← Back to homeSign up

MYP&L PRIVACY POLICY

Last Updated: February 2026

This Privacy Policy describes how MyP&L ("MyP&L," "we," "us," or "our") collects, uses, discloses, and safeguards information when you access or use our web application available at mypandl.com (the "Service").

By using the Service, you consent to the practices described in this Privacy Policy.

1. Scope of This Policy

This Privacy Policy applies to information collected through the Service.

It does not apply to:

  • Third-party websites or services linked from the Service
  • Authentication or infrastructure providers that process data independently

Authentication services are provided by Stytch, which processes certain data under its own privacy practices.

2. Information We Collect

A. Information You Provide

We collect information you provide directly, including:

  • First and last name
  • Email address
  • Account credentials (via third-party authentication provider)
  • Business information (business name, type, industry, tax form election)
  • Uploaded bank and credit card statement PDFs
  • Generated P&L and Balance Sheet outputs
  • Communications with us

B. Financial Documents

Uploaded bank and credit card statements may contain:

  • Transaction histories
  • Merchant descriptions
  • Deposit and withdrawal amounts
  • Account numbers (if included in uploaded PDFs)

Important Data Handling:

  • PDFs Not Stored: Raw PDF files are processed temporarily and are not permanently stored on our servers. Only the extracted transaction data is saved.
  • PII Redaction: We remove personally identifiable information (account numbers, routing numbers, Social Security Numbers) before processing your statements with AI services.
  • File Name Guidance: We instruct users not to include account numbers or sensitive information in file names.

We do not request or collect online banking login credentials.

C. Automatically Collected Information

We may collect limited technical information such as:

  • IP address
  • Browser type
  • Device information
  • Usage activity (pages visited, features used)

D. Cookies

We use a session cookie to keep you logged in. This cookie:

  • Is required to use the Service
  • Expires after 30 days
  • Can be cleared by logging out or through your browser settings

We do not use advertising or tracking cookies.

You may disable cookies in your browser, though this will prevent you from using the Service.

3. How We Use Information

We use collected information to:

  • Provide and operate the Service
  • Process uploaded documents and extract transaction data
  • Generate P&L statements and Balance Sheets
  • Authenticate users
  • Track usage limits (3 statement generations per tax year)
  • Process payments for additional generations
  • Send statements via email to recipients you specify (optional)
  • Maintain system security
  • Improve the Service
  • Respond to inquiries
  • Comply with legal obligations

AI Processing:

We use Anthropic's Claude AI to extract transaction data from uploaded PDFs and categorize transactions. Before sending data to Anthropic, we remove account numbers, routing numbers, Social Security Numbers, and similar identifiers. Anthropic does not use your data to train AI models.

We do not sell personal information.

4. Legal Basis for Processing

We process information based on:

  • Your consent
  • Performance of a contract (providing the Service)
  • Legitimate business interests (security, fraud prevention)
  • Compliance with legal obligations

5. Disclosure of Information

We may disclose information to:

A. Service Providers

Third-party vendors that assist with:

  • Hosting: Cloud infrastructure providers that store our database and run the application
  • Authentication (Stytch): Identity management and login services
  • AI Processing (Anthropic): We use Claude AI to extract and categorize transactions from your statements. We remove sensitive identifiers (account numbers, routing numbers, SSNs) before sending data to Anthropic. Anthropic does not use your data to train AI models.
  • Payment Processing (Stripe): Secure payment processing for additional statement generations. We do not store credit card information.
  • Email Delivery (Resend): Optional email delivery of statements to recipients you specify

These providers are contractually obligated to use information only to provide services to us.

B. Legal Compliance

We may disclose information if required to:

  • Comply with law or court order
  • Respond to governmental requests
  • Enforce our Terms of Service
  • Protect rights, property, or safety

C. Business Transfers

In the event of merger, acquisition, or asset sale, information may be transferred as part of the transaction.

6. Data Security

We implement commercially reasonable administrative, technical, and physical safe guards designed to protect information.

Security measures may include:

  • Encryption for data transmission and storage
  • Access controls and authentication
  • Removal of sensitive identifiers before AI processing
  • Secure session management
  • Monitoring for unauthorized access

However:

  • No system is completely secure
  • We cannot guarantee absolute security
  • You assume inherent risk in transmitting data online

In the event of a data breach affecting personal information, we will provide notice as required by applicable law.

You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain information for as long as necessary to:

  • Provide the Service
  • Fulfill contractual obligations
  • Resolve disputes
  • Enforce agreements
  • Comply with legal requirements

Upon account termination, we may delete finincial documents and generated outputs in accordance with our retention policies.

We are not obligated to store or archive financial records on your behalf.

8. Your Rights (California Residents)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), including

  • Right to know what personal information we collect
  • Right to request deletion (subject to legal exceptions)
  • Right to correct inaccurate information
  • Right to non-discimination for excercising privacy rights

To excercise rights, contact us at the email listed below.

We do not sell or share personal information for cross-context behaviorial advertising.

9. Children's Privacy

The Service is not intended for individuals under 18 years old. We do not knowingly collect personal information from minors.

10. International Users

The Service is primarily intended for users located in the United States.

If you access the Service from outside the U.S., you acknowledge that information may be processed and stored in the United States.

11. Third-Party Links and Services

The Service may contain links to third-party websites or services.

We are not responsible for the privacy practices or content of those third parties.

12. Government and Tax Authority Disclaimer

We do not share your financial documents with tax authorities unless legally compelled to do so.

We do not submit tax filings or financial information to the IRS or any governmental authority on your behalf.

The Service does not provide tax, legal, accounting, or financial advice. Generated statements are for informational purposes only. Consult qualified professionals for tax preparation and financial advice.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via email or through the Service.

Your continued use of the Service after updates constitutes acceptance of the revised policy.

14. Contact Information

For questions or concerns about this Privacy Policy, please contact us at:

MyP&L
Murrieta, CA 92563
Email: support@mypandl.com

Return to sign up