Privacy

Revenue Leak Audit uses uploaded Stripe CSVs to produce a human-reviewed billing report.

Files are stored outside the public web path and are never stored in browser storage. Report links use unguessable tokens, and only a token hash is stored.

Findings are hidden until an admin approves the audit. Each audit gets a 30-day deletion date and is removed by the retention cleanup job.

Encryption at rest must be provided by the hosting database and private file storage. This v1 app does not implement app-layer encryption.

This is not accounting, tax, legal, or financial advice. Findings should be reviewed before action.