Lirea
Home

Privacy Policy

Last updated: May 18, 2026

1. Introduction

Lirea ("we," "us," or "our") provides an AI-powered contract scanning service that extracts data from PDF sales contracts and syncs it to QuickBooks Online. This Privacy Policy explains how we collect, use, store, and protect your information when you use our application at lirea.io (the "Service").

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and organization name. Authentication is managed through Clerk, a third-party identity provider. We do not store your password directly.

2.2 Contract Data

When you upload a PDF contract, we process it using AI (Anthropic Claude) to extract structured data including customer names, company names, billing addresses, payment terms, and line-item details. The original PDF and extracted data are stored in our database.

2.3 QuickBooks Data

When you connect your QuickBooks Online account, we receive OAuth 2.0 access and refresh tokens from Intuit. We use these tokens to create and update customer records and invoices in your QuickBooks account on your behalf. We store your QuickBooks Realm ID (company identifier) and token expiration timestamps.

2.4 Usage Data

We collect standard usage information such as pages visited, features used, and contract processing events to improve the Service.

2.5 Personal Information We Process

When you upload a contract, Lirea processes the following personal information in order to create records in your connected QuickBooks Online account:

  • Customer company name, display name, and any DBA / “trading as” name
  • Primary contact person's name, honorific, job title, email, and phone
  • Customer website
  • Billing address and shipping address (street lines, city, state or province, postal code, country)
  • Invoice line items (product or service names, descriptions, quantities, unit prices, service dates, SKUs)
  • Payment terms, payment method (check, cash, card type, bank transfer, etc.), currency, and class / department / cost center
  • Free-form memos or notes written in the contract

Lirea does notprocess: government identifiers (SSN, driver's license, passport, tax ID), payment card numbers, bank account numbers, sensitive personal information about race, religion, health, or sexual orientation, or any other category of information not listed above. If a contract contains such fields, they are not extracted.

3. How We Use Your Information

We use your information to:

  • Process and extract data from your uploaded contracts
  • Create and update customer records and invoices in your QuickBooks account
  • Authenticate your identity and manage your account
  • Send transactional notifications about contract processing status
  • Provide customer support
  • Improve the accuracy and performance of our AI extraction

4. Data Storage and Security

4.1 Infrastructure

Your data is stored in Supabase (PostgreSQL), which provides encryption at rest using AES-256 and encryption in transit via TLS 1.2+. Our application is hosted on Vercel with HTTPS enforced on all endpoints.

4.2 Token Security

QuickBooks OAuth tokens are encrypted at the application level using AES-256-GCM before being stored in the database. Encryption keys are managed via environment variables and are never exposed in client-side code.

4.3 Tenant Isolation

All data is scoped to your organization. We use Row-Level Security (RLS) policies in our database to ensure that users can only access data belonging to their own organization.

5. Data Retention

Contract files and extracted records are retained for the active lifetime of your Lirea account. You can delete an individual contract at any time using the Delete Contract button on the review page — this removes the file from storage and the extracted fields from our database immediately.

To request full deletion of your Lirea account and all associated data, email support@lirea.io. Deleted data is purged from active databases immediately and from automated backups within 30 days.

Expired QuickBooks OAuth tokens are automatically purged within 30 days of expiration. Records that Lirea created in your QuickBooks Online account (customers and invoices) are managed by you inside QuickBooks Online — deleting your Lirea account does not remove those records from QuickBooks. To delete records from QuickBooks Online, use the QuickBooks Online interface directly.

6. Third-Party Services

We share data with the following third-party services solely to operate the Service:

  • Intuit (QuickBooks Online) — to create customers and invoices in your accounting system
  • Anthropic (Claude AI) — to extract structured data from contract PDFs
  • Clerk — to manage user authentication and sessions
  • Supabase — to store application data
  • Vercel — to host and serve the application
  • ZeptoMail — to send transactional email notifications

We do not sell, rent, or share your personal information with advertisers or unrelated third parties.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect your QuickBooks account at any time through the Settings page
  • Export your contract data

To exercise any of these rights, contact us at support@lirea.io.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services (Clerk, Supabase) may set their own cookies necessary for their functionality.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, contact us at: support@lirea.io