Bank Transactions Analyzer
Sign In

Privacy Policy

Last Updated: January 30, 2025

Bank Transactions Analyzer ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and services.

1. Information We Collect

Personal Information

When you create an account, we collect:

  • Email address - Used for account creation and essential communications
  • Password - Stored in hashed form for authentication

Financial Data

When you upload bank transaction files, we process and store the following:

  • Transaction descriptions and merchant names
  • Transaction amounts and dates
  • Categories you assign or that we suggest
  • Your categorization corrections (used to improve future suggestions)

Usage Data

We automatically collect:

  • Pages visited and features used
  • Device information and browser type
  • IP addresses and approximate geographic location
  • Performance metrics and error logs

Cookies and Local Storage

We use the following cookies and browser storage:

  • Authentication cookies - Essential for maintaining your login session
  • Onboarding cookies - Track your progress through initial setup
  • Theme preference - Stored locally to remember your light/dark mode preference

2. How We Use Your Information

We use the information we collect to:

  • Provide AI-powered transaction categorization using Anthropic Claude
  • Improve categorization accuracy by learning from your corrections
  • Send essential service communications (e.g., security alerts, account updates)
  • Maintain security and prevent fraud
  • Analyze usage patterns to improve our service
  • Respond to your requests and support inquiries

3. Third-Party Services and Data Sharing

We share your information with the following third-party service providers:

Anthropic (Claude AI)

  • Purpose: AI-powered transaction categorization
  • Data shared: Transaction descriptions (text only, no amounts or personal identifiers)
  • Retention: Processed in real-time; not stored by Anthropic

Supabase

  • Purpose: Database, authentication, and file storage
  • Data shared: All application data
  • Location: United States

Vercel

  • Purpose: Application hosting and analytics
  • Data shared: Access logs and anonymized analytics data

We do not sell your personal information to third parties. We only share data with service providers necessary to operate our service.

4. Data Retention

  • Account data: Retained while your account is active
  • Transaction data: Our policy is to retain transaction data for up to 7 years to support tax compliance purposes. Automated deletion after this period is not yet implemented, but you may request deletion at any time.
  • Uploaded CSV files: Retained until you delete them
  • Analytics data: Anonymized and aggregated

You may request deletion of your data at any time by contacting us at nick@simplyautomated.io.

5. Your Rights

For All Users

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format

For EU/EEA Users (GDPR)

In addition to the above, you also have the right to:

  • Restrict processing of your data
  • Object to processing based on legitimate interests
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

For California Residents (CCPA/CPRA)

You have the right to:

  • Know what personal information is collected about you
  • Know whether your personal information is sold or disclosed
  • Opt-out of the sale of personal information (we do not sell data)
  • Access your personal information
  • Request deletion of your personal information
  • Non-discrimination for exercising your privacy rights

6. How to Exercise Your Rights

To exercise any of your privacy rights, you may:

We will respond to your request within 30 days. We may request additional information to verify your identity before processing your request.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit: All data is transmitted using TLS 1.3
  • Encryption at rest: Data is encrypted using AES-256
  • Row-level security: Database access is restricted to your own data only
  • Secure authentication: Passwords are hashed using industry-standard algorithms

8. International Data Transfers

Your data is processed primarily in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

For transfers from the EU/EEA, we rely on Standard Contractual Clauses approved by the European Commission to provide adequate protection for your data.

9. Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Sending an email to your registered email address
  • Displaying a prominent notice on our website
  • Updating the "Last Updated" date at the top of this policy

Your continued use of our service after any changes indicates your acceptance of the updated Privacy Policy.

11. Cookie Policy

For detailed information about our use of cookies, please see our:

  • Essential cookies: Required for authentication and core functionality. Cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website. Provided by Vercel Analytics and anonymized.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: nick@simplyautomated.io

This Privacy Policy is effective as of January 30, 2025 and will remain in effect until modified or terminated by us.