Back to Home

LEGAL

Privacy Policy

Effective date: March 28, 2026

Introduction

CashPilot is a personal finance application. We take your privacy seriously. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over your data. By using CashPilot you agree to the practices described in this policy. If you do not agree please do not use the app.

1. What Data We Collect

We collect the following categories of personal data when you use CashPilot.

Account information: your email address and the display name you provide when creating your account. This data is used to authenticate you and identify your account.

Financial data you enter: all transaction records you log including descriptions, amounts, dates, and categories. Monthly income and budget amounts you set. Savings goals including names, target amounts, and progress. Recurring transactions you define. Debts you track including balances, interest rates, and minimum payments. Roommate and split transaction information you add.

Usage data: the date and time you open the app, your in-app activity such as the features you use, and token usage counts for AI features.

Device information: basic device and session information collected automatically by our authentication provider Supabase for security and authentication purposes.

All financial data you enter is encrypted on your device using AES-256 client-side encryption before it is stored in our database. This means we cannot read, view, or access your financial data. The only information we can see in plaintext is your email address and display name.

2. How We Collect Data

We collect data in two ways. First, data you provide directly by typing it into the app such as transactions, goals, and financial figures. Second, data collected automatically through our authentication provider Supabase when you create an account or sign in.

3. How We Use Your Data

We use your data for the following purposes. To operate your account and allow you to sign in securely. To display your financial information back to you within the app. To power AI-driven features including financial health analysis, spending insights, savings coaching, debt advice, and the AI chat assistant as described in detail in Section 5. To send you password reset emails when you request them. To enforce our Terms of Service including account suspension when necessary.

4. Data Storage and Security

Your financial data is encrypted on your device using AES-256 client-side encryption before it leaves your phone. It is then stored in our database provided by Supabase, a third-party database and authentication platform. Because encryption happens on your device with a key derived from your account, neither CashPilot nor Supabase can read your financial data. Even if our database were compromised, your transaction details, budgets, goals, debts, and all other financial records would be unreadable. The only data we can see in plaintext is your email address and display name, which are required for authentication. Supabase stores data on servers protected by industry-standard encryption in transit. We use Row Level Security policies to ensure that each user can only access their own data. We retain your data for as long as your account remains active. If you delete your account all your personal data is permanently deleted from our database within 7 days of your confirmed deletion request.

5. Sharing Your Data with Third-Party AI — Anthropic Claude

CashPilot uses Claude, an artificial intelligence service provided by Anthropic, PBC, to power several features in the app. These features include the AI financial advisor chat, financial health score analysis, spending pattern insights, savings goal coaching, debt payoff strategy advice, transaction auto-categorization, natural language transaction entry, and receipt scanning.

To provide these features, CashPilot sends a summary of your financial data to the Anthropic Claude API each time you use an AI-powered feature. This summary includes your name, your monthly income and budget figures, your total expense and income amounts for the current month, your spending broken down by category, your savings goals and their progress, your debts and their balances, your recurring transactions, and your most recent transactions.

This data is transmitted to Anthropic's servers in the United States for processing. For full details on how Anthropic handles, stores, and protects data transmitted to its API, please review Anthropic's Privacy Policy directly at anthropic.com/privacy.

Before any personal data is transmitted to Anthropic for the first time, the app will present you with a clear and specific consent prompt identifying Anthropic as the recipient. You must explicitly confirm this consent before any AI feature can send your data. This consent prompt is separate from the general Terms of Service acceptance and cannot be bypassed.

You can withdraw your consent for AI data sharing at any time by disabling AI features in the Settings page of the app. When AI features are disabled, no data is transmitted to Anthropic. Disabling AI features does not affect any other functionality of the app.

6. Data Sharing

We do not sell your personal data. We do not share your personal data with advertisers. Because your financial data is encrypted on your device before storage, we do not have access to it and cannot share it. We share your data only with the following third parties for the specific purposes described. Supabase for authentication and secure database storage as described in Section 4. Anthropic for AI feature processing as described in Section 5. We may also share your data if required by applicable law or valid legal process.

7. Your Rights

You have the right to access your data by viewing it within the app at any time. You have the right to export your data using the export features in the Settings page. You have the right to delete your account and all associated data using the account deletion option in Settings. Your data will be permanently deleted within 7 days of your confirmed deletion request. You have the right to withdraw consent for AI data sharing at any time by disabling AI features in Settings as described in Section 5. No AI request is made unless you actively trigger an AI feature and have granted consent. If you are located in the European Union you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority. If you are located in Canada you have rights under PIPEDA.

8. Data Retention

We retain your account and financial data for as long as your account is active. If you request account deletion we permanently delete all your personal data within 7 days of your confirmed deletion request. Data transmitted to Anthropic for AI feature processing is subject to Anthropic's own retention policies, which you can review at anthropic.com/privacy.

9. Withdrawing Consent

You may withdraw your consent for the collection and transmission of your financial data to Anthropic's AI service at any time. To do this, go to the Settings page in the app and disable AI features. Once disabled, no further data will be transmitted to Anthropic. Previously transmitted data is subject to Anthropic's retention policies available at anthropic.com/privacy. Withdrawing consent for AI features does not affect your ability to use any other part of the app.

10. Children

CashPilot is not intended for users under the age of 17. We do not knowingly collect data from children under 17. If you believe a child has provided us with personal data please contact us at support@cashpilot.cash and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app. Continued use of the app after changes are posted constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or your data please contact us at:
support@cashpilot.cash