Tosite.ai privacy policy

This privacy policy concerns the processing of personal data carried out by Tosite.ai. Tosite.ai acts as the controller of the personal data processed in order to provide the service to you.

Tosite.ai

Email: support@tosite.ai

Privacy matters: privacy@tosite.ai

Tosite.ai is not required to appoint a Data Protection Officer. Privacy matters are handled by Tosite.ai management, reachable at the addresses above.

We process personal data only to the extent necessary and appropriate for a given processing purpose. The personal data we collect and process falls into two general categories: user data and usage data.

User data

User data is personal data collected either directly from you or from Microsoft and Google when you sign in to the service and authorize processing of your mailbox.

When you register for the service, we receive the following information via OAuth authentication:

• name
• email address

When you have a paid subscription:

• information related to your payment methods (required to set up the subscription, but Tosite does not retain it because payments are processed by our third-party payment provider Stripe)
• subscription status and the plan you selected

Mailbox content

Tosite.ai's core function is to read the content of your connected mailbox in order to identify receipts. This is the most sensitive data processing our service performs, and we want to describe it clearly.

When you connect your Microsoft Outlook or Gmail mailbox to the service, we process:

• the sender, subject, and date of email messages
• the text content of email messages
• email attachments such as PDF and image-format receipts

Our access is limited to read-only operations. We do not send, modify, or delete email messages in your mailbox.

Important: Tosite identifies receipt emails using a language model. In practice this means that before a message can be classified as a receipt, its content may be processed automatically. If you want to limit processing to only a specific subset of your emails, you can route receipts to a separate email address and connect only that one to the service.

Extracted receipt data

When the service identifies a receipt email, it extracts structured expense data from the content: the vendor, amount, VAT, currency, date, and expense category. We retain this data, along with the original receipt, for review and export purposes.

Customer-support communications

We also process information you provide to us by phone, email, or chat correspondence.

Usage data

Usage data is generated by your interaction with our service. Although we do not generally use usage data to identify individuals, in certain circumstances it can be combined with user data, in which case we process it as personal data.

We automatically collect the following:

• data describing your device or browser
• IP address and connection type
• information about your interaction with the service: which features you use and any errors you encounter
• error logs and crash reports for diagnosing technical problems

Cookies and other technologies

We use a session cookie that is necessary for the service to function — it is how we keep you signed in. We also use product analytics and error reporting in the service, which may set their own cookies.

You can manage your cookie settings from your browser. Note that blocking the strictly necessary session cookie may prevent you from using the service.

We process personal data only to the extent necessary and appropriate for a given processing purpose. Please note that one or more of the following bases may apply to a given processing activity.

First, Tosite processes your personal data to fulfill its contractual obligations to you — for example to the extent necessary to:

• provide the service to you in accordance with our terms of service
• create and maintain your user account
• process the content of your connected mailbox to identify receipts and extract data
• process your payments together with Stripe
• answer your questions or resolve support cases when you contact us

Second, we may process your personal data on the basis of legitimate interest in conducting, maintaining, and developing our business. We weigh our interests against your right to privacy and use pseudonymized or aggregated data where possible. You have the right to object to processing on the basis of legitimate interest.

We process your personal data on the basis of legitimate interest for example to:

• ensure the technical functioning and security of the service and prevent fraud and abuse
• improve the quality of the service and develop our business by analyzing service usage
• contact you about the service or to request feedback
• manage receivables, collections, and legal processes

In some parts of the service you may be asked to give consent to the processing of personal data. For example, when connecting a mailbox you authorize us to read its content. You can withdraw your consent at any time from the service settings or directly from your Microsoft or Google account management. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

We also process your personal data to fulfill our statutory obligations, such as those under accounting law and tax legislation.

Tosite stores your personal data primarily within the European Economic Area. However, we use service providers such as Anthropic (the language-model service that identifies receipts from emails), Microsoft, Google, and Stripe, which may also process personal data outside the EEA, in particular in the United States.

We take appropriate steps to ensure that Users' personal data receives an adequate level of protection. For transfers we rely on the European Commission's Standard Contractual Clauses (SCCs), EU–US Data Privacy Framework certification, or other appropriate safeguards.

For more information about transfers of personal data, contact us at privacy@tosite.ai.

