🔒 Privacy Policy

Account Information

When you sign in with Google, we collect and store:

• Your email address and name
• Your Google account ID
• Google OAuth tokens (for API access)
• Your Google Sheets spreadsheet ID
• Account creation and last login timestamps

Custom Preferences

We store your learned categorization keywords to improve your experience.

Feedback & Support Messages

When you submit feedback, we store your name, email, and message to respond to your inquiries.

Usage Information

Basic usage logs for debugging and security (page visits, error reports, upload status).

We use the information we collect to:

• Authenticate your account and maintain your session
• Create and update your budget spreadsheet in Google Sheets
• Improve transaction categorization based on your corrections
• Send responses to feedback and support requests
• Debug errors and improve the application

We will NEVER:

• Sell your data to third parties
• Share your financial information with anyone
• Send marketing emails without your consent
• Use your data for advertising purposes

Google Sheets API

Used to create and update your budget spreadsheet. We only access spreadsheets that OUR APP creates.

Google Account Information

Used to identify you when you sign in and display your name in the app.

Gmail API (Optional)

If you enable Email Auto-Import, used to monitor for bank emails. This runs entirely in YOUR Google account via Apps Script.

If you enable Email Auto-Import:

• The script runs entirely in YOUR Google account (not on our servers)
• Only reads emails from your bank (Scotiabank or CIBC)
• Transaction data goes directly from Gmail to YOUR spreadsheet
• We never see, store, or access your emails
• You can disable it anytime by removing the trigger in Apps Script

Transaction data is temporarily stored during review to allow you to:

• Upload multiple statements and review them together
• Switch between uploads while maintaining changes
• Auto-save category adjustments as you work

How Long Is Data Stored?

Maximum 30 minutes. Automatically deleted when:

• ✅ You export (immediate deletion after export)
• ✅ You click "Clear All" (immediate deletion)
• ✅ 30 minutes of inactivity pass (automatic expiration)

This data is NEVER used for marketing, analytics, or advertising. It's completely unrecoverable after deletion.

• Encrypted connections: All data uses HTTPS encryption
• Secure token storage: OAuth tokens encrypted in database
• Session management: Sessions expire after inactivity
• No passwords: We use Google OAuth exclusively
• Rate limiting: Protection against abuse

• Account info: Stored while account is active
• Learned keywords: Stored while account is active
• Feedback messages: Retained for 2 years or until resolved
• Activity logs: 90 days for debugging
• Transaction data: 30 minutes max during review
• Bank PDFs: Never stored (processed in memory only)

Account Deletion

Go to Settings → "Delete My Account" to permanently delete all your data. Your budget spreadsheet remains in your Google Drive (we cannot delete it).

We use:

• Render.com (hosting and database)
• Google OAuth (sign-in)
• Google Sheets API (spreadsheet management)
• Gmail API (optional email monitoring)

We do NOT use:

• Analytics services (no Google Analytics)
• Advertising networks
• Marketing automation tools
• Social media tracking

You have the right to:

• Access your data: Request a copy of your account information
• Correct your data: Update your preferences in Settings
• Delete your data: Request account deletion at any time
• Revoke access: Remove our app via Google Account settings
• Export your data: Download via Excel or access your Google Sheets directly

To exercise these rights, use our Feedback form.

If we make significant changes:

• We will update the "Last Updated" date
• We will notify you via email for material changes
• Continued use means you accept the updated policy