Privacy Policy

Steward is a bookkeeping service operated by Rebel Viking LLC. We access only the systems you connect (QuickBooks, bank feeds, sales platforms), use that access to do your books, and we do not sell your data. We do not use your data to train third-party AI models. You can disconnect a system or cancel any time, and we'll return your books and delete our copies within 30 days.

From you directly:

• Account information: name, email, business name, business address, entity type, tax jurisdictions, fiscal-year end, industry.
• Anything you upload (receipts, statements, documents you forward to your receipts inbox).
• Support messages, call notes, and other correspondence.

From systems you connect, with your permission:

• QuickBooks Online: chart of accounts, transactions, invoices, bills, vendors, customers, attachments. We post journal entries, attach receipts, and read reports on your behalf.
• Bank feeds (via Plaid or similar): transaction history, account names, balances. We never see your bank login credentials.
• Sales platforms (such as Stripe, Square, and Shopify): sales orders, invoices, customer records, payouts.
• Payroll providers: payroll-run summaries (wages, taxes, net pay) for journal-entry preparation.

Technical telemetry:

• Standard server logs, error reports, and audit logs of actions taken inside Steward (who logged in, what was approved, what an AI agent did).

• To perform the bookkeeping tasks you signed up for: categorize transactions, match receipts, reconcile accounts, prepare reports, draft payment reminders.
• To communicate with you about your books and our service.
• To improve Steward itself — internally, on aggregated and de-identified usage data.
• To comply with legal obligations, including responding to lawful requests.

We will never use the contents of your books to train third-party AI models. AI tools we use to perform bookkeeping operate under data-processing terms that prohibit training on your data.

We share data only with vendors we use to operate the service. Each is bound to confidentiality and the same data-handling commitments described here:

• Anthropic — AI categorization, mapping, and reasoning. Operates under enterprise data-processing terms; not used for training.
• Supabase — primary database hosting (Postgres, in-region).
• Vercel — application hosting.
• Plaid — bank feed connectivity.
• Intuit — when you connect QuickBooks Online.
• Resend — transactional email delivery.
• Inngest — background-job orchestration.
• Cloudflare — object storage and DDoS protection.

We are happy to enter into a customer-specific Data Processing Agreement on request. Email hello@stewardsimple.com.

We protect your data with reasonable administrative, technical, and physical safeguards: TLS in transit, AES-256 at rest, per-tenant row-level isolation in our database, encrypted credential storage, mandatory MFA on internal administrative access, and an immutable audit log of every action — human or automated — taken inside your workspace.

No system is perfectly secure. We will notify affected customers promptly if we become aware of a security incident that materially impacts their data.

• Disconnect any system at any time in your Steward integrations page.
• Cancel your account any time. On cancellation, we return your books in a standard exportable format and delete our copies within 30 days, except where retention is required by law.
• Request access, correction, or deletion of personal data we hold about you. Email us and we'll respond within 30 days.
• Opt out of non-essential email via the unsubscribe link in any marketing message. Transactional service emails (close packets, billing notices, security alerts) we'll continue to send while your account is active.

We keep your data for as long as your account is active. After cancellation, we keep your books in escrow for 30 days to allow for a clean handover, then delete them. We retain audit logs and billing records for up to 7 years as required by accounting and tax regulations.

Steward is a business product not intended for use by individuals under 18. We do not knowingly collect personal information from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice at least 14 days before they take effect.

Questions? Email hello@stewardsimple.com. Mailing address: Rebel Viking LLC, Seattle, WA.