Privacy Policy

Last updated: March 2026

Overview

Matchi is a desktop application for AI-powered financial reconciliation. Your financial data stays on your machine. This policy explains what limited data we do collect and how we use it.

Your Data Stays Local

All financial data (CSV, XLSX, Google Sheets imports) is processed locally on your machine. No financial data is uploaded to any Matchi server. Data is stored only on your machine and deleted when you uninstall the application.

AI Provider Communication

Your natural language instructions and small data samples (up to 50 rows per query) are sent to your chosen AI provider so the agent can reason about your data. Full datasets are never uploaded — they stay on your machine.

When using Bring Your Own Key (BYOK), you connect directly to your chosen provider (Google Gemini, Anthropic Claude, OpenAI, or a custom endpoint). API keys are stored locally on your device and are never transmitted to Matchi.

Matchi Free Tier

Matchi Free uses Google Sign-In for authentication, which is handled by Supabase Auth using Supabase's own Google OAuth integration. This is separate from the Google Sheets OAuth flow described below. Your Google email and profile name are stored by Supabase for account management.

AI requests are proxied through our server. Your natural language instructions and small data samples (up to 50 rows) pass through for AI reasoning. Full datasets are never sent.

Analytics

Analytics is opt-in only — you choose during onboarding whether to participate. If enabled, we collect:

• Usage events (feature interactions, session duration)
• Reconciliation metadata (row counts, match rates — never actual data values)

We use PostHog for analytics processing.

We do not collect file contents, financial data, SQL queries, or API keys.

Google Sheets Integration

If you connect Google Sheets, Matchi requests read-only access to your spreadsheets via Google's OAuth 2.0 service. We request only the https://www.googleapis.com/auth/spreadsheets.readonly scope. This means we can only read spreadsheet metadata and data — we cannot edit, delete, or create spreadsheets.

Google OAuth access tokens are stored locally on your device and are never transmitted to our servers. Tokens remain on your machine until you disconnect Google Sheets within the app or uninstall Matchi. We do not store, copy, or access your Google Sheets data on any server. Your spreadsheet data is used only locally within the application to perform reconciliation tasks on your machine.

Google API Services User Data Policy

Matchi's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Third-Party Services

We use the following services:

• Google OAuth — read-only access for Google Sheets integration (scope: spreadsheets.readonly)
• Supabase — Free tier account management and authentication (including Google Sign-In via Supabase's own OAuth integration)
• PostHog — opt-in analytics
• Your chosen AI provider — via BYOK or Matchi Free proxy

Each service has its own privacy policy.

Data Retention & Deletion

Local data is deleted when you uninstall Matchi or clear app data.

For Free tier accounts, email hello@matchi.app to request account deletion.

Analytics data is retained for 12 months, then automatically purged.

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via the app. The "Last updated" date at the top of this page will be revised accordingly.

Contact

Questions about this policy? Email us at hello@matchi.app.