Skip to main content

Last Updated: June 15, 2026

Privacy Policy

This Privacy Policy explains how ReconLayer, operating as ReconLayer (“ReconLayer,” “we,” “us,” or “our”), collects, uses, shares, protects, and otherwise processes personal data when you access or use our website, platform, APIs, dashboard, documentation, support channels, and related services.

ReconLayer is an API-first reconciliation and exception platform for payment outcomes. ReconLayer helps businesses convert expected payments and fragmented evidence into reviewable reconciliation cases with explainable matches, delta clarity, and audit history.

ReconLayer does not move money, initiate payments, settle transactions, custody funds, act as a bank, act as a payment processor, provide money transmission, provide accounting advice, provide tax advice, provide legal advice, or guarantee compliance outcomes.

1. Scope

This Privacy Policy applies to personal data processed in connection with:

  1. Our public website and marketing pages.
  2. Account registration and administration.
  3. Use of the ReconLayer platform, dashboard, APIs, documentation, and services.
  4. Customer support and communications.
  5. Security, logging, monitoring, analytics, and service improvement.
  6. Sales, billing, partnerships, and vendor relationships.

This Privacy Policy does not replace any customer agreement, order form, Data Processing Addendum, or other written agreement between ReconLayer and a customer.

2. Our Role

ReconLayer may process personal data in different roles depending on the context.

For personal data we collect directly, such as website, account, billing, security, analytics, and support data, ReconLayer generally acts as a controller under GDPR-style laws or a Data Fiduciary under India’s Digital Personal Data Protection Act, 2023, where applicable.

For personal data submitted to the platform by or on behalf of a customer, ReconLayer generally acts as a processor, service provider, or Data Processor, processing that data on behalf of the customer. In that context, the customer is responsible for determining the purposes and means of processing and for providing any required notices, consents, rights, or legal bases.

3. Information We Collect

3.1 Account and Contact Information

We may collect:

  1. Name.
  2. Business email address.
  3. Company name.
  4. Job title or role.
  5. Phone number, if provided.
  6. Workspace or organization details.
  7. Login credentials or authentication identifiers.
  8. Administrative and billing contact details.

3.2 Customer Data Submitted to ReconLayer

Customers may submit or connect business records, evidence, files, API payloads, webhooks, and metadata for reconciliation purposes.

Depending on customer configuration, Customer Data may include:

  1. Expected payment records.
  2. PaymentIntent data.
  3. RawRecord evidence.
  4. FlowLeg records.
  5. ReconciliationCase data.
  6. MatchLink explanations.
  7. AuditEvent history.
  8. FlowLegReference identifiers.
  9. Provider evidence.
  10. On-chain evidence.
  11. Bank confirmations.
  12. PSP reports.
  13. ERP exports.
  14. Ledger records.
  15. CSV or imported records.
  16. Amounts, timestamps, references, counterparties, entities, descriptions, notes, and operational metadata.

Customers should avoid submitting personal data that is not necessary for reconciliation. Customers are responsible for ensuring that all Customer Data submitted to ReconLayer is lawful, accurate, relevant, and appropriate.

3.3 Usage, Device, and Log Data

We may automatically collect:

  1. IP address.
  2. Device type.
  3. Browser type and version.
  4. Operating system.
  5. Referring pages.
  6. Pages visited.
  7. API request metadata.
  8. Authentication events.
  9. Access logs.
  10. Error logs.
  11. Security logs.
  12. Performance data.
  13. Date, time, and duration of activity.
  14. Approximate location inferred from IP address.

3.4 Communications and Support Data

When you contact us, we may collect:

  1. Message content.
  2. Support tickets.
  3. Troubleshooting details.
  4. Attachments you provide.
  5. Feedback, comments, or feature requests.
  6. Records of communications with us.

3.5 Cookies and Similar Technologies

We may use cookies and similar technologies to operate our website, remember preferences, analyze usage, improve performance, and understand engagement.

Strictly necessary cookies may be used to provide the website or service. Where required by law, analytics, marketing, tracking, or other non-essential cookies will be used only with appropriate consent.

Additional details may be provided in a separate Cookie Policy or cookie preference center.

4. How We Use Information

We use personal data and Customer Data to:

  1. Provide, operate, maintain, and secure ReconLayer.
  2. Create and administer accounts and workspaces.
  3. Authenticate users.
  4. Process reconciliation records according to customer instructions.
  5. Generate and display reconciliation cases, evidence, deltas, match reasons, statuses, and audit history.
  6. Provide API, dashboard, and documentation access.
  7. Monitor platform performance, reliability, and security.
  8. Detect, prevent, and investigate fraud, misuse, abuse, unauthorized access, or security incidents.
  9. Provide customer support.
  10. Send service, security, administrative, and transactional communications.
  11. Improve product functionality and user experience.
  12. Develop, test, and improve features.
  13. Analyze usage and performance.
  14. Manage billing, subscriptions, and customer relationships.
  15. Comply with legal obligations.
  16. Enforce agreements and protect rights.

5. AI and Data Training

ReconLayer does not use Customer Data to train public, general-purpose, or third-party AI models.

ReconLayer will not use Customer Data to train proprietary models except with the customer’s prior written authorization or as expressly stated in a separate written agreement.

We may use aggregated, anonymized, or de-identified information that does not identify a customer, user, or individual to understand usage patterns, improve services, and develop product features.

