Telemetry Transparency

We believe in full transparency. Here's exactly what we collect, how, and why.

Our Principles

  • Anonymous by design — Every telemetry event uses a fresh random UUID. No persistent identifiers.
  • Bucketed, not exact — We see "1-1000 transactions", not "847 transactions".
  • Separated streams — License verification and telemetry use completely different identifiers.
  • One toggle off — Disable in Settings > Privacy, and zero telemetry data is sent.

What We Collect

One app_heartbeat event per day with 22 anonymous attributes:

Device & Platform (7)

Platform (desktop/pwa), OS, OS version (major only), app version, tier, locale (2-char), theme.

Usage Counts — Bucketed (5)

Accounts, transactions, merchants, categories, subcategories — all as ranges, never exact.

Feature Adoption — Boolean (8)

Whether bank sync, cloud sync, budgets, splits, receipts, tags, checks, or exclusions are used.

Aggregate (1)

Days since install, bucketed (0-7, 8-30, 31-90, etc.).

What We Do NOT Collect

  • Transactions, amounts, dates, or descriptions
  • Category or merchant names
  • Account names, numbers, or balances
  • Bank credentials or SimpleFIN tokens
  • IP addresses or geographic location
  • Browser fingerprints or persistent device IDs
  • Session recordings, click tracking, or cookies

How to Opt Out

Open the app > Settings > Privacy > Toggle "Anonymous Telemetry" off. That's it. Zero data will be sent. The toggle takes effect immediately.