Privacy Policy

Last updated: 2026-03-04

Overview

This application is an AI-powered expense management system delivered via a Chrome Extension and a backend orchestrator. We prioritize user privacy and data security.

Data We Collect

• Google account identifier (via Google OAuth)
• Email address (for authentication only)
• User-provided API keys (BYOK), stored encrypted

Data We Do NOT Collect

• Passwords
• Payment or banking details
• Expense data on this server
• LLM prompts or responses beyond execution

How Data Is Used

Data is used solely to authenticate users, securely execute requested actions, and provide AI-powered expense tooling. No data is sold, shared, or used for advertising.

Security

• JWT-based stateless authentication
• AES-256-GCM encryption for stored API keys
• Strict user isolation via user_id injection

Third-Party Services

• Google OAuth for authentication
• Optional LLM providers via user-supplied API keys

User Control

Users may delete their stored API keys at any time. No data is retained beyond what is required for functionality.

Contact

For privacy concerns, contact kaushishsaksham@gmail.com.