Sello
Legal

Sello — Privacy Policy

Effective April 23, 2026 · Operated by Vector Echelon AI, LLC

This policy describes what data Sello collects, why we collect it, who we share it with, how long we keep it, and the rights you have. Questions, deletion requests, or export requests: [email protected].

Data we collect

  • Bank & card transactions. When you connect a financial institution through Plaid, we receive transaction metadata (date, amount, merchant name, raw description, category hints) and account metadata (institution name, last-four of account number, account type). We never receive your online banking username or password — Plaid holds those directly.
  • Receipt images. Images you upload, forward by email, or capture in-app are stored encrypted at rest (Cloudflare R2, AES-256) with SHA-256 hashes and EXIF metadata preserved for IRS audit-defense timestamps.
  • Email attachments. Receipts forwarded to your unique inbound address (receipts+{token}@inbox.vereceipts.com) are parsed via Postmark and stored as above.
  • Mileage & trip data. Manual entries you make in the mileage tracker.
  • Account metadata. Email address, display name, authenticated sessions, your home-state setting (for state tax computation), and billing state via Stripe.

What we do with it

  • Compute deductions, Schedule C previews, quarterly 1040-ES estimates, and state/local tax figures.
  • Classify transactions into business/personal + IRS Schedule C lines using Anthropic Claude models.
  • Surface AI classifications and agent reasoning inside your workspace only.
  • Maintain a tamper-evident hash-chained audit log so you can defend your records.
  • Send transactional email (receipts, quarterly reminders, account notices) via Postmark.
  • Process payment for your subscription via Stripe.

Data processors we use

We contract with the following processors to operate the service. Each handles a narrow slice of your data under their own privacy policies and data-protection agreements. We do not engage additional processors without updating this policy.

  • Plaid Inc. When you link a financial institution, Plaid authenticates with your bank on your behalf and shares transaction data, account metadata, and balance information with Sello. Plaid's privacy policy governs that relationship: plaid.com/legal. You can disconnect an institution at any time from Settings.
  • Anthropic PBC. Classification, OCR, and agent reasoning are powered by Claude models. Anthropic does not train on API inputs by default. Privacy: anthropic.com/legal/privacy.
  • Stripe Inc. Subscription billing and customer portal. We never see or store your card number; Stripe handles card data under PCI DSS. stripe.com/privacy
  • WorkOS Inc. Identity (passkeys, magic-link authentication) and session management.
  • Postmark (ActiveCampaign). Inbound email receipt forwarding and outbound transactional email.
  • Vercel Inc. Application hosting and serverless execution. SOC 2 Type II certified.
  • Neon Inc. Managed Postgres database hosting. SOC 2 Type II certified.
  • Cloudflare Inc. Receipt-image storage (R2), DNS, TLS termination, and bot mitigation. SOC 2 Type II certified.
  • Sentry (Functional Software). Error monitoring with automatic PII scrubbing of request bodies, auth headers, and known-sensitive fields before events leave our infrastructure.
  • Inngest Inc. Background job execution (bank sync, nightly deduction scans, scheduled reminders).

What we do not do

  • We do not sell your data. Full stop. No brokers, no ad networks, no "sharing" in the CCPA / CPRA sense.
  • We do not train AI models on your data. Neither we nor Anthropic train on your transaction, receipt, or chat content.
  • We do not allow cross-context behavioral advertising. No third-party advertising pixels, no retargeting, no ad-tech on the authenticated product.
  • We do not share data with advertisers or data brokers.

Security

  • TLS 1.2+ for all data in transit (client to Sello, Sello to processors).
  • AES-256 encryption at rest across all stores (Neon, R2, Sentry, Postmark).
  • Plaid access tokens encrypted with AES-256-GCM (Node crypto AEAD, 256-bit key, fresh per-token IV) before any database write.
  • Passkey-first authentication via WorkOS (magic-link fallback), with MFA on all administrative consoles.
  • Row-level security on every tenant-scoped database table (tenant isolation enforced at the database layer).
  • Append-only hash-chained audit log of all state-changing operations for tamper detection.
  • Automatic PII scrubbing in error reports — request bodies, cookies, and auth headers are redacted before events leave the application.

Retention

  • Financial records (receipts, transactions, trips): retained for at least seven years from the applicable tax year, matching IRS audit-defense requirements. The Audit Vault screen shows the retention-until date per record.
  • Email attachments awaiting OCR: purged from staging storage within 30 days of processing.
  • Session data: purged when the session expires.
  • Audit log: append-only and retained for the life of the account (never deleted) to preserve the hash chain.
  • Account deletion: when you delete your account, we delete operational data within 30 days except records we are legally required to retain (financial records under the above 7-year rule).

Your rights

You have the right to:

  • Access / export: download a full JSON + original-images export from Settings → Audit Vault at any time.
  • Correction: edit or correct any record in the product, or request correction via [email protected].
  • Deletion: delete your account and associated data from Settings, or request deletion via [email protected]. Subject to the 7-year IRS retention rule above.
  • Portability: your export is provided in open formats (JSON, CSV, PDF) suitable for import into another service.
  • Objection / restriction: you can disconnect a specific data source (e.g., a Plaid institution) without closing your account.
  • Non-discrimination: exercising any of these rights does not degrade the service you receive.

California, Virginia, Colorado, Connecticut, and Utah residents: you additionally have the rights granted under your state's consumer privacy law, including the right to opt out of "sharing" (which does not apply to us — we do not share for cross-context behavioral advertising) and the right to request information about categories of personal data collected and disclosed. Contact [email protected] to exercise any state-level right.

Children

Sello is a B2B tax tool intended for use by adults operating self-employment income. We do not knowingly collect data from anyone under 18. If we learn we've received such data, we delete it.

Changes to this policy

Material changes are announced via email to registered users at least 14 days before they take effect. Minor changes (typos, formatting, new processor additions that don't expand data usage) may be made without advance notice but are always reflected in the effective date above.

Contact

Privacy questions, deletion, or export: [email protected]
Security issues or disclosure reports: [email protected]
Mailing: Vector Echelon AI, LLC · Texas, USA