Privacy Policy
Effective date: October 27th, 2025
Sanso Solutions LTD ("us", "we", or "our") operates the website https://www.sanso.ai and related applications (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, and protect your data when you use our Service, and what rights you have regarding that data.
1. Scope and Definitions
This Policy applies to all data collected through the Service, including optional integrations (“Connectors”) that you may enable.
Definitions:
- Customer Data: Any data, files, or documents you upload, connect, or provide through the Service.
- Financial Documents: Invoices, receipts, bills, and credit notes imported into the Service for classification and reconciliation.
- Connectors: Optional integrations with third-party systems such as Gmail (Google Workspace), Pennylane, QuickBooks, or others.
Disclosure: Sanso’s use and transfer of information received from Google Accounts will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. Services and Connectors
The Service is modular and may include one or more Connectors you choose to enable:
- Email ingestion (Gmail via Google OAuth 2.0) – detect and import Financial Documents from messages with attachments;
- Accounting integrations (e.g., Pennylane, QuickBooks) – read and post accounting data necessary for classification and reconciliation;
- File uploads – manually upload Financial Documents;
- Bank or payment feeds – import transactions for reconciliation.
- Vendor portals - securely log in to supplier websites to download invoices, when authorized by the Customer.
We only access and process data from Connectors that you explicitly enable. If a Connector is disabled, we do not access or store its data.
3. Information We Collect
a. Personal Data
We may collect personally identifiable information that you voluntarily provide:
- Name, email address, phone number
- Business name and contact details
- Accounting and financial information
- Login or OAuth credentials
b. Financial and Email Data
When you enable the “Connect to Email” feature, Sanso may temporarily store email messages and their attachments.
These messages and attachments are processed solely for:
- detecting and extracting Financial Documents,
- classifying and reconciling relevant accounting data,
- and displaying the results to you in the Service.
Full email messages are never used for advertising, analytics, or AI model training.
Sanso applies automatic filters to restrict the scope of retrieval to relevant emails only. Messages and attachments identified as irrelevant (“false positives”) are promptly deleted, and we continuously refine our detection algorithms to prevent similar retrievals in the future.
All stored messages and attachments are encrypted at rest and in transit and hosted on secure servers located in the European Union.
c. Access Credentials for Supplier Websites
To automatically retrieve invoices or Financial Documents from certain supplier or marketplace websites, you may choose to provide Sanso with access credentials (login and password) for those specific accounts.
When you choose to do so:
- Credentials are used exclusively for the purpose of accessing the relevant website and retrieving Financial Documents necessary to perform the Service.
- Credentials are encrypted and stored securely, inaccessible in plain text, and only usable under strict access control and audit logging.
- Sanso encourages the use of more secure alternatives—such as OAuth connections, app-specific passwords, or read-only tokens—whenever supported by the provider.
- You may revoke or change these credentials at any time. Once revoked, all stored access data is deleted immediately in accordance with our retention policy.
- Sanso applies technical and organizational safeguards (encryption, access control, monitoring, key rotation) to protect these credentials from unauthorized access or misuse.
d. Usage and Cookies Data
We collect technical data to operate and improve the Service, such as IP address, browser type, session duration, and interaction logs.
We use cookies only for essential functionality, security, and remembering preferences.
We do not use cookies for targeted advertising or cross-site tracking.
4. How We Use the Data
We use collected data for the following purposes:
- To provide, maintain, and improve the Service
- To detect and import Financial Documents
- To classify, reconcile, and upload data into connected accounting systems
- To provide customer support and technical assistance
- To monitor usage, detect fraud, and ensure security
- To comply with legal obligations
5. Connector-Specific Data Access
a. Google Workspace / Gmail
By enabling the “Connect to Email” feature, you grant Sanso read-only access to your Gmail mailbox (via OAuth 2.0 authorization).
This Authorization allows Sanso to:
- Retrieve only emails with attachments likely to contain Financial Documents
- Analyze attachments to extract relevant accounting information
- Display documents to you within the Service
We do not:
- Send, modify, or delete any emails
- Use Gmail data for advertising or model training
You can revoke access at any time through your Google Account settings.
b. Accounting Integrations
When connecting your accounting software, Sanso may access limited data such as:
- Supplier and customer information (names, VAT numbers, IDs)
- Purchase and sales invoices (metadata, totals, attachments)
- Payment and reconciliation status
- Chart of accounts and journal codes
Sanso may create or update purchase invoices or attachments on your behalf.
