Ekue
Contact Start free

Privacy Policy

How Ekue collects, uses, and protects your information.

Last updated: February 21, 2026

This Privacy Policy describes how Ekue ("we," "us," or "our") collects, uses, discloses, and protects personal information when you use our accounting software platform and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

Ekue provides cloud-based accounting software designed for small businesses. The Service is available at app.ekue.com and the marketing site at ekue.com.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only)
  • Business name and address
  • Phone number (optional)
  • Billing information (payment card details are processed by our payment processor and are not stored on our servers)

1.2 Financial Data

To provide accounting services, we collect and process the financial data you enter into the Service, including:

  • Invoices, expenses, and transaction records
  • Customer and vendor contact details
  • Bank account and routing numbers for payment processing
  • Tax identification numbers
  • Revenue, expense, and profit/loss data
  • Receipts and supporting documents you upload

1.3 Usage Data

We automatically collect information about how you interact with the Service:

  • Pages visited and features used
  • Actions taken within the application (e.g., creating invoices, running reports)
  • Time spent on pages and click patterns
  • Error logs and performance data
  • Referral source (how you arrived at our site)

1.4 Device and Technical Data

We collect technical information from the devices you use to access the Service:

  • IP address
  • Browser type and version
  • Operating system
  • Screen resolution and viewport size
  • Language preferences
  • Time zone setting

1.5 Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how the Service is used. See Section 5 for full details on our cookie practices.

2. How We Use Your Information

2.1 Service Delivery

We use your information to:

  • Create and maintain your account
  • Provide accounting, invoicing, expense tracking, and reporting features
  • Process payments and manage your subscription
  • Deliver customer support and respond to your inquiries
  • Send transactional emails (e.g., invoice confirmations, password resets, billing receipts)

2.2 Transaction Processing

Financial data you enter is used to:

  • Record and categorize transactions
  • Generate financial reports, profit and loss statements, and balance sheets
  • Calculate tax obligations and prepare tax-related documents
  • Facilitate payments between you and your customers or vendors

2.3 AI Assist Feature

If you use our AI Assist feature, your transaction data may be processed by our AI systems to:

  • Suggest transaction categories based on descriptions and historical patterns
  • Detect potential duplicate entries or anomalies
  • Provide insights and summaries of your financial data
  • Generate draft invoice descriptions or expense notes

AI Assist processes data within your account context only. We do not use your financial data to train general-purpose AI models. You can disable AI Assist at any time from your account settings.

2.4 Service Improvement

We use aggregated, de-identified usage data to:

  • Improve the functionality and performance of the Service
  • Identify and fix bugs and technical issues
  • Develop new features based on usage patterns
  • Conduct internal analytics and research

2.5 Legal Compliance

We may use your information as necessary to:

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from public authorities
  • Enforce our Terms of Service
  • Protect against fraud, abuse, or unauthorized access

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract performance: Processing your account information and financial data is necessary to provide the Service you have contracted for, including account management, invoicing, and reporting.
  • Legitimate interest: We process usage data and device data to improve the Service, maintain security, and prevent fraud. We balance these interests against your privacy rights and only process data where our interests do not override your fundamental rights.
  • Consent: Where required, we obtain your consent before processing personal data, such as for optional marketing communications or enabling the AI Assist feature. You may withdraw consent at any time.
  • Legal obligation: We process certain data to comply with applicable tax, accounting, and financial regulations, anti-money laundering laws, and other legal requirements.

4. Information Sharing and Disclosure

We do not sell your personal information. We do not rent, trade, or otherwise share your personal data for the commercial benefit of third parties.

We may share your information only in the following circumstances:

4.1 Service Providers

We work with trusted third-party service providers who help us operate and deliver the Service. These providers are contractually obligated to use your data only for the purposes we specify and to maintain appropriate security measures. Categories of service providers include:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Email delivery services
  • Analytics providers (using aggregated data)
  • Customer support tools

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal processes, including:

  • Court orders, subpoenas, or warrants
  • Requests from law enforcement or regulatory authorities
  • Legal proceedings to which we are a party

Where permitted by law, we will attempt to notify you before disclosing your information in response to legal requests.

4.3 Business Transfers

If Ekue is involved in a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share information with third parties when you explicitly direct us to do so, such as when you authorize an integration with another service.

5. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential cookies: Required for the Service to function properly, including session management, authentication, and security. These cannot be disabled.
  • Preference cookies: Store your settings and preferences (e.g., language, display options) to improve your experience.
  • Analytics cookies: Help us understand how visitors interact with the Service so we can measure and improve performance. Analytics data is aggregated and does not identify individual users.

We do not use advertising or third-party tracking cookies. The marketing site (ekue.com) does not use JavaScript and sets no cookies.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features of the Service.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for the duration of your account. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.
  • Financial records: Retained for seven (7) years after account closure to comply with tax and financial reporting obligations, or as otherwise required by applicable law.
  • Usage and analytics data: Retained in aggregated, de-identified form for up to 24 months for service improvement purposes.
  • Support communications: Retained for up to three (3) years after resolution for quality assurance and to address potential follow-up inquiries.
  • Server logs: Automatically deleted after 90 days.

When data is no longer required, we securely delete or anonymize it so that it can no longer be associated with you.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256
  • Regular security assessments and penetration testing
  • Role-based access controls limiting employee access to personal data
  • Multi-factor authentication for internal systems
  • Automated monitoring and alerting for suspicious activity
  • Regular backups with encrypted storage
  • Incident response procedures and breach notification processes

While we work hard to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

For more information about our security practices, please visit our Security page.

8. Your Rights

8.1 Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format (see Section 9).
  • Right to restrict processing: Request that we limit how we process your data in certain circumstances.
  • Right to object: Object to the processing of your personal data based on legitimate interests, including objecting to automated decision-making and profiling.
  • Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@ekue.com. We will respond within 30 days, as required by law. You also have the right to lodge a complaint with your local data protection supervisory authority.

8.2 Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: Request deletion of the personal information we have collected from you, subject to certain exceptions.
  • Right to opt-out: Opt out of the sale of personal information. Note that Ekue does not sell personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact us at privacy@ekue.com. We will verify your identity before processing your request and respond within 45 days.

9. Data Export and Portability

You can export your data at any time directly from the Ekue application. We support CSV export for all major data types, including:

  • Transactions and journal entries
  • Invoices and receipts
  • Customer and vendor lists
  • Chart of accounts
  • Financial reports (profit and loss, balance sheet)

To export your data, navigate to Settings in the Ekue application. No request to our support team is required. Exports are generated in standard CSV format for easy import into other accounting tools or spreadsheet applications.

10. International Data Transfers

Ekue operates primarily in the United States. If you are accessing the Service from outside the United States, your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The UK International Data Transfer Addendum, where applicable
  • Additional safeguards, including encryption and access controls, to ensure an adequate level of data protection

By using the Service, you acknowledge that your data will be processed in the United States in accordance with this Privacy Policy.

11. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided personal information to Ekue, please contact us at privacy@ekue.com so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify you via email or an in-app notification at least 30 days before the changes take effect
  • Post the revised policy on this page

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within five (5) business days.