workspace and deleted on request or upon account closure. Tokens for revoked QuickBooks connections are marked revoked and removed within 30 days.

6. Subprocessors

  • Supabase (PostgreSQL, authentication) — us-east-1.
  • Hetzner Cloud (application hosting) — Ashburn, VA.
  • Vercel (frontend hosting).
  • Cloudflare R2 (document storage).
  • Intuit (QuickBooks Online) — only for users who connect QBO.
  • Anthropic / Google (LLM & OCR) — for content parsing only.

7. Security

We follow industry-standard controls: TLS in transit, encryption at rest for sensitive secrets, scoped service accounts, and row-level security on the database. We log access to customer data and rotate credentials when a compromise is suspected.

8. Your rights

You can request access, correction, export, or deletion of your data at any time by emailing nexor.ai.korea@gmail.com. We will respond within 30 days.

9. Changes to this policy

If we make material changes we will update the "Last updated" date and notify active workspace administrators by email.

10. Contact

Nexor AI Korea · nexor.ai.korea@gmail.com