6. Legal Basis for Processing
Sanso processes your data on the following legal bases:
- Performance of a contract: providing the Service you requested.
- Legitimate interest: maintaining security, preventing fraud, and improving functionality.
- Consent: connecting external accounts (OAuth), optional analytics, or communications.
For data processed via Connectors (email, accounting, uploads), Sanso acts as a data processor on behalf of the Customer (data controller). For its own website, billing, or marketing operations, Sanso acts as an independent data controller.
7. Data Retention and Deletion
- Financial Documents: retained for the lifetime of your account + 30 days.
- Logs: retained for 12 months.
- OAuth tokens: deleted immediately upon disconnection.
- Credentials for supplier websites: deleted immediately upon revocation or account closure.
- Backups: securely purged within 30 days of account closure.
Once you close your account, all associated data (including Gmail-sourced data) will be permanently deleted within 30 days.
To request deletion, email data@sanso.ai. Deletion is irreversible and does not affect data stored by your third-party providers.
8. International Data Transfers
Customer data is primarily hosted in the European Union. Some subprocessors are based outside the EEA. When we transfer data internationally, we implement Standard Contractual Clauses (SCCs) and other legally recognized safeguards. All subprocessors are bound by data processing agreements consistent with Article 28 of the GDPR, ensuring confidentiality and data minimization.
9. Disclosure of Data
Sanso may disclose personal data only:
- To comply with legal obligations or law enforcement requests
- To protect and defend Sanso’s rights or property
- To prevent or investigate misuse of the Service
- To protect user or public safety
We do not sell, rent, or monetize personal data.
We may share data only with vetted subprocessors who act on Sanso’s behalf under written data processing agreements that ensure confidentiality, data minimization, and purpose limitation.
10. Data Security
Customer data is protected through industry-standard security measures, including:
- Encryption in transit (TLS) and at rest (AES-256)
- Access control and role-based permissions
- Multi-factor authentication for administrative access
- Key Management Systems (KMS) for token storage
Human access to Gmail data is restricted to authorized debugging or security cases under strict confidentiality.
11. User Rights (GDPR / UK GDPR)
If you are located in the European Union or United Kingdom, you have the right to:
- Access, correct, or delete your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
To exercise these rights, contact privacy@sanso.ai.
12. Children's Privacy
Our Service is not directed to individuals under the age of 18 ("Children"). We do not knowingly collect personal data from minors. If you believe your child has provided us with Personal Data, please contact us. Upon verification, we will promptly delete such information.
13. Use of AI Providers
We work with AI service providers solely to process Financial Documents and improve document accuracy.
These providers act as data processors under data processing agreements compliant with Article 28 GDPR:
- Confidentiality and data minimization
- No data reuse for training purposes
- Secure deletion after processing
We explicitly prohibit all AI providers from using Sanso customer data to train or fine-tune their models.
14. Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
15. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Sanso Solutions Ltd.
By email: privacy@sanso.ai
Effective date: October 27th, 2025
Sanso Solutions LTD ("us", "we", or "our") operates the website https://www.sanso.ai and related applications (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, and protect your data when you use our Service, and what rights you have regarding that data.
1. Scope and Definitions
This Policy applies to all data collected through the Service, including optional integrations (“Connectors”) that you may enable.
Definitions:
- Customer Data: Any data, files, or documents you upload, connect, or provide through the Service.
- Financial Documents: Invoices, receipts, bills, and credit notes imported into the Service for classification and reconciliation.
- Connectors: Optional integrations with third-party systems such as Gmail (Google Workspace), Pennylane, QuickBooks, or others.
Disclosure: Sanso’s use and transfer of information received from Google Accounts will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. Services and Connectors
The Service is modular and may include one or more Connectors you choose to enable:
- Email ingestion (Gmail via Google OAuth 2.0) – detect and import Financial Documents from messages with attachments;
- Accounting integrations (e.g., Pennylane, QuickBooks) – read and post accounting data necessary for classification and reconciliation;
- File uploads – manually upload Financial Documents;
- Bank or payment feeds – import transactions for reconciliation.
- Vendor portals - securely log in to supplier websites to download invoices, when authorized by the Customer.
We only access and process data from Connectors that you explicitly enable. If a Connector is disabled, we do not access or store its data.
3. Information We Collect
a. Personal Data
We may collect personally identifiable information that you voluntarily provide:
- Name, email address, phone number
- Business name and contact details
- Accounting and financial information
- Login or OAuth credentials
b. Financial and Email Data
When you enable the “Connect to Email” feature, Sanso may temporarily store email messages and their attachments.
These messages and attachments are processed solely for:
- detecting and extracting Financial Documents,
- classifying and reconciling relevant accounting data,
- and displaying the results to you in the Service.
Full email messages are never used for advertising, analytics, or AI model training.
Sanso applies automatic filters to restrict the scope of retrieval to relevant emails only. Messages and attachments identified as irrelevant (“false positives”) are promptly deleted, and we continuously refine our detection algorithms to prevent similar retrievals in the future.
All stored messages and attachments are encrypted at rest and in transit and hosted on secure servers located in the European Union.
c. Access Credentials for Supplier Websites
To automatically retrieve invoices or Financial Documents from certain supplier or marketplace websites, you may choose to provide Sanso with access credentials (login and password) for those specific accounts.
When you choose to do so:
- Credentials are used exclusively for the purpose of accessing the relevant website and retrieving Financial Documents necessary to perform the Service.
- Credentials are encrypted and stored securely, inaccessible in plain text, and only usable under strict access control and audit logging.
- Sanso encourages the use of more secure alternatives—such as OAuth connections, app-specific passwords, or read-only tokens—whenever supported by the provider.
- You may revoke or change these credentials at any time. Once revoked, all stored access data is deleted immediately in accordance with our retention policy.
- Sanso applies technical and organizational safeguards (encryption, access control, monitoring, key rotation) to protect these credentials from unauthorized access or misuse.
d. Usage and Cookies Data
We collect technical data to operate and improve the Service, such as IP address, browser type, session duration, and interaction logs.
We use cookies only for essential functionality, security, and remembering preferences.
We do not use cookies for targeted advertising or cross-site tracking.
4. How We Use the Data
We use collected data for the following purposes:
- To provide, maintain, and improve the Service
- To detect and import Financial Documents
- To classify, reconcile, and upload data into connected accounting systems
- To provide customer support and technical assistance
- To monitor usage, detect fraud, and ensure security
- To comply with legal obligations
5. Connector-Specific Data Access
a. Google Workspace / Gmail
By enabling the “Connect to Email” feature, you grant Sanso read-only access to your Gmail mailbox (via OAuth 2.0 authorization).
This Authorization allows Sanso to:
- Retrieve only emails with attachments likely to contain Financial Documents
- Analyze attachments to extract relevant accounting information
- Display documents to you within the Service
We do not:
- Send, modify, or delete any emails
- Use Gmail data for advertising or model training
You can revoke access at any time through your Google Account settings.
b. Accounting Integrations
When connecting your accounting software, Sanso may access limited data such as:
- Supplier and customer information (names, VAT numbers, IDs)
- Purchase and sales invoices (metadata, totals, attachments)
- Payment and reconciliation status
- Chart of accounts and journal codes
Sanso may create or update purchase invoices or attachments on your behalf.
6. Legal Basis for Processing
Sanso processes your data on the following legal bases:
- Performance of a contract: providing the Service you requested.
- Legitimate interest: maintaining security, preventing fraud, and improving functionality.
- Consent: connecting external accounts (OAuth), optional analytics, or communications.
For data processed via Connectors (email, accounting, uploads), Sanso acts as a data processor on behalf of the Customer (data controller). For its own website, billing, or marketing operations, Sanso acts as an independent data controller.
7. Data Retention and Deletion
- Financial Documents: retained for the lifetime of your account + 30 days.
- Logs: retained for 12 months.
- OAuth tokens: deleted immediately upon disconnection.
- Credentials for supplier websites: deleted immediately upon revocation or account closure.
- Backups: securely purged within 30 days of account closure.
Once you close your account, all associated data (including Gmail-sourced data) will be permanently deleted within 30 days.
To request deletion, email data@sanso.ai. Deletion is irreversible and does not affect data stored by your third-party providers.
8. International Data Transfers
Customer data is primarily hosted in the European Union. Some subprocessors are based outside the EEA. When we transfer data internationally, we implement Standard Contractual Clauses (SCCs) and other legally recognized safeguards. All subprocessors are bound by data processing agreements consistent with Article 28 of the GDPR, ensuring confidentiality and data minimization.
9. Disclosure of Data
Sanso may disclose personal data only:
- To comply with legal obligations or law enforcement requests
- To protect and defend Sanso’s rights or property
- To prevent or investigate misuse of the Service
- To protect user or public safety
We do not sell, rent, or monetize personal data.
