Last updated: 2026-05-08
When you create an account we store your name, email address, hashed password, and the household and roles you belong to.
When you record financial activity we store the data you enter (accounts, transactions, budgets, attachments, etc.). We do not connect to any external bank or aggregator on your behalf.
We log technical request metadata (IP address, user agent, page paths) to operate the service, detect abuse, and surface activity in your audit log.
Your financial data is shown back to you and to anyone you invite to the same household. It is never shared with advertisers or sold to third parties.
Aggregate, non-identifying metrics may be used to improve the product (for example, "average number of transactions per user").
Data is stored on servers operated by us or our hosting providers. Backups are encrypted at rest.
Attachments (receipts, statements) live on object storage. We do not run optical character recognition or any other automated content extraction on them.
You can delete any record from inside the app at any time. Soft-deleted records are recoverable from the archived view; hard-deletion is permanent.
Audit log entries are retained for two years and then pruned automatically.
When you delete your account, your personal data is removed within 30 days. Backups expire on a rolling 30-day window.
Export — every page and the dedicated Export Data settings give you portable copies of your data.
Correction — you can edit any record you own, and request corrections to records we hold about you.
Deletion — you can delete your account at any time from Profile settings.
For anything else, email the address listed in the app footer.
We use first-party cookies for session management and CSRF protection only. We do not use analytics, advertising, or tracking cookies.
This is a starter draft, not legal advice. Replace before onboarding real users in regulated jurisdictions.