Legal

Privacy Policy

Last updated: May 19, 2026

1. Information We Collect

Three buckets, in plain English:

  • Account info— your email, name, and sign-in provider, managed by Clerk. We never see or store your password.
  • The data you put into ExpensePulse— transactions, accounts, budgets, goals, debts, shared bills, and any receipts you upload.
  • Technical data— IP address, browser, device type, pages visited, and error reports. We use this to keep the app running and to spot bugs.

We also collect a limited amount of session-replay data for around 10% of sessions through Sentry, so we can reproduce bugs you might run into. Sensitive form fields are masked.

If you subscribe to a paid plan, Stripe collects your billing details directly. We only see the subscription status and a few non-sensitive identifiers — never your card number.

2. How We Use Your Information

  • To run the app: store your data, sync between your devices, and show you your own numbers.
  • To answer questions in the AI assistant. When you ask the AI something, the relevant rows from your data are sent to OpenAI to generate a response. They are not used to train models.
  • To send you transactional emails — sign-in confirmations, payment receipts, the occasional important update.
  • To process subscription payments via Stripe.
  • To diagnose bugs and improve performance using error and analytics tools.

We don't sell your data, and we don't use the contents of your accounts or transactions to target ads.

3. Data Security

We take a layered approach to protecting your data:

  • All traffic served over HTTPS (TLS)
  • Data encrypted at rest in our database
  • Authentication handled by Clerk; we never store your password
  • Payments handled by Stripe; we never see or store card numbers

4. Who We Share Data With

We don't sell your data. We do use a small number of trusted providers to actually run the service. Each one only sees what it needs:

  • Clerk— authentication and user accounts.
  • Stripe— subscription payments. They handle card data; we don't.
  • OpenAI— processes AI-assistant queries. Only the rows from your data relevant to your question are sent, and only when you trigger an AI feature.
  • Amazon Web Services (S3)— stores receipts you upload.
  • Sentry— error monitoring and limited session replay.
  • MailerSend— delivers transactional email.
  • Vercel— hosts the app and provides performance metrics.
  • Google Analytics— aggregated traffic analytics.

We'll also share information when we're legally required to (court order, subpoena) and we'll tell you when we're allowed to.

5. Your Rights

You can:

  • See and edit your account info and the data you've added at any time, inside the app.
  • Export all your data in CSV or PDF from the dashboard.
  • Delete your account, which removes your data from our active systems.
  • Ask us to clarify, correct, or delete anything else by emailing support@expensepulse.com.

If you're in the EU, UK, California, or another region with specific privacy rights (GDPR, UK GDPR, CCPA), those rights apply to you and we'll respect them.

6. Cookies and Similar Tech

We use cookies and similar storage for two categories of things:

Essential (always on)

  • Keeping you signed in (Clerk session).
  • Remembering preferences like your theme and currency.
  • Capturing crash reports so we can fix bugs (Sentry error tracking, without session replay).

Analytics (only with your consent)

  • Aggregate traffic analytics (Google Analytics, Vercel Speed Insights).
  • Session replay for debugging real-world issues (Sentry).

The cookie banner shown on your first visit lets you accept all or stick to essential only. You can clear cookies in your browser at any time to reset that choice; blocking the auth cookies will sign you out.

7. Data Retention

We keep your data only as long as you have an active account, plus a short grace period in case of accidental deletion:

  • Account and financial data— removed from our active systems within 30 days of account deletion.
  • Uploaded receipts (S3)— removed within 30 days of account deletion.
  • Error logs and session replays— automatically expire after 90 days.
  • Billing records— retained for as long as we're required to under applicable tax and accounting law (typically up to 7 years), even after account deletion.

Backups roll off on their normal schedule, which can extend deletion by a few additional weeks. We don't restore deleted accounts from backups except to recover from a system failure.

8. Changes to This Policy

If we change anything material here, we'll update the “Last updated” date at the top and, where it's a meaningful change to how we handle your data, give you a heads-up in-app or by email.

9. Contact Us

If you have questions about this Privacy Policy, email us at support@expensepulse.com.