We may share data only with vetted subprocessors who act on Sanso’s behalf under written data processing agreements that ensure confidentiality, data minimization, and purpose limitation.
10. Data Security
Customer data is protected through industry-standard security measures, including:
- Encryption in transit (TLS) and at rest (AES-256)
- Access control and role-based permissions
- Multi-factor authentication for administrative access
- Key Management Systems (KMS) for token storage
Human access to Gmail data is restricted to authorized debugging or security cases under strict confidentiality.
11. User Rights (GDPR / UK GDPR)
If you are located in the European Union or United Kingdom, you have the right to:
- Access, correct, or delete your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
To exercise these rights, contact privacy@sanso.ai.
12. Children's Privacy
Our Service is not directed to individuals under the age of 18 ("Children"). We do not knowingly collect personal data from minors. If you believe your child has provided us with Personal Data, please contact us. Upon verification, we will promptly delete such information.
13. Use of AI Providers
We work with AI service providers solely to process Financial Documents and improve document accuracy.
These providers act as data processors under data processing agreements compliant with Article 28 GDPR:
- Confidentiality and data minimization
- No data reuse for training purposes
- Secure deletion after processing
We explicitly prohibit all AI providers from using Sanso customer data to train or fine-tune their models.
14. Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
15. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Sanso Solutions Ltd.
By email: privacy@sanso.ai
Effective date: October 27th, 2025
Sanso Solutions LTD ("us", "we", or "our") operates the website https://www.sanso.ai and related applications (collectively, the “Service”). This Privacy Policy explains how we collect, use, store, and protect your data when you use our Service, and what rights you have regarding that data.
1. Scope and Definitions
This Policy applies to all data collected through the Service, including optional integrations (“Connectors”) that you may enable.
Definitions:
- Customer Data: Any data, files, or documents you upload, connect, or provide through the Service.
- Financial Documents: Invoices, receipts, bills, and credit notes imported into the Service for classification and reconciliation.
- Connectors: Optional integrations with third-party systems such as Gmail (Google Workspace), Pennylane, QuickBooks, or others.
Disclosure: Sanso’s use and transfer of information received from Google Accounts will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. Services and Connectors
The Service is modular and may include one or more Connectors you choose to enable:
- Email ingestion (Gmail via Google OAuth 2.0) – detect and import Financial Documents from messages with attachments;
- Accounting integrations (e.g., Pennylane, QuickBooks) – read and post accounting data necessary for classification and reconciliation;
- File uploads – manually upload Financial Documents;
- Bank or payment feeds – import transactions for reconciliation.
- Vendor portals - securely log in to supplier websites to download invoices, when authorized by the Customer.
We only access and process data from Connectors that you explicitly enable. If a Connector is disabled, we do not access or store its data.
3. Information We Collect
a. Personal Data
We may collect personally identifiable information that you voluntarily provide:
- Name, email address, phone number
- Business name and contact details
- Accounting and financial information
- Login or OAuth credentials
b. Financial and Email Data
When you enable the “Connect to Email” feature, Sanso may temporarily store email messages and their attachments.
These messages and attachments are processed solely for:
- detecting and extracting Financial Documents,
- classifying and reconciling relevant accounting data,
- and displaying the results to you in the Service.
Full email messages are never used for advertising, analytics, or AI model training.
Sanso applies automatic filters to restrict the scope of retrieval to relevant emails only. Messages and attachments identified as irrelevant (“false positives”) are promptly deleted, and we continuously refine our detection algorithms to prevent similar retrievals in the future.
All stored messages and attachments are encrypted at rest and in transit and hosted on secure servers located in the European Union.
c. Access Credentials for Supplier Websites
To automatically retrieve invoices or Financial Documents from certain supplier or marketplace websites, you may choose to provide Sanso with access credentials (login and password) for those specific accounts.
When you choose to do so:
- Credentials are used exclusively for the purpose of accessing the relevant website and retrieving Financial Documents necessary to perform the Service.
- Credentials are encrypted and stored securely, inaccessible in plain text, and only usable under strict access control and audit logging.
- Sanso encourages the use of more secure alternatives—such as OAuth connections, app-specific passwords, or read-only tokens—whenever supported by the provider.
- You may revoke or change these credentials at any time. Once revoked, all stored access data is deleted immediately in accordance with our retention policy.
