potikBack to sign in

Privacy Policy

Effective date: June 22, 2026 · Last updated: June 22, 2026

1. Who We Are

potik is an internal finance and operations product operated by SoftImply OÜ (registry code 16776329), a company registered in Estonia. SoftImply OÜ is the data controller for the personal data described in this policy.

Legal name
SoftImply OÜ
Registry code
16776329
Address
Sepapaja tn 6, 15551 Tallinn, Estonia
Jurisdiction
Estonia, EU (GDPR applies)
Email
privacy@softimply.tech

2. Information We Process

potik is a multi-tenant financial reporting application. Within a tenant workspace we process the following categories of data:

  • Account & identity data — your name, email address, hashed password, role within the tenant, and language preference.
  • Two-factor authentication secrets — time-based one-time password (TOTP) secrets and recovery codes, stored encrypted at rest. Two-factor authentication is mandatory.
  • Financial transactions — transaction records, amounts, currencies, counterparties, categories, and categorization rules.
  • Wise bank-sync data — account balances, statements, and transactions synchronized from connected Wise accounts, together with the encrypted credentials and connection metadata used to perform the sync.
  • Invoices — invoice line items, client and counterparty details, amounts, and tax information.
  • Tenant & operational data — budgets, recurring transactions, projects, reports, exchange rates, sync logs, audit events, and tenant-level settings.
  • Technical data — IP address, timestamps, and session information collected automatically for security and audit purposes.

potik is an internal SoftImply tool. It is not intended to process special categories of personal data, and such data should not be entered into the system.

3. How We Use Your Information

  • Authenticating users and enforcing two-factor and role-based access controls.
  • Synchronizing, reconciling, categorizing, and reporting on financial data.
  • Generating budgets, invoices, and profit-and-loss, cash-flow, and balance reports.
  • Maintaining audit logs and sync logs for security and operational continuity.
  • Complying with accounting, tax, and other legal obligations.

4. Legal Basis for Processing

As a company registered in the European Union, SoftImply OÜ processes your data in accordance with the General Data Protection Regulation (GDPR):

  • Contract & employment (Art. 6(1)(b)) — processing of staff account data is necessary to provide the internal tool used to perform work.
  • Legal obligation (Art. 6(1)(c)) — retention of financial, invoicing, and tax records to satisfy accounting and tax law.
  • Legitimate interest (Art. 6(1)(f)) — securing the platform, maintaining audit trails, and operating SoftImply's finances.

5. Service Providers & Sub-processors

We do not sell personal data. We rely on the following processors:

  • Microsoft Azure — cloud hosting for the application (EU region). Microsoft acts as a data processor under a GDPR-compliant Data Processing Agreement.
  • Supabase — managed PostgreSQL database hosting for tenant and financial data, acting as a data processor.
  • Wise — the banking provider whose accounts and transactions are synchronized into potik at your request.
  • AI categorization provider — when AI-assisted categorization is enabled, transaction descriptions may be sent to a configured AI provider to suggest categories. This feature can be disabled per tenant.

All processors are contractually obligated to process data only as instructed and to maintain appropriate security measures.

6. Data Security

  • All data is transmitted over HTTPS (TLS 1.2 or higher).
  • Two-factor authentication secrets and Wise credentials are encrypted at rest.
  • Two-factor authentication is mandatory for all accounts.
  • Access is restricted to authenticated tenant members and gated by role.
  • Audit and sync logs record sensitive operations.

While we take reasonable steps to protect your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. Data Retention

Financial transactions, invoices, and related accounting records are retained for the periods required by applicable accounting and tax law (generally up to 7 years). Account data is retained for as long as the account is active. Audit and sync logs are retained for operational and security purposes and then securely deleted.

8. Your Rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure, subject to legal retention obligations for financial records.
  • Request restriction of, or object to, certain processing.
  • Receive your data in a structured, machine-readable format.

To exercise these rights, email privacy@softimply.tech. We will respond within 30 days. You may also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be posted on this page with an updated effective date.

See also: GDPR Data Processing Policy · Terms of Service