Privacy Policy
Short version: We collect what's needed to run the Service, store it encrypted, never sell it, and let you delete everything anytime. We use a small number of trusted vendors (database, email, payments) listed below.
1. What we collect
- Account data: email address, hashed password, account-creation timestamp.
- Financial data you enter: paychecks, bills, debts, savings goals, tax inputs. Stored only when you save.
- Operational metadata: IP address, browser user-agent, login timestamps. Used for security (rate limiting, detecting compromised accounts) and kept up to 90 days in audit logs.
- Payment data: handled by Stripe. We store only the Stripe customer ID and subscription status. We never see your card number.
We do not use third-party analytics, advertising trackers, or session recording.
2. How we use it
- To provide the Service (compute forecasts, sync your data across devices).
- To send transactional emails (verification, password reset, billing receipts).
- To respond to your support requests.
- To detect and prevent fraud, abuse, or unauthorized access.
- To comply with legal obligations.
We never sell your data. We never use your financial data to train models. We never share with advertisers.
3. Where it's stored
Data is stored in encrypted form on Turso (libSQL), hosted in the United States. Application code runs on Vercel, also in the US. All connections use TLS 1.2 or higher.
4. Sub-processors
We rely on these third parties to operate the Service:
- Vercel — application hosting (US).
- Turso — database (US).
- Resend — transactional email delivery (US/EU).
- Stripe — payment processing (US/EU). PCI-compliant. We never see your card number.
Each is contractually bound to handle your data according to standards equivalent to or stricter than this policy.
5. Cookies
We use a single first-party cookie (tax_session) to keep you signed in. It is HttpOnly, SameSite=Lax, and (in production) Secure. We do not use third-party cookies, advertising cookies, or analytics cookies.
6. Your rights
- Access & export: download your full data anytime as JSON from your account settings.
- Correction: edit any data directly in the app.
- Deletion: delete your account from settings. All data is purged within 30 days.
- Portability: your JSON export contains everything we store about you.
- EU/UK residents: you have additional rights under GDPR. Contact hello@example.com to exercise them.
- California residents: CCPA rights apply. We do not sell personal information.
7. Data retention
Active accounts: data is kept as long as your account is active. Closed accounts: data is purged within 30 days of account deletion. Audit logs (login history) are kept 90 days. Payment records are kept 7 years for tax/accounting compliance.
8. Security
Passwords are hashed with scrypt (memory-hard, brute-force resistant). Sessions use signed JWTs. All API endpoints require authentication. We rate-limit login attempts. We force re-authentication after password changes. We do not have a "forgot password recovery via security questions" flow because those are easily socially engineered — only email-based reset is supported.
9. Breach notification
In the event of a data breach affecting your information, we will notify you by email within 72 hours of discovery and detail what occurred, what data was affected, and what steps you should take.
10. Children's privacy
The Service is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from minors. If you believe a child has registered, contact us and we will delete the account.
11. Changes to this policy
Material changes will be communicated by email or in-app notice at least 14 days before taking effect. We'll keep prior versions available on request.
12. Contact
Privacy questions, data requests, or concerns: hello@example.com.