This Privacy Policy explains how Trailing Paper (“Trailing Paper”, “we”, “us”, or “our”) collects, uses, discloses, stores, and protects information when you use our website, application, and related services (collectively, the “Service”). By using the Service, you agree to the practices described in this Privacy Policy.

Effective Date: February 11, 2026

1. Information We Collect

We may collect the following categories of information:

• Account Information: name, email address, login identifiers, authentication data, and account settings
• Financial Data (if you connect accounts): account type, account identifiers (as provided by the institution), account balances, and transaction data we receive from financial institutions via Plaid, based on the permissions you grant
• User-Provided Data: invoices, vendor/customer records, categories, notes, attachments, and other content you enter into the Service
• Usage Data: device/browser information, IP address, access times, log data, and feature usage
• Cookies/Session Data: session cookies and similar technologies used to keep you signed in and remember preferences (see Section 7)

2. Sign in with Google

Trailing Paper may allow you to authenticate using Google Sign-In. When you choose this option, Google may share certain information with us, such as your name, email address, and a unique Google account identifier, based on the permissions you approve.

We use this information only to authenticate your account, create or access your Trailing Paper profile, and provide the Service. We do not access your Google password and we do not use Google Sign-In data for advertising.

You may revoke Google Sign-In access at any time through your Google Account settings.

2A. Bank Connectivity (Plaid)

Trailing Paper uses Plaid Inc. (“Plaid”) to allow you to connect financial accounts to the Service. If you choose to connect an account, Plaid may provide us with information such as account identifiers, account balances, and transaction history, depending on the permissions you grant.

We use this information solely to provide accounting features such as reconciliation, categorization, reporting, and cash flow views. We do not use this information for advertising and we do not sell it.

You control whether to connect accounts and what data you authorize. You can disconnect linked accounts at any time, which stops new data from being imported.

3. How We Use Information

We use collected information to:

• Provide, operate, and maintain the Service
• Authenticate users, secure accounts, and prevent fraud/abuse
• Import and process financial data you authorize (e.g., balances and transactions) to support reconciliation, categorization, cash reporting, and related accounting workflows
• Process invoices, records, and administrative workflows you initiate
• Improve functionality, performance, reliability, and user experience
• Respond to support requests and send service-related notifications (e.g., security or system notices)

4. Data Ownership

You retain ownership of the data you submit to Trailing Paper. We process and store your data only to deliver the Service and do not claim ownership of your content.

5. Information Sharing

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

We may share information only in the following circumstances:

• With service providers: with trusted vendors who help operate the Service (e.g., hosting, logging, analytics, customer support), subject to appropriate confidentiality and security obligations
• With your direction or consent: for example, when you choose to connect financial accounts using Plaid, data is exchanged as needed to provide the requested connection and features
• For legal and safety reasons: when required by law or legal process, or to protect the rights, security, and integrity of Trailing Paper or users
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets (in which case we will take reasonable steps to protect your information)

6. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect information we process and store, including controls such as encryption in transit, access controls, and monitoring. No system can be guaranteed 100% secure, but we take reasonable steps to reduce risk and help prevent unauthorized access or misuse.

7. Cookies & Tracking

We may use cookies or similar technologies to maintain sessions, remember preferences, and understand how the Service is used. You can control or disable cookies through your browser settings; however, some features may not function properly without them.

8. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or update your personal information
• Request deletion of your account and associated data (subject to retention requirements)
• Withdraw consent where processing is based on consent

California Privacy Rights (CCPA/CPRA): California residents may request access, correction, or deletion of personal information, and may opt out of any “sale” or “sharing” of personal information. Trailing Paper does not sell personal information. To submit a request, contact us using the information in Section 11.

9. Data Retention

We retain information only as needed to operate the Service and for legitimate business purposes such as bookkeeping, reporting, and audit support. As general guidelines:

• Connected account access credentials: retained only while the connection is active and removed promptly upon disconnect
• Accounting records and transaction history: may be retained for up to seven (7) years to support standard tax/bookkeeping practices
• Security and operational logs: typically retained for 30–180 days
• Backups: retained on a rolling basis, typically 30–90 days

9A. Data Deletion and Account Disconnect

You may disconnect a linked financial account at any time. When you disconnect, we revoke and/or delete the associated access credentials (such as access tokens) and stop collecting new data from that institution. Certain accounting records you created in the Service (e.g., reconciled entries and reports) may remain to preserve the integrity of your books unless you request deletion and deletion is feasible, subject to legal record keeping requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice. Continued use of the Service after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or requests regarding privacy, contact: support@trailingpaper.com (or security@trailingpaper.com).