Mise

Legal

Privacy Policy

Mise reads your money. We take that seriously. This page tells you what we do with the data you give us, who else sees it, and how to make us delete it. We aim to be specific, not vague.

What we collect

To do its job, Mise reads the following:

  • Account info: your email address, a hashed password, and any account preferences you set (display mode, tutorial persona).
  • Business info: the legal name, vertical (restaurant / DTC / other), accounting basis (cash or accrual), fiscal year start, and chart of accounts you configure.
  • Bank transactions: via Plaid, we read transaction dates, amounts, merchant names, raw descriptions, and the account identifier. We do notread your banking password — Plaid handles authentication on a separate session and gives us a token that only works for read-only transaction data.
  • POS / aggregator settlements: CSV reports you upload from Shopify, Stripe, Toast, DoorDash, or Uber Eats. We read the gross, fees, refunds, and settlement date columns.
  • QuickBooks data: via Intuit OAuth, we read your chart of accounts to map Mise categories. We write journal entries you confirm. We don’t read invoices, bills, customers, or vendor records.
  • Categorization corrections:when you override Mise’s proposed category, we save the correction so the system learns. We don’t share these with other customers.
  • Billing info:Stripe handles payment processing. We see the subscription state and last-4 of the card via Stripe’s API. We never see your full card number, CVV, or billing address.

What we do with it

Categorize transactions, reconcile aggregator payouts against bank deposits, split loan payments into principal and interest, push clean journal entries to QuickBooks. That’s it.

Specifically, we do not:

  • Sell your data. Not to ad networks, not to data brokers, not to anyone.
  • Train shared AI models on your transactions. We send individual transactions to Anthropic’s API for categorization, but they aren’t used as training data for their general models (per our Anthropic enterprise agreement).
  • Aggregate your bookkeeping data across customers. Each customer’s books are isolated; we don’t produce industry benchmark reports or sell anonymized financials.

Who else sees it

We use a small set of third-party services to run Mise. Each one sees only the data needed for its specific job. The full list with purposes lives at miseencomptes.com/subprocessors — we keep it current and notify customers in advance when we add or change a subprocessor.

The short version:

  • Supabase stores your data (US-east region).
  • Vercel hosts the app.
  • Plaid reads your bank transactions on your behalf.
  • Anthropic categorizes transactions using their Claude API.
  • Intuit receives the journal entries we push to QuickBooks.
  • Stripe processes subscription billing.
  • Resend sends transactional emails (signup confirmations, password resets).

How we store it

Data sits in a Supabase Postgres database with disk-level AES-256 encryption at rest. Row-level security policies enforce that each business’s data is queryable only with that business’s credentials.

Sensitive secrets — Plaid access tokens, QuickBooks OAuth tokens — are encrypted at the application layer with AES-256-GCM before they ever touch the database. The encryption key is held outside the database in our serverless function environment, so a database-only compromise can’t yield a usable token.

All traffic between you and Mise, and between Mise and our subprocessors, runs over TLS 1.2 or newer.

How long we keep it

While you’re an active customer, we keep everything required to do bookkeeping — transactions, categorizations, corrections, reconciliations, and audit logs.

When you cancel:

  • Plaid + QuickBooks tokens are revoked immediately.
  • Account data + business records stay for 90 days in case you reactivate, then are deleted unless you ask us to delete them sooner.
  • Billing recordsstay 7 years for tax and audit purposes — required by US law for businesses processing payments.
  • Server logs rotate out after 30 days.

Email hello@miseencomptes.com with “Delete my data” and we will, within 30 days, delete everything except the billing-record minimum we’re legally required to keep.

Your rights

You can:

  • See your data. Every transaction Mise has read is visible in the app. Email us for a full machine-readable export.
  • Correct it.Re-categorize anything Mise got wrong — the correction overrides the AI’s proposal and trains the rules engine for future transactions.
  • Delete it. See above.
  • Take it elsewhere.Your journal entries are already in QuickBooks, where they remain regardless of your Mise subscription. We don’t hold your books hostage.

If you’re in California, the EU, the UK, or another jurisdiction with specific privacy law, the rights above cover the equivalents you have under CCPA, GDPR, and similar. Email us and we’ll honor the specific framework that applies.

Cookies

We use a small number of cookies, all strictly functional:

  • Authentication session— how we know you’re signed in. Expires after 30 days of inactivity.
  • Active business selection— for users who have more than one business in Mise.
  • Theme preferenceon the marketing site — remembers your light/dark choice.

No analytics cookies, no advertising cookies, no third-party trackers.

Children

Mise is for businesses. We don’t knowingly collect data from anyone under 18. If a minor signs up, email us and we’ll delete the account.

Changes

We’ll email active customers at least 30 days before any material change to this policy, and post the new version here with a fresh “last updated” date. Cosmetic edits (typos, clarifications) get the date bump without an email.

Contact

Privacy questions: hello@miseencomptes.com. We aim to respond within two business days, faster for anything urgent.

Last updated: June 6, 2026
Questions? hello@miseencomptes.com