Telemetry Transparency

We believe in full transparency. Here's exactly what we collect, how, and why.

Our Principles

  • Private by design — Telemetry uses a device ID stored only on your device, never linked to your identity. Disable telemetry and it's instantly deleted.
  • Bucketed, not exact — We see "1-1000 transactions", not "847 transactions".
  • Separated streams — License verification and telemetry use completely different identifiers.
  • One toggle off — Disable in Settings > Privacy, and zero telemetry data is sent.

What We Collect

One app_heartbeat event per day with 25 privacy-respecting attributes:

Device & Platform (8)

Environment, platform (desktop/pwa), OS, OS version (major only), app version, tier, locale (2-char), theme.

Usage Volume (6)

Accounts, transactions, merchants, categories, subcategories, rules — bucketed into ranges on-device, never exact counts.

Feature Adoption (10)

Boolean flags and string enums indicating engagement depth: bank sync (true/false), cloud sync provider (none/Google Drive), budget depth (none/category/subcategory/merchant), splits, receipts, tags, checks, exclusions (true/false each), recurring detection (none/suggested/manual), import method (none/CSV only/sync only/both).

Retention (1)

Install age tier — days since first launch, bucketed into ranges (0–7d, 8–30d, 1–3mo, 3–6mo, 6–12mo, 1–2yr, 2–3yr, 3yr+). Exact day count never leaves the device.

What We Do NOT Collect

  • Transactions, amounts, dates, or descriptions
  • Category or merchant names
  • Account names, numbers, or balances
  • Bank credentials or SimpleFIN tokens
  • IP addresses or geographic location
  • Browser fingerprints, cookies, or hardware identifiers
  • Session recordings, click tracking, or cookies

How to Opt Out

Open the app > Settings > Privacy > Toggle "Usage Telemetry" off. That's it. Your device ID is immediately deleted and zero data will be sent.