Privacy Policy

This Privacy Policy describes how TrackGeld ("we", "us", or "our") collects, uses, stores, shares, and protects your personal and financial data when you access or use our website, web application, and related services (collectively, the "Services"). By using TrackGeld, you agree to the practices described below.

1. Who We Are

TrackGeld is a personal finance management platform. We provide tools to track transactions, manage budgets and savings goals, monitor assets, and receive AI-powered financial insights. Optional integrations include a Telegram coaching bot and, in future, automated bank connections via a regulated open-banking provider.

For privacy inquiries, contact us at customersupport@trackgeld.com.

2. Data We Collect

2.1 Account & Identity Data

• Email address — used for authentication, account recovery, and important service communications.
• Hashed password — stored via Supabase Auth; we never store or transmit your plain-text password.
• Display name and profile preferences — optional fields you choose to fill in.

2.2 Financial Data You Provide

• Transaction records: amount, date, merchant, category, and notes.
• Budget plans: category limits, period, and progress.
• Savings goals: target amount, current savings, and deadline.
• Asset valuations: asset name, type, estimated value, and purchase cost.

This data is stored in your private account and is not visible to other users. It is used solely to render dashboards, calculate reports, and power personalised features.

2.3 Bank Connection Data (Future Feature)

When the bank-linking feature launches, it will be powered by a regulated open-banking provider (e.g. Plaid). In that case:

• You will authorise the connection directly through the provider's secure interface. TrackGeld never sees or stores your banking credentials (username, password, or PIN).
• We will receive read-only data: transaction history, account balances, and institution name.
• The provider's own privacy policy governs credential handling. A link to that policy will be shown at connection time.

2.4 AI Processing Data

TrackGeld uses AI models (currently Groq and/or xAI Grok) to categorise transactions, detect spending patterns, and generate financial insights. Data sent to AI services is limited to:

• Transaction descriptions, amounts, dates, and categories.
• Aggregated budget and goal summaries.

We never send your name, email address, banking credentials, or account numbers to AI providers. Responses from AI models are processed server-side and stored only in your account.

2.5 Telegram Integration Data

If you link the TrackGeld Telegram bot, we store your Telegram user ID to route notifications and coaching messages to you. We do not store Telegram messages beyond what is necessary to deliver the integration.

2.6 Technical & Usage Data

• IP address, browser type, and operating system.
• Pages visited, features used, and click events (for debugging and product improvement).
• Session tokens stored in secure HTTP-only cookies or Supabase-managed local storage for authentication.
• Server-side error logs and performance metrics.

3. How We Process Your Data

All data processing follows a strict purpose-limitation principle — we process only what is necessary for the function in question.

3.1 Authentication

Your email and hashed password are processed by Supabase Auth. On login, Supabase issues a signed JWT that is stored client-side and verified server-side on every request. Session tokens expire automatically and are rotated on refresh.

3.2 Financial Dashboard & Reports

Transaction and budget data you submit is stored in a dedicated PostgreSQL database (Supabase) protected by row-level security (RLS) policies. Every database query is scoped to your user ID — no query can return another user's data. Aggregations for charts and reports are computed server-side using Next.js Server Components or API routes and sent to your browser over TLS.

3.3 AI Categorisation & Insights

When you add transactions or request insights, anonymised transaction data is sent to an AI provider via a server-side API call (never from your browser directly). The AI model returns category suggestions or spending summaries. These results are stored in your account and never shared with other users. AI providers are bound by data processing agreements that prohibit them from training on your data without separate opt-in consent.

3.4 Iron Mode & Behavioural Coaching

Iron Mode is an optional discipline feature. When active, the system monitors whether new transactions exceed your set budget limits and triggers alerts. This processing happens server-side using your own stored budget rules. No additional personal data is collected; the feature uses data you have already provided.

3.5 Telegram Bot

The Telegram bot receives webhooks from the Telegram Bot API. When you send a message to the bot, it is processed by our server to generate a response using your account's financial data, and the reply is sent back via the Telegram API. Conversation logs are stored only for the duration required to maintain context for multi-turn responses and are not used for training or profiling.

4. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal bases for processing are:

• Contract performance — processing necessary to provide the Services you signed up for (authentication, dashboard, reports, AI categorisation).
• Legitimate interests — security monitoring, fraud prevention, debugging, and product improvement, where these interests are not overridden by your rights.
• Consent — for optional features such as the Telegram integration and, where applicable, non-essential cookies or analytics. You may withdraw consent at any time.
• Legal obligation — where we are required to retain or disclose data by applicable law.

5. Data Sharing & Subprocessors

We do not sell, rent, or trade your personal or financial data. We share data only with trusted service providers strictly necessary to operate TrackGeld:

Each subprocessor is bound by a Data Processing Agreement (DPA) or equivalent contractual terms requiring them to protect your data and process it only for the stated purpose.

6. International Transfers

Some of our subprocessors are based in the United States. Where data is transferred from the EEA or UK to the USA, we rely on:

• Standard Contractual Clauses (SCCs) — the EU Commission's approved transfer mechanism.
• EU–US Data Privacy Framework — where the recipient is certified.

7. Security & User Safety

We implement layered security measures to protect your data:

• Encryption in transit: All communications between your browser, our servers, and subprocessors use TLS 1.2+ (HTTPS). Plain HTTP is rejected.
• Encryption at rest: Data stored in Supabase is encrypted at rest using AES-256 by default.
• Row-Level Security (RLS): Supabase RLS policies enforce that every database query is automatically filtered to your user ID. Even a compromised API route cannot return another user's records.
• Authentication tokens: Session JWTs are short-lived, signed with a secret key, and refreshed securely. Logout invalidates all active sessions.
• No credential storage: We never store banking passwords or PINs. Bank connections use tokenised OAuth flows managed entirely by the open-banking provider.
• AI data minimisation: Only anonymised transaction fields are sent to AI providers; PII such as your email or full name is never included.
• Dependency management: We maintain automated vulnerability scanning and apply security patches promptly.
• Access controls: Internal access to production data is restricted by role and logged for audit.

Despite these measures, no system is completely immune to breaches. In the event of a data breach affecting your rights and freedoms, we will notify you and relevant supervisory authorities within the timeframes required by applicable law.

8. Data Retention

• Active accounts: Financial and account data is retained for as long as your account is open.
• Account deletion: When you delete your account, personal and financial data is permanently deleted within 30 days. Anonymised aggregate statistics (no user linkage) may be retained for service analytics.
• Legal holds: We may retain certain data longer where required by law (e.g. tax records, regulatory obligations).
• Backups: Encrypted database backups are retained for up to 30 days before rotation, after which deleted data is no longer recoverable.

9. Your Rights

Depending on your location, you have the following rights. To exercise any of them, email customersupport@trackgeld.com. We respond within 30 days.

• Access (Art. 15 GDPR): Receive a copy of the personal data we hold about you.
• Rectification (Art. 16): Correct inaccurate or incomplete data.
• Erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• Restriction (Art. 18): Ask us to temporarily halt processing of your data in certain circumstances.
• Portability (Art. 20): Receive your financial data in a machine-readable format (JSON or CSV).
• Objection (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Disconnect Telegram or bank connections at any time from your dashboard settings.
• Lodge a complaint: You have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK or a national DPA in the EU).

10. Children's Privacy

The Services are not directed at or intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a minor has created an account, please contact us and we will delete the account and associated data promptly.

11. Changes to This Policy

We may update this Privacy Policy when our practices change or when required by law. We will post the revised version with an updated "Last updated" date at the top of this page. For material changes, we will notify you by email or via an in-app banner at least 7 days before the change takes effect.

12. Contact

For questions, data access requests, or complaints about this Privacy Policy:

• Email: customersupport@trackgeld.com
• Response time: We aim to respond within 5 business days and will complete all data requests within 30 days.