Privacy Policy

Account information. When you sign up, we collect your name, email address, password hash, time zone, and US state. If you sign in with Google, we receive a verified email address from Google.

Financial information. With your authorization, we connect to your bank and card accounts through Plaid Inc. Plaid provides us with transaction data, account balances, and account metadata. We do not receive your bank login credentials. You may upload CSV/OFX statements directly as an alternative.

Business records. We store the time entries, invoices, customer records, receipts, mileage logs, journal entries, and other data you create or upload while using the Service.

Payment information. When you subscribe, Stripe Inc. collects and processes your payment method on our behalf. We store only a Stripe customer identifier and the last four digits of your card; we do not store your full card number.

Usage information. We collect technical information about how you use the Service, including IP address, browser type, device identifiers, pages viewed, and actions taken. This data is used for security, debugging, and product improvement.

Communications. When you contact us by email or in-app message, we retain those messages for support and quality purposes.

We use the information we collect to:

• Provide, operate, and maintain the Service;
• Categorize transactions, match receipts, generate invoices, and produce reports;
• Estimate quarterly tax reserves and prepare tax exports;
• Run automated workflows (including agent-driven workflows) within the policy and approval settings you configure;
• Process subscriptions, billing, and trial-to-paid conversion;
• Improve the accuracy of our categorization, deduplication, and close workflows;
• Detect, investigate, and prevent fraud and abuse;
• Send transactional emails (invoices, receipts, password resets, accountant invitations) and, with your consent, occasional product updates.

We do not sell your personal information. We share information only with:

• Service providers that help us operate the Service, including Plaid (bank connections), Stripe (payments), OpenAI and Anthropic (AI sub-processors, described in Section 4), our cloud hosting provider, email delivery services, and observability tooling. These providers are contractually limited to using your data on our behalf.
• People you authorize by inviting them to your tenant (for example, an accountant with scoped, revocable, read-only access).
• Legal and safety recipients when required by law, court order, or to protect the rights, property, or safety of TrueBudget, our users, or others.
• Successor entities in the event of a merger, acquisition, or sale of assets, subject to the protections described in this Policy.

The Service uses machine learning and large-language-model (LLM) agents to categorize transactions, match receipts, draft invoices, and run close workflows. Some of this processing happens on our own infrastructure; some is performed by third-party AI sub-processors.

Our current LLM sub-processors are:

• OpenAI, L.L.C. (OpenAI API) — used for categorization assistance, agent reasoning, and natural-language responses.
• Anthropic, PBC (Claude API) — used for agent reasoning and natural-language responses.

When we call these providers, we send the minimum context required to produce the requested output. This may include transaction descriptions, merchant names, category labels, and similar business metadata. We do not transmit your bank login credentials or your full account numbers to any AI provider.

We use the API tiers of OpenAI and Anthropic, whose terms contractually prohibit training their foundation models on your inputs or outputs and apply short retention windows for abuse monitoring (typically up to 30 days, after which the data is deleted). We do not enable any opt-in data-sharing programs.

We may use aggregated and de-identified usage data to improve our own categorization rules and model behavior. We may add or change AI sub-processors from time to time and will update this section when we do.

We use cookies and similar technologies for authentication, session management, and basic analytics. We do not use advertising cookies or share data with ad networks. You can control cookies through your browser settings; disabling cookies will prevent sign-in.

We use industry-standard safeguards to protect your information, including encryption in transit (TLS), encryption at rest, scoped access controls, audit logging, and regular security reviews. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

We retain data only as long as we need it to provide the Service, comply with legal obligations, and resolve disputes. Specifically:

• Active accounts. While your account is active, your data is retained for as long as you use the Service.
• After account closure (non-tax records). Account profile, authentication data, usage logs, and other non-tax-relevant data are permanently deleted within sixty (60) days of account closure, except where we are required to retain them longer for legal, audit, or fraud-prevention reasons.
• Tax-relevant records. Financial records that may be relevant to tax filings (transactions, invoices, receipts, mileage logs, reports, journal entries) are retained for seven (7) years after account closure to support audit and recordkeeping requirements. After that period they are permanently deleted.
• Backups. Encrypted backups may contain copies of data for up to ninety (90) days after deletion from the production system, after which they are overwritten.
• AI sub-processor data. Data sent to OpenAI or Anthropic is retained by those providers only for the short abuse-monitoring window described in Section 4 (typically up to 30 days), after which they delete it.

You can request earlier deletion of non-tax-relevant data at any time by contacting us. We will honor the request within thirty (30) days, subject to the legal exceptions noted above.

You can:

• Access and export your data at any time from within the Service;
• Correct inaccurate account information;
• Request deletion of your account and non-tax-relevant data;
• Disconnect bank or payment connections at any time;
• Object to certain processing or withdraw consent for optional features.

California, Colorado, Connecticut, Virginia, and other state residents may have additional rights under applicable privacy laws. To exercise any of these rights, contact support@truebudget.ninja.

The Service is not intended for users under 18 and we do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

The Service is operated from the United States and is intended for US-based businesses. If you access the Service from outside the US, you understand and consent to your information being processed in the United States.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a notice in the Service. The “Last updated” date at the top of this page indicates when the policy was last revised.

Privacy questions or requests can be sent to support@truebudget.ninja.