Privacy Policy

1. Data Controller

The data controller responsible for your personal information is:

2. Information We Collect

We collect and process the following types of personal information:

• Account Information: Email address, name, and password (encrypted)
• Transaction Data: Extracted transactions from your bank statements, including dates, descriptions, amounts, and categories
• Payment Information: Payment details processed through Stripe (we do not store full credit card numbers)
• Usage Data: Information about how you use our service, including pages visited and features used
• Technical Data: IP address, browser type, device information, and cookies

3. How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our service
• To process your bank statements and extract transaction data
• To manage your account and subscriptions
• To process payments through Stripe
• To send you service-related notifications and updates
• To improve our service and develop new features
• To comply with legal obligations

4. Data Security

We take data security seriously and implement industry-standard measures:

• Encryption: All data is encrypted in transit (SSL/TLS) and at rest
• Temporary Storage: Bank statement PDFs are processed in memory and deleted immediately after processing
• Access Controls: Strict access controls and Row-Level Security (RLS) policies
• Secure Infrastructure: Hosted on Vercel and Supabase with enterprise-grade security
• Payment Security: Payment information is handled by Stripe, a PCI-DSS compliant payment processor

5. Data Sharing

We do not sell your personal information. We may share your data with:

• Service Providers: Supabase (database), Vercel (hosting), Stripe (payments), Google Gemini (AI processing)
• Legal Requirements: When required by law or to protect our rights

6. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Restrict processing of your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at: +34 941 380 537

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Until you delete your account or request deletion
• Transaction Data: Until you delete your account or request deletion
• Bank Statement PDFs: Deleted immediately after processing (not stored)
• Payment Records: Retained for 7 years for tax and accounting purposes

8. Cookies

We use essential cookies to provide our service. For more information, please see our Cookie Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us: