Privacy policy · Pileform

1. Who we are

Pileform is operated by Encelyte Ltd, a Cyprus-registered company. Encelyte Ltd is the data controller for the personal data described in this policy. Contact: contact@pileform.com.

2. What we collect

2.1 Account data

Your email address and (if you create one) password hash
Your firm name, if you give it to us
Sign-in timestamps and IP address (kept for 90 days for abuse detection)

2.2 Receipt data you upload

The PDF or image files you submit
Extracted fields (date, supplier, line items, VAT rate, totals)
The Excel workbooks we generate from those receipts
Per-row confidence flags and any corrections you make

Receipts may incidentally contain personal data of third parties (a customer name on an invoice, a driver name on a taxi receipt). We treat that data as a processor on behalf of you (the accountant). Your client (the business whose receipts these are) is the controller; you are their processor; we are their sub-processor.

2.3 Billing data

Plan tier, credits remaining, transaction timestamps
The last 4 digits of your card and billing country (held by our payment processor, not us)

2.4 What we do NOT collect

No advertising trackers, no Facebook Pixel, no Google Analytics
No cross-site tracking cookies (just a session cookie, set on login)
No browsing history outside of Pileform’s own pages
The marketing site uses a privacy-respecting, cookie-less web analytics tool that counts visits in aggregate without identifying individuals. The workspace (app.pileform.com) has no analytics at all.

3. Where it lives

Servers in Frankfurt, Germany (EU). Receipts are encrypted at rest and in transit. Workbook output is stored in object storage in the same region.

4. How long we keep it

Receipts and workbooks: retention follows the policy you configure in Settings → Data & exports (default 10 years; range 6–30 years with country presets: Cyprus / UK / Ireland / Malta / Spain / Greece default to 6 years, Netherlands to 7, Germany / France / Italy / Lebanon to 10, sized to satisfy the strictest applicable tax-record statute in your jurisdiction). You can request earlier deletion of any individual job at any time. We’ll honour it within 30 days unless we’re legally required to retain (e.g. an active tax audit notice). Source PDFs (the original uploads) auto-delete 30 days after processing regardless of this setting.

Account data: retained while your account is active, plus 30 days after closure for billing reconciliation.

Sign-in logs: 90 days, then deleted.

5. Sub-processors

We rely on a vetted set of infrastructure and processing providers, each under a signed Data Processing Agreement with us. Primary processing happens in the EU (Frankfurt). Our sub-processors fall into these categories: EU-region edge, storage and database infrastructure; a dedicated server for receipt processing; an AI processing provider for receipt field extraction; and transactional email and error-monitoring providers (customer payloads are scrubbed before transmission to the latter). The current, named list (with each provider’s role, location, transfer mechanism and retention specifics) is maintained in our public Data Processing Agreement, and we notify customers before it changes.

On AI inference specifically: our AI processing sub-processor is contractually prohibited from training its models on your content. Inference data is retained for at most 30 days for abuse-detection purposes, then deleted. Details in the DPA.

6. Your rights under GDPR

You have the right to:

Access: request a copy of the data we hold about you
Rectification: correct anything inaccurate
Erasure (Article 17): delete your account and uploaded data
Portability: export your workbooks (we already make this easy; click Download in the archive)
Restriction: pause processing in specific cases
Objection: object to processing on legitimate-interest grounds
Withdraw consent: where we relied on consent (rare; we mostly rely on the contract you signed up under)

Email contact@pileform.com with the subject line “GDPR request.” We respond within 30 days. No fee, no hoops.

7. Cookies

We set two cookies: pileform_session (keeps you logged in; HTTP-only, Secure, SameSite=Lax, session-scoped) and pileform-theme (remembers your light/dark preference, set only when you click the theme toggle, 1-year lifetime). Both are exempt from consent requirements under EU ePrivacy/GDPR rules (one is strictly necessary, the other is a preference set in response to user action). No analytics cookies, no advertising cookies, no third-party cookies.

Full breakdown (what each cookie does, how long it lives, why it’s exempt) on the cookies page.

8. Security

TLS 1.3 in transit, AES-256 at rest
Passwords hashed with Argon2id (or bcrypt as a fallback)
Per-account isolation at the database row level, so you cannot see another firm’s data
Backups encrypted; retention matches the configured primary retention policy
Sign-in attempts rate-limited; suspicious sessions auto-revoked

If we detect a breach affecting your data, we’ll notify you within 72 hours per GDPR Article 33, with what happened, what data was affected, and what we’re doing about it.

9. International transfers

Primary processing is in the EU. Where a sub-processor processes data outside the EU, transfers happen under Standard Contractual Clauses (SCCs). Available on request.

10. Children

Pileform is a B2B accounting tool. We don’t knowingly collect data from children under 16. If you believe we have, email us and we’ll delete.

11. Complaints

If we don’t resolve a privacy concern, you can complain to your national data protection authority. In Cyprus that’s the Office of the Commissioner for Personal Data Protection. You can also complain to any EU DPA where you live or work.

12. Changes

If we make a material change to this policy, we’ll email account holders before it takes effect. Minor edits (typos, clarifications) are pushed quietly with a new “Last updated” date.

Questions? Email contact@pileform.com.

Privacy policy.