expensr.app
loginpricing
legal

Privacy Policy

updated May 4, 2026

What we collect

We collect the minimum needed to make Expensr work. That is:

  • The output of the AI analysis (the report itself: monthly spend estimates, identified leaks, savings projections, and the JSON the model returned).
  • A SHA-256 hash of your statement text, used only to detect re-runs of the same input so we do not charge a free credit twice.
  • Token usage counts and the model name, used for cost accounting.
  • For paid accounts, your email address, your Stripe customer ID, and your purchases.

What we never store

Your bank or credit card statement. The PDF or CSV you upload is parsed in your browser. Only the extracted plain text is sent to our server, and that text is held in memory just long enough to call the AI. It is never written to disk and never written to our database.

Cookies

We set two cookies, both signed and HTTP only:

  • eid: a random anonymous identifier, used to track how many free analyses your device has used. Lasts one year.
  • cid: set after a successful purchase or after you sign in with a magic link. Identifies your paid account on this device. Lasts one year.

We do not use any third party tracking cookies.

Analytics

We use Ninelytics (ninelytics.com) to count page views and basic site usage. Ninelytics does not use cookies and does not collect personal data.

Email

If you buy a plan, your email is stored so we can send receipts, renewal notices, and sign-in links if you ask for them. Magic link emails are sent through T9th Mail (mailfor.dev). We do not share your email with anyone else and we do not send marketing.

Payments

Payments are processed by Stripe. We never see or store your card details. Stripe sends us webhook events that confirm a payment happened, the amount, and the email tied to the customer.

The AI provider

Your statement text is sent to OpenAI for analysis only. We use the OpenAI API, which by default does not train on inputs sent through the API. OpenAI may retain inputs for up to 30 days for abuse monitoring. We do not log, store, or share your statement text on our side.

Data retention

  • Anonymous reports: kept indefinitely tied to your random anonymous ID, with no email or other identifier.
  • Paid reports: kept until you ask us to delete them or close your account.
  • Statement text: never stored, so nothing to retain.

Your rights

Email [email protected] at any time to:

  • Get a copy of all data tied to your account.
  • Delete all of your reports.
  • Close your account and delete all related records.

We will action requests within 7 days.

Security

Cookies are HTTP only, signed, and marked Secure in production. The admin token used by the project owner to grant access is rotated after every use. Our database lives on a private network and is not publicly reachable.

Changes

If we change this policy, we will update the date at the top and, for paid accounts, send a heads up email before the change takes effect.

Contact

Questions about privacy: [email protected].