6. Legal Bases for Processing

Where applicable law requires a legal basis, we may process personal data based on:

  1. Performance of a contract.
  2. Customer instructions.
  3. Consent.
  4. Compliance with legal obligations.
  5. Legitimate interests, such as operating, securing, improving, and supporting our services.
  6. Other lawful bases available under applicable law.

Where ReconLayer acts as a processor or Data Processor, we process Customer Data according to customer instructions and applicable contractual terms.

7. How We Share Information

We may share information as described below.

7.1 With Customers and Authorized Users

Customer Data may be visible to users authorized by the relevant customer organization. Customers are responsible for managing user access, roles, permissions, and internal controls.

7.2 With Service Providers and Subprocessors

We may use trusted service providers and subprocessors to provide hosting, infrastructure, storage, databases, authentication, monitoring, analytics, support, email, billing, security, and related services.

These providers may process information only as needed to provide services to us and are subject to confidentiality, security, and data protection obligations.

We may maintain a public or customer-accessible Subprocessor List.

ReconLayer will make its current list of subprocessors available to customers upon request.

7.3 With Third-Party Integrations

If a customer connects ReconLayer to third-party systems, information may be exchanged with those systems according to the customer’s configuration.

Third-party systems may include payment providers, banks, blockchain data sources, PSPs, ERP systems, ledgers, file storage tools, webhook endpoints, or other business systems.

ReconLayer is not responsible for third-party services, third-party terms, or third-party privacy practices.

7.4 For Legal, Security, and Compliance Purposes

We may disclose information when we believe disclosure is necessary to:

  1. Comply with applicable law, regulation, legal process, or government request.
  2. Enforce agreements.
  3. Protect the rights, property, or safety of ReconLayer, customers, users, or others.
  4. Detect, prevent, or investigate fraud, security incidents, or misuse.

7.5 Business Transfers

If ReconLayer is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to appropriate confidentiality and data protection safeguards.

8. Data Retention

We retain personal data for as long as reasonably necessary to provide the services, comply with legal obligations, resolve disputes, maintain security, enforce agreements, and support legitimate business purposes.

Customer Data is retained according to the applicable customer agreement, product configuration, retention settings, or written customer instructions.

Backup copies may remain for a limited period before deletion according to our backup and retention procedures.

9. Security

We use reasonable administrative, technical, and organizational measures designed to protect personal data and Customer Data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

  1. Access controls.
  2. Authentication controls.
  3. Encryption in transit and, where appropriate, at rest.
  4. Logging and monitoring.
  5. Least-privilege access.
  6. Secure development practices.
  7. Vendor review.
  8. Backup and recovery procedures.
  9. Security incident response processes.

No system is completely secure. Customers are responsible for protecting their own accounts, users, devices, credentials, API keys, connected systems, and access permissions.

10. International Transfers

We and our service providers may process information in countries other than the country where you are located.

Where required by applicable law, we use appropriate transfer safeguards, such as contractual protections, data processing terms, standard contractual clauses, or other lawful transfer mechanisms.

11. Privacy Rights

Depending on your location and applicable law, you may have rights to:

  1. Access personal data.
  2. Correct inaccurate or incomplete personal data.
  3. Delete personal data.
  4. Object to or restrict processing.
  5. Withdraw consent where processing is based on consent.
  6. Request portability of personal data.
  7. Opt out of certain processing activities, where applicable.
  8. Lodge a complaint with a data protection authority.

To exercise privacy rights, contact us at:

support@reconlayer.com

We may need to verify your identity before responding.

If your personal data was submitted to ReconLayer by one of our customers, we may refer your request to that customer or process it according to that customer’s instructions.

12. India Privacy Notice

Where India’s Digital Personal Data Protection Act, 2023 applies, ReconLayer may act as a Data Fiduciary for personal data it collects directly and as a Data Processor when processing Customer Data on behalf of a customer.

Data Principals may have rights relating to access, correction, completion, updating, erasure, grievance redressal, withdrawal of consent where applicable, and nomination, subject to applicable law.

Requests may be sent to:

support@reconlayer.com

Grievance contact:

Bhargav D

Email: support@reconlayer.com

13. European and UK Privacy Notice

Where the GDPR, UK GDPR, or similar laws apply, individuals may have additional rights, including access, rectification, erasure, restriction, objection, portability, and the right to complain to a supervisory authority.

Where ReconLayer acts as a processor, we process Customer Data on behalf of the customer and according to the applicable Data Processing Addendum or written agreement.

14. California Privacy Notice

Where California privacy law applies, California residents may have rights to know, access, correct, delete, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights.

ReconLayer does not sell personal information. ReconLayer does not knowingly share personal information for cross-context behavioral advertising unless disclosed through a separate cookie, advertising, or privacy notice.

15. Children’s Privacy

ReconLayer is a business-to-business service and is not intended for children. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child without appropriate authorization, we will take reasonable steps to delete it.

16. Customer Responsibilities

Customers are responsible for:

  1. Providing required privacy notices to their own users, employees, customers, vendors, counterparties, and other individuals.
  2. Obtaining required consents or establishing other lawful bases.
  3. Ensuring they have rights to submit data to ReconLayer.
  4. Managing user access, roles, permissions, and API keys.
  5. Configuring integrations lawfully.
  6. Avoiding unnecessary personal data or sensitive personal data.
  7. Responding to privacy requests relating to Customer Data.
  8. Reviewing reconciliation outputs before making business, finance, compliance, accounting, reporting, or operational decisions.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated Privacy Policy, updating the “Last Updated” date, sending notice, or using another appropriate method.

Continued use of ReconLayer after the updated Privacy Policy becomes effective means the updated Privacy Policy applies.