C Cash Copilot
Cash Copilot

Privacy Policy

This Privacy Policy explains how Cash Copilot processes personal data when you use the website, mobile app, account features, imports, billing, and support channels. Cash Copilot is designed around data minimisation: we only process data that is needed to provide, secure, improve, or legally operate the service.

Controller and contact

The data controller is Cash Copilot. For privacy requests, data protection questions, access requests, export requests, deletion requests, or complaints, contact us at privacy@cash-copilot.app.

Personal data we process

  • Account data: email address, name if provided, account identifiers, account status, trial dates, and authentication state.
  • Authentication data: one-time-password records, timestamps, IP address, user agent, access tokens, and security logs.
  • Financial import data: imported statement metadata, parsed transactions, dates, amounts, currency, descriptions, counterparties, account labels, source rows, and generated summaries.
  • Billing data: subscription provider, product identifiers, subscription status, renewal dates, cancellation dates, and payment platform identifiers.
  • Device and technical data: app diagnostics, request logs, security events, cookie consent state, and information needed to keep the service available and secure.
  • Support data: messages, email address, and any information you send when contacting support.

We do not intentionally collect bank credentials. Imports are read-only files or data you choose to upload. We do not sell personal data and we do not use your financial data to build advertising profiles.

Purposes and legal bases

  • Provide the service: account creation, login, transaction import, insights, subscriptions, and account management. Legal basis: contract necessity.
  • Security and fraud prevention: abuse detection, authentication, logs, rate limits, and platform protection. Legal basis: legitimate interests and legal obligations where applicable.
  • Billing and tax/accounting: subscription management, receipts, payment status, refunds, and required records. Legal basis: contract necessity and legal obligation.
  • Optional analytics or non-essential cookies: only if enabled with consent. Legal basis: consent, which you can withdraw at any time.
  • Support and communications: responding to requests and service messages. Legal basis: contract necessity or legitimate interests.

Processors and recipients

We use service providers only where needed to run Cash Copilot. Depending on your use of the service, personal data may be processed by:

  • Hosting and infrastructure providers for servers, databases, storage, logs, and backups.
  • Email providers for login codes, transactional messages, and support replies.
  • Stripe for web billing and subscription management.
  • RevenueCat, Apple, and Google for mobile subscription entitlement and store purchase management.
  • Error reporting or diagnostics providers if enabled, limited to data needed to identify and fix technical issues.

These providers act as processors or independent controllers depending on the service and legal role. We do not share personal data with advertisers.

International transfers

Some providers may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, provider data processing terms, and security measures.

Cookies and tracking

Essential cookies are used to keep the website and service secure. Optional analytics or similar non-essential cookies are disabled by default and are only used if you consent. You can change your choice through the cookie controls or browser settings. See our Cookie Policy.

Retention

  • Account data: retained while your account is active and deleted when your account is deleted, unless limited records must be kept for legal reasons.
  • Financial import and transaction data: retained while your account is active so the app can provide insights; deleted with your account.
  • Authentication and security logs: retained only as long as needed for security, abuse prevention, and legal defence.
  • Billing records: retained as required for accounting, tax, chargeback, and legal obligations.
  • Backups: deleted or overwritten on normal backup rotation schedules.

Your GDPR rights

If GDPR applies to you, you may request access, rectification, erasure, restriction, portability, objection to processing, withdrawal of consent, and review of any decision based solely on automated processing where applicable.

Authenticated users can request a data export or account deletion from the app. You can also contact privacy@cash-copilot.app. We may need to verify your identity before acting on a request.

Automated decision-making

Cash Copilot may generate spending insights and forecasts from your imported data, but these are informational only. The service does not make legally significant automated decisions about you.

Complaints

You can contact us first so we can try to resolve your concern. If you are in the European Union or European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated revision date.

Last updated: 2026-04-14