OHWOWOHWOW
Legal/Privacy Policy

Privacy Policy

The Accountant by ohwow

Effective date: May 5, 2026

1. Introduction

ohwow (“ohwow,” “we,” “us,” or “our”) operates The Accountant, an automated bookkeeping software service available at ohwow.fun (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use the Service.

We take the privacy of financial data seriously. The Accountant processes sensitive business financial records, and we have designed our data practices to collect only what is necessary to provide the Service, to protect what we collect, and to give you meaningful control over your information.

This Policy addresses requirements under the Gramm-Leach-Bliley Act (GLBA) Financial Privacy Rule as applicable to non-financial institutions handling financial data, the California Consumer Privacy Act (CCPA), and general US privacy law. By using the Service, you agree to this Privacy Policy.

2. Information We Collect

Account information

When you create an account, we collect your name, email address, business name, and billing information (credit card number and billing address are collected by our payment processor; we store only a tokenized reference and the last four digits of your card).

Financial transaction data

The core of the Service is processing transaction data you upload. This includes CSV exports from bank accounts and credit cards containing: transaction dates, transaction amounts, merchant names and descriptions, account identifiers, and any notes or memos in your export files. This data is processed solely to provide categorization, report generation, and bookkeeping summaries.

Usage data

We collect information about how you interact with the Service, including features used, report types generated, upload frequency, and session duration. This is used to operate and improve the Service.

Device and technical data

We automatically collect IP address, browser type and version, operating system, referring URLs, and device identifiers for security monitoring, fraud prevention, and service delivery purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide the bookkeeping service — including processing your transaction data to generate categorizations, profit and loss summaries, expense reports, and other financial summaries for your internal use.
  • To manage your account and subscription — including processing payments, sending invoices, and communicating about your account status, subscription renewal, and service updates.
  • To communicate with you — including responding to support requests, sending service-related notifications, and (with your consent) sending product news and updates.
  • To improve the Service — we analyze aggregated, anonymized usage patterns to understand how the Service is used and to improve categorization accuracy and feature quality. We do not use your individual financial transaction data to train AI models without your explicit, informed consent.
  • For security and fraud prevention — to detect, investigate, and prevent fraudulent transactions, abuse, or other illegal activity, and to protect the rights and property of ohwow and its users.
  • To comply with legal obligations — to respond to lawful requests from governmental authorities and to comply with applicable law.

We do not sell your personal information to third parties. Your financial transaction data is never used for advertising, sold to data brokers, or shared with any party other than as described in Section 5 of this Policy.

4. How We Protect Your Information

Encryption in transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all Service endpoints.

Encryption at rest

Your financial data is encrypted at rest in our database. Payment credentials are never stored on our servers; billing data is managed by our PCI-compliant payment processor.

Access controls

Access to your data within our systems is restricted to personnel who need it to provide or support the Service. We enforce role-based access controls and maintain audit logs of data access. Row-level security is enforced at the database layer so that your data is logically isolated from other customers’ data.

Security reviews

We conduct regular security reviews of our infrastructure, code, and access controls. We operate a responsible disclosure policy for security researchers.

No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your information.

5. Data Sharing

We share your information only in the following limited circumstances:

Cloud infrastructure providers

We use cloud hosting and database infrastructure providers to operate the Service. These providers access your data only to host and operate the Service on our behalf, under data processing agreements that restrict their use of your data. Current infrastructure providers include Supabase (database and authentication, US-hosted).

Payment processors

Billing information is processed by our payment processor(s) (currently Dodo Payments) solely for subscription management and payment processing. Your financial transaction data (bank records, expense data) is never shared with payment processors.

AI processing

Transaction data is processed by AI models to generate categorizations and reports. Where AI processing occurs via third-party API providers, such providers process your data only on our instructions under data processing agreements that prohibit use of your data for model training or any purpose other than providing the API service.

Legal requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of ohwow, our users, or the public.

Business transfers

If ohwow is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you by email and/or prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

We do not sell your personal information to advertisers, data brokers, or any other third parties.

6. Data Retention

Active subscriptionYour financial transaction data, reports, and account information are retained for the duration of your active subscription.
After cancellationFollowing cancellation of your subscription, we retain your data for 90 days to allow you to export it or reactivate your account. After 90 days, your financial transaction data and generated reports are permanently deleted. You may request earlier deletion by contacting privacy@ohwow.fun.
Account deletionIf you request deletion of your account, we will permanently delete your financial data and personal information within 30 days, except as required to retain for legal compliance (such as billing records required by financial regulations).
Billing recordsPayment records and invoices may be retained for up to 7 years as required by applicable tax and financial laws.

7. Your Rights

You have the following rights with respect to your personal information:

  • Access — Request a copy of the personal information we hold about you, including your account data and any financial transaction data stored in your account.
  • Correction — Request correction of inaccurate or incomplete personal information in your account.
  • Deletion — Request deletion of your personal information and financial data. See Section 6 for retention timelines.
  • Data portability — Export your transaction data and generated reports in CSV or JSON format from your account settings at any time.
  • Opt-out of AI training — If ohwow ever uses individual transaction data for AI model training (which we do not currently do), you have the right to opt out. We will seek explicit consent before any such use and provide a clear mechanism to withdraw it.
  • Restriction of processing — Request that we restrict processing of your personal information in certain circumstances.
  • Objection — Object to processing based on legitimate interest.

You can exercise most rights from your account settings. For requests that cannot be fulfilled from settings, contact privacy@ohwow.fun. We will respond within 30 days (or within the timeframe required by applicable law, if shorter).

8. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. This section describes those rights and how to exercise them.

Right to know

You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collecting it, and the categories of third parties with whom we have shared it.

Right to delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as information necessary to complete a transaction, detect security incidents, comply with legal obligations, or for other purposes permitted by law).

Right to opt out of sale

We do not sell your personal information.ohwow does not sell, rent, or share personal information with third parties for monetary or other valuable consideration in a manner that would constitute a “sale” under the CCPA. You do not need to take any action to opt out of a sale because we do not engage in such sales.

Right to non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide you a different quality of services, or suggest that you may receive a different price or quality of services as a result of exercising your rights.

How to exercise CCPA rights

Submit requests by emailing privacy@ohwow.fun with “CCPA Request” in the subject line, or through your account settings. We may need to verify your identity before processing your request. We will respond within 45 days, with a possible extension of an additional 45 days when reasonably necessary.

9. Children’s Privacy

The Service is not directed to individuals under 18 years of age, and we do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a minor, please contact us at privacy@ohwow.fun.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will provide at least 30 days’ prior written notice of any material changes by email to your registered address and by posting a notice on the Service. If we make material changes to how we treat your personal information, the notice will clearly describe what is changing. Your continued use of the Service after the effective date of any modification constitutes your acceptance of the updated Privacy Policy.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, or to exercise any of your rights described above, contact us at:

ohwow Privacy Team

Email: privacy@ohwow.fun

ohwow.fun

Effective date: May 5, 2026. Previous versions are available upon request.

Terms of ServiceAll Legal