Privacy Policy

ExpenseFlow AI ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect when you use our AI-powered personal finance tracking service (the "Service"), including the web application and the connected Telegram bot, how we use that data, and the choices available to you. By using the Service, you agree to the collection and use of information as described here.

We collect only what is necessary to provide the Service:

• Account information — your email address, display name, hashed password, and (if you use the Telegram bot) your Telegram user ID.
• Financial data — transaction records you create, including amounts, currencies, categories, dates, merchants, and free-text descriptions. This includes transactions logged via the web app and via the Telegram bot.
• Preferences — your chosen base currency, preferred display currency, budget limits per category, and UI settings such as theme and sidebar state.
• Email verification records — hashed OTP codes used during account registration and password resets. These expire after 10 minutes and are not stored in plain text.
• Conversation memory — temporary state stored during multi-turn interactions (e.g., pending transaction confirmations waiting for your yes/no). This is cleared once the interaction completes.

We do not collect payment card numbers, bank account details, government IDs, or any other sensitive financial credentials.

Your data is used solely to operate and improve the Service:

• To authenticate you and maintain your session.
• To store, display, and allow you to manage your transaction history.
• To compute spending analytics, category breakdowns, and budget usage.
• To send AI-generated spending summaries via the configured LLM provider.
• To send transactional emails: OTP codes for registration, password reset links, and account notifications. Emails are delivered via Resend.
• To enforce account access controls and rate limits.
• To perform currency conversions using your base and display currency preferences.

We do not sell, rent, trade, or share your personal data with third parties for marketing, profiling, or advertising purposes.

ExpenseFlow AI uses large language models (LLMs) to:

• Extract structured transaction data (amount, category, merchant, date) from free-text messages you send via the web app or Telegram bot.
• Generate narrative spending summaries and AI-powered insights based on your transaction history.

To do this, relevant portions of your financial data are sent to the LLM provider configured for your deployment — which may be Google Gemini, OpenAI, or a self-hosted Ollama instance.

• Only the minimum data needed to generate a response is sent. We do not send your full account history unnecessarily.
• If you are using a cloud-based LLM provider (Gemini, OpenAI), your data may be processed on their servers. We recommend reviewing their respective privacy policies.
• If a self-hosted Ollama instance is configured, your data stays within that private deployment.

Your data is stored in a secured relational database. We implement the following security measures:

• Passwords are hashed using bcrypt and never stored in plain text.
• OTP codes are also bcrypt-hashed before storage and expire after 10 minutes.
• All authenticated API requests require a signed JWT token.
• Every database query includes a user ID check — no user can access or modify another user's records.
• Telegram bot access is restricted to whitelisted Telegram user IDs.

Despite these measures, no electronic storage is 100% secure. We cannot guarantee absolute security of your data and are not liable for breaches beyond our reasonable control.

We retain your data for as long as your account is active. If you delete your account, all associated data — transactions, budgets, preferences, conversation memory, and email verification records — will be permanently deleted within 30 days.

• Access — view all transactions, budgets, and account information stored for you via the app.
• Correction — update your display name, email, password, currency preferences, and transaction records at any time.
• Deletion — permanently delete your account and all associated data from account settings.

To exercise any of these rights, contact us at [email protected].

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has registered an account, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the app. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

If you have any questions or concerns regarding this Privacy Policy, contact us at [email protected].