← Back to HayberBooks

HayberBooks Privacy Policy

Last updated: April 30, 2026

This is the privacy policy for HayberBooks, a financial visibility tool operated by HayberTech & Trade LLC ("HayberTech," "we," "us"). HayberBooks is available at books.haybertech.com.

We've tried to write this in plain English. If anything is unclear, email us at books@haybertech.com and we'll explain.

What we collect

When you use HayberBooks, we collect three categories of information:

1. Account information. Your name, email address, business name, and password (which we never store in plain text — it's hashed by Supabase Auth).

2. Bank transaction data. When you connect a bank account through Plaid, we receive your transactions: dates, amounts, merchant names, and descriptions. We do not receive your bank login credentials, account numbers, routing numbers, or balance information beyond what's needed to display your dashboard. We also receive a Plaid access token, which lets us fetch new transactions on a schedule.

3. Usage data. Standard web analytics — pages visited, features used, time of day. We use this to find bugs and improve the product. We do not sell or share this with advertisers.

What we do with it

We use your data to do exactly what HayberBooks is for:

  • Categorize your transactions
  • Generate your dashboard, weekly summaries, and anomaly callouts
  • Detect recurring charges and subscriptions
  • Answer questions you ask through "Ask your books"
  • Send you weekly summary emails (you can turn these off)

We do not use your transaction data to train AI models. When we send transaction data to Anthropic's Claude API for categorization or your "Ask your books" questions, Anthropic's API has zero data retention by default — they don't store, log, or train on your data.

Who we share it with

The only third parties who touch your data are the services we need to run HayberBooks:

  • Plaid — bank credentials (entered directly to them, not us) and transaction data
  • Supabase — our database, holds your account info and transactions
  • Vercel — our hosting, sees encrypted requests passing through
  • Anthropic — receives transaction data per-question with zero retention, for AI categorization and Q&A
  • Stripe — payment processor, sees your name, email, billing info
  • Resend — email delivery, sees your email and weekly summary content

We do not sell your data. We do not share it with advertisers, brokers, or any third party not listed above.

We may disclose information if compelled by valid legal process (subpoena, court order). If that happens and we're legally allowed to tell you, we will.

How we protect it

  • Bank access tokens are encrypted at rest with AES-256-GCM. The encryption key is stored separately from the database.
  • All connections use HTTPS/TLS. No data moves between you and us in plaintext.
  • Passwords are hashed by Supabase Auth. We never see them.
  • Access to production data is limited to one person (Kareem Hayber) and audited.
  • We log every sensitive action (bank connections, manual edits, subscription changes) so we can reconstruct what happened if needed.

We are not SOC 2 certified yet. We're a small, transparent operation, and we'd rather tell you exactly what we do than wave a logo.

Your rights

  • See your data. Email us and we'll send you a complete export.
  • Delete your account. Email books@haybertech.com. We'll disconnect Plaid within 24 hours, delete your encrypted token immediately, and delete your transaction history within 30 days. Payment records retained as required by law.
  • Disconnect your bank any time from your dashboard.
  • Turn off weekly summary emails in your account settings.
  • Object to AI processing by emailing us. We can categorize manually instead, though this limits what HayberBooks can do.

If you live in California (CCPA), the EU (GDPR), or another jurisdiction with privacy rights, those rights apply to you in addition to the above.

Data retention

  • Active accounts: we keep your data as long as your account is active.
  • Cancelled accounts: transaction data deleted within 30 days. Account and payment records kept for tax/legal compliance (typically 7 years).
  • Inactive accounts (no login for 12 months): we email you. If no response in 30 days, we suspend the account. Data deleted after another 12 months unless you log back in.

Cookies and tracking

We use a minimum of cookies — just what's needed to keep you logged in and remember your preferences. We do not use third-party advertising trackers. We do not have a Facebook pixel.

Children

HayberBooks is for business owners. We don't knowingly collect data from anyone under 18. If we learn we have, we delete it.

Changes to this policy

If we change this policy materially, we will email you 30 days before the change takes effect. Minor edits (typos, clarifications) we may make without notice but will note the "last updated" date above.

Contact

Kareem Hayber, founder
HayberTech & Trade LLC
books@haybertech.com