Privacy Policy

Account Information: Your email address and optional name for account management and communication.

Transaction Data: When you upload CSV files, we store transaction data (date, merchant, amount) to generate reports. This data is encrypted at rest.

Usage Data: Basic analytics about how you use the app (pages visited, features used) to improve our service.

Chat History: Conversations with our AI assistant are stored encrypted to maintain context across sessions.

Encryption at Rest: All uploaded files and sensitive database fields are encrypted using AES-256-GCM with per-file encryption keys.

AI Data Minimization: We never send your raw transaction descriptions or merchant names to AI systems. Our AI only receives aggregated statistics (category totals, spending trends) and anonymized merchant identifiers.

Secure Infrastructure: We use industry-standard security practices including HTTPS, secure session management, and database-level access controls.

Access: You can view all your stored data through your dashboard at any time.

Export: You can export all your data in JSON or CSV format from the Settings page.

Delete: You can permanently delete all your data with one click. This is irreversible and removes everything including files, reports, chat history, and your profile.

We use the following third-party services, each with their own privacy policies:

• Supabase: Database and authentication infrastructure
• OpenAI: AI insights (receives only aggregated, anonymized data)
• Stripe: Payment processing (for Pro subscriptions)
• Vercel: Application hosting and analytics