We do not share your personal data with third parties outside the Tosite.ai organization unless one of the following conditions applies.

For the purposes described in this privacy policy and to authorized service providers

We use carefully selected service providers in operating the service. They process personal data on our behalf and are bound by processing agreements that meet the requirements of Article 28 of the GDPR.

We use the following third-party services, listed below:

• Anthropic (Claude API) — receipt identification and extraction of expense data from email content
• Microsoft — reading Outlook mailboxes and OAuth authentication
• Google — reading Gmail mailboxes and OAuth authentication
• Stripe — processing payments and subscriptions
• Amazon Web Services (AWS) — cloud storage and server infrastructure
• Sentry — processing of error logs and crash reports
• PostHog — product analytics and event analysis
• Email delivery provider — sending transactional emails (e.g. subscription confirmations)

Note that not all of the services listed above are necessarily used continuously or in every market.

For legal reasons and legal processes

We may share your personal data with third parties outside Tosite.ai when we determine that access to and use of personal data is reasonably necessary to: (i) comply with applicable law, regulation, or court order; (ii) detect or prevent fraud, crime, security issues, or technical problems; and/or (iii) protect the interests or property of Tosite.ai, Users, or others, within the limits permitted by law.

For other justified reasons

If Tosite is involved in a merger, acquisition, or sale of assets, we may transfer your personal data to a third party. We will inform every affected user when personal data is transferred to another company in this way or becomes subject to a different privacy policy.

With your explicit consent

We may share your personal data with third parties outside Tosite.ai with your consent. You have the right to withdraw this consent at any time free of charge.

Tosite does not retain your personal data for longer than is permitted by law and necessary for providing the service. The retention period depends on the nature of the data and the purpose of processing.

We retain raw mailbox content (original messages and attachments) only for as long as needed to identify and review the receipt, after which they are deleted by a regular cleanup process. Extracted structured receipt data is retained for accounting purposes for the period required by accounting law.

After you delete your user account, personal data may be retained only for as long as the law requires or as reasonably necessary for our statutory obligations or legitimate interests — such as accounting and handling indemnity claims. OAuth tokens to your mailbox are deleted and revoked immediately when an account is deleted or a mailbox is disconnected.

If your account remains unused for a long time, we will send you an inactivity warning by email. If the account remains inactive after that, it will be deleted automatically.

We review retention periods regularly to make sure data is retained only as long as needed.

Right of access

You have the right to access the personal data we process about you and to be informed about it. You can review certain information directly from your user account or request a copy of your personal data by contacting us.

Right to withdraw consent

If processing is based on consent, you can withdraw your consent at any time free of charge. Withdrawing consent may reduce what you can do in the service. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to rectification

You have the right to have inaccurate or incomplete personal data we hold about you corrected or completed. Some information can be corrected directly from your user account.

Right to erasure

You can ask us to delete your personal data from our systems. We will comply with such a request unless we have a legal basis not to (for example, a retention obligation under accounting law).

Right to object to processing

You may have the right to object to certain uses of your personal data if it is being processed for purposes other than providing the service or complying with a statutory obligation. Objecting may reduce what you can do in the service.

Right to restrict processing

You can ask us to restrict the processing of personal data — for example while a deletion, rectification, or objection request is pending.

Right to data portability

You have the right to receive the personal data you have provided to us in a structured, commonly used format and to transfer that data independently to a third party.

How to exercise your rights

You can exercise the rights described above by contacting privacy@tosite.ai. We may request additional information to verify your identity. We may refuse or charge a fee for requests that are unreasonably repetitive, excessive, or manifestly unfounded.

You have the right to prohibit us from using your personal data for direct marketing purposes by contacting us at privacy@tosite.ai or by using the unsubscribe option provided in direct marketing messages.

If you consider that our processing of personal data conflicts with the applicable data protection laws, you can lodge a complaint with the local data protection authority — in Finland, the Data Protection Ombudsman (tietosuoja.fi).

We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures include encryption, pseudonymization, firewalls, and access-control systems. Mailbox access tokens are stored encrypted in the database.

Our security controls are designed to maintain the appropriate confidentiality, integrity, and availability of data. We regularly test our services, systems, and other assets for security vulnerabilities. Tosite.ai employees' access to personal data is restricted, and access requires what is necessary for the employee's job.