- Sanso applies technical and organizational safeguards (encryption, access control, monitoring) to protect these credentials from unauthorized access or misuse.
d. Usage and Cookies Data
We collect technical data to operate and improve the Service, such as IP address, browser type, session duration, and interaction logs.
We use cookies only for essential functionality, security, and remembering preferences.
We do not use cookies for targeted advertising or cross-site tracking.
4. How We Use the Data
We use collected data for the following purposes:
- To provide, maintain, and improve the Service
- To detect and import Financial Documents
- To classify, reconcile, and upload data into connected accounting systems
- To provide customer support and technical assistance
- To monitor usage, detect fraud, and ensure security
- To comply with legal obligations
5. Connector-Specific Data Access
a. Google Workspace / Gmail
By enabling the “Connect to Email” feature, you grant Sanso read-only access to your Gmail mailbox (via OAuth 2.0 authorization).
This Authorization allows Sanso to:
- Retrieve only emails with attachments likely to contain Financial Documents
- Analyze attachments to extract relevant accounting information
- Display documents to you within the Service
We do not:
- Send, modify, or delete any emails
- Use Gmail data for advertising or model training
You can revoke access at any time through your Google Account settings.
b. Accounting Integrations
When connecting your accounting software, Sanso may access limited data such as:
- Supplier and customer information (names, VAT numbers, IDs)
- Purchase and sales invoices (metadata, totals, attachments)
- Payment and reconciliation status
- Chart of accounts and journal codes
Sanso may create or update purchase invoices or attachments on your behalf.
6. Legal Basis for Processing
Sanso processes your data on the following legal bases:
- Performance of a contract: providing the Service you requested.
- Legitimate interest: maintaining security, preventing fraud, and improving functionality.
- Consent: connecting external accounts (OAuth), optional analytics, or communications.
For data processed via Connectors (email, accounting, uploads), Sanso acts as a data processor on behalf of the Customer (data controller). For its own website, billing, or marketing operations, Sanso acts as an independent data controller.
7. Data Retention and Deletion
- Financial Documents: retained for the lifetime of your account + 30 days.
- Logs: retained for 12 months.
- OAuth tokens: deleted immediately upon disconnection.
- Credentials for supplier websites: deleted immediately upon revocation or account closure.
- Backups: securely purged within 30 days of account closure.
Once you close your account, all associated data (including Gmail-sourced data) will be permanently deleted within 30 days.
To request deletion, email data@sanso.ai. Deletion is irreversible and does not affect data stored by your third-party providers.
8. International Data Transfers
Customer data is primarily hosted in the European Union. Some subprocessors are based outside the EEA. When we transfer data internationally, we implement Standard Contractual Clauses (SCCs) and other legally recognized safeguards. All subprocessors are bound by data processing agreements consistent with Article 28 of the GDPR, ensuring confidentiality and data minimization.
9. Disclosure of Data
Sanso may disclose personal data only:
- To comply with legal obligations or law enforcement requests
- To protect and defend Sanso’s rights or property
- To prevent or investigate misuse of the Service
- To protect user or public safety
We do not sell, rent, or monetize personal data.
We may share data only with vetted subprocessors who act on Sanso’s behalf under written data processing agreements that ensure confidentiality, data minimization, and purpose limitation.
10. Data Security
Customer data is protected through industry-standard security measures, including:
- Encryption in transit (TLS) and at rest (AES-256)
- Access control and role-based permissions
- Multi-factor authentication for administrative access
- Key Management Systems (KMS) for token storage
Human access to Gmail data is restricted to authorized debugging or security cases under strict confidentiality.
11. User Rights (GDPR / UK GDPR)
If you are located in the European Union or United Kingdom, you have the right to:
- Access, correct, or delete your data
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time
To exercise these rights, contact privacy@sanso.ai.
12. Children's Privacy
Our Service is not directed to individuals under the age of 18 ("Children"). We do not knowingly collect personal data from minors. If you believe your child has provided us with Personal Data, please contact us. Upon verification, we will promptly delete such information.
13. Use of AI Providers
We work with AI service providers solely to process Financial Documents and improve document accuracy.
These providers act as data processors under data processing agreements compliant with Article 28 GDPR:
- Confidentiality and data minimization
- No data reuse for training purposes
- Secure deletion after processing
We explicitly prohibit all AI providers from using Sanso customer data to train or fine-tune their models.
14. Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
15. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Sanso Solutions Ltd.
By email: privacy@sanso.ai