Legal

Privacy Policy

Last updated: 25 March 2026

1. Who we are

Nastrum Books is a cloud-based accounting platform operated by Nastrum AI. Our registered contact email is hello@nastrumbooks.com. References to "we", "us", or "our" in this policy refer to Nastrum AI.

2. What data we collect

We collect only what is necessary to provide the service:

  • Account data: your name, email address, and password (hashed, never stored in plain text).
  • Company data: company name, address, tax numbers, and any financial data you enter (invoices, expenses, transactions, etc.).
  • File uploads: receipts, logos, and documents you attach to records. Stored on Cloudflare R2.
  • Usage data: pages visited, features used, and error logs. Used to improve the product. Not sold to third parties.
  • Payment data: processed by our payment provider. We do not store card numbers or banking credentials.

3. How we use your data

  • To provide, operate, and improve Nastrum Books.
  • To send transactional emails (invoices, password resets, billing receipts).
  • To send product update emails (you can unsubscribe at any time).
  • To diagnose bugs and performance issues.
  • To comply with legal obligations.

We do not sell, rent, or trade your data with any third party for marketing purposes.

4. Data storage and security

Your data is stored on Supabase (PostgreSQL, hosted on AWS) with row-level security enforced at the database level. File attachments are stored on Cloudflare R2. All data is encrypted in transit (TLS 1.2+) and at rest.

Access to production data is restricted to authorised Nastrum AI personnel only. We conduct regular security reviews and apply patches promptly.

5. Data retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently deleted within 30 days, except where we are required by law to retain it.

6. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies. If we add analytics, we will update this policy and, where required, request your consent.

7. Third-party services

We use the following third-party services to operate the platform:

  • Supabase: database and authentication.
  • Cloudflare: CDN, hosting (Pages), and file storage (R2).
  • Brevo / EmailJS: transactional email delivery (user-configured).

Each provider has their own privacy policy and data processing agreements in place.

8. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Object to certain types of processing.

To exercise any of these rights, email us at hello@nastrumbooks.com. We will respond within 30 days.

9. Children's privacy

Nastrum Books is a business tool intended for users aged 18 and over. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us immediately.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you by email. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact us

If you have any questions about this privacy policy or how we handle your data, contact us at:
hello@nastrumbooks.com