/summarlyBack

Privacy Policy

Last updated: 13 June 2026

This policy explains what personal data Summarly processes, why, and the rights you have over it. It is written to meet our obligations under the EU General Data Protection Regulation (GDPR) and the Cyprus data protection law.

Who we are

Summarly is operated by A.E.A. Tech Data Product Limited (“Summarly”, “we”, “us”), a company registered in Cyprus [CONFIRM: registration number and registered office address]. We are the data controller for the personal data described here. For any privacy question or to exercise your rights, contact founders@summarly.com.

What we collect

  • Account data — your email address, and your name and avatar if your sign-in provides them.
  • Workspace & financial data — the company details, bank accounts, transactions, categories, VAT data, and the receipt and payslip files you upload. This is the core of the service and may include personal data about you and third parties named in your records.
  • Assistant conversations — the messages you send to the in-app AI assistant and its responses, stored so your history persists.
  • Technical data — basic logs needed to operate and secure the service (e.g. timestamps and error logs). We do not use third-party advertising or analytics trackers.

How we use it & our legal basis

  • To provide the service — importing statements, categorizing transactions, matching receipts, producing reports and exports. Legal basis: performance of our contract with you.
  • To secure and maintain the service — authentication, backups, fraud and abuse prevention. Legal basis: our legitimate interests in running a safe service.
  • To communicate with you — service emails such as sign-in links and important notices. Legal basis: performance of our contract and our legitimate interests.

We do not sell your data, and we do not use your financial data or assistant conversations to train AI models.

Sub-processors

We rely on a small number of vetted service providers to run Summarly. Each processes data only on our instructions and under a data processing agreement.

ProviderPurposeLocation
SupabaseDatabase, file storage, authentication[CONFIRM: EU / US region]
Anthropic (Claude)AI categorization, receipt extraction, and the assistant. Inputs are not used to train models.United States
VercelApplication hosting[CONFIRM: deployment region]
[CONFIRM: email provider]Sign-in and notification emails[CONFIRM]

Where a provider is outside the EEA, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

How your data is protected

  • Each workspace’s data is isolated at the database level, so one customer can never access another’s records.
  • Data is encrypted in transit (TLS) and at rest. Receipt and payslip files are kept in a private store, reachable only through short-lived signed links.
  • Access by Summarly staff is restricted to what is needed to operate and support the service.

How long we keep it

We keep your data for as long as your account is active. When you delete your workspace, its records and uploaded files are permanently removed, except where we must retain limited information to meet a legal obligation.

Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • export your data — you can download a full copy at any time from Settings → Privacy & data;
  • delete your data — you can erase your workspace and account from Settings → Privacy & data;
  • correct inaccurate data, or restrict or object to processing;
  • lodge a complaint with the Cyprus Office of the Commissioner for Personal Data Protection.

Changes

We may update this policy from time to time. Material changes will be communicated through the app or by email before they take effect.

Questions? Email founders@summarly.com.