Books

Privacy Policy

Effective date: March 30, 2026

1. Who We Are

3442 Labs Inc. (“3442 Labs”, “we”, “us”, or “our”) operates the 3442 Labs General Ledger (“Service”) at books.3442labs.com. This Privacy Policy explains how we collect, use, protect, and share information when you use the Service.

This Service is a financial accounting platform for authorized business users. It is not directed at consumers or the general public.

2. Information We Collect

Account Information

When you are provisioned an account, we collect your name, email address, and organization affiliation. Passwords are stored as salted hashes; we never store plaintext credentials.

Organization and Financial Data

You and your organization input financial records into the Service, including: journal entries, chart of accounts, contact records (customers and vendors), invoices, bills, and payment records. This data is owned by your organization.

Bank Account Data via Plaid

When you connect a bank account using Plaid, we receive from Plaid: account name, account type, current balance, and transaction history. This data is used solely for bank feed reconciliation within your account. We do not receive your bank login credentials; those are handled exclusively by Plaid.

Plaid's collection and use of your data is governed by the Plaid End User Privacy Policy. We encourage you to review it before connecting a bank account.

Automatically Collected Data

We collect session data (authentication tokens, session identifiers) and usage data (page visits, feature interactions, error logs) to operate and improve the Service. We do not use third-party analytics trackers or advertising pixels.

3. How We Use Your Information

We use the information we collect to:

  • Operate and deliver the Service, including storing and processing your financial records
  • Process transactions and reconcile bank data imported via Plaid
  • Send transactional emails (e.g., account access notifications, export confirmations)
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with applicable legal and regulatory obligations
  • Respond to your support requests

We do not use your financial data or personal information for advertising, marketing profiling, or sale to third parties.

4. How We Protect Your Information

We implement industry-standard security measures to protect your data:

  • In transit: TLS 1.3 for all data transmission
  • At rest: AES-256 encryption for stored data
  • Isolation:Database-per-tenant architecture — each organization's data is isolated in its own database
  • Integrity: Append-only ledger design — financial records cannot be modified or deleted, only reversed via audit-trailed entries
  • Authentication: PASETO v4 session tokens and TOTP multi-factor authentication
  • Authorization: Role-based access control (RBAC) at the organization level
  • Audit trail: Every mutation is logged with actor, timestamp, entity, and before/after state

5. How We Share Your Information

We do not sell your personal information or share it for marketing purposes. We share information only in the following circumstances:

  • Infrastructure providers: We use hosting and infrastructure providers (Fly.io, Vercel, Neon) who process data on our behalf under data processing agreements. These providers do not have independent access to your financial records.
  • Plaid: When you connect a bank account, Plaid acts as an independent data controller for your bank authentication. See Section 2 for details.
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or if we believe disclosure is necessary to protect rights, property, or safety.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Data Retention

  • Account data: Retained for the duration of your account plus 90 days after termination, then securely deleted
  • Financial records: Retained for 7 years from the date of entry, as required by applicable accounting and tax laws
  • Plaid data: Retained only as needed for active bank reconciliation; disconnecting a bank account removes associated transaction data
  • Audit logs: Retained for 7 years to support regulatory compliance

7. Your Rights and Choices

You may, at any time:

  • Access your personal information and financial records through the Service
  • Correct inaccurate account information by contacting us
  • Delete your account by contacting us at privacy@3442labs.com (subject to legal retention requirements)
  • Disconnect bank accounts at any time from the Banking section
  • Export your financial data via the reporting features in the Service
  • Opt out of non-transactional communications by contacting us

To exercise any of these rights, contact us at privacy@3442labs.com.

8. Cookies and Session Storage

The Service uses a single session cookie (gl-session) for authentication. This cookie is HTTP-only, secure, and scoped to the domain. We do not use third-party cookies or tracking pixels.

We use localStorage solely to persist your theme preference (light/dark mode).

9. Children's Privacy

The Service is intended for use by adults in a professional capacity. We do not knowingly collect personal information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service at least 14 days before the changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

11. Contact

For questions, concerns, or requests regarding this Privacy Policy or your data:

3442 Labs Inc.
Attn: Privacy
2810 N Church St, Ste 27965
Wilmington, DE 19802
privacy@3442labs.com