Privacy Policy

1. Who we are

Frugal ("Frugal", "we", "us") is a personal finance app that helps you track spending and stay on budget. The service is operated from Nigeria and is accessed at tryfrugal.vercel.app. You can reach us any time at hotakaraandakamu@gmail.com.

2. What we collect

We collect three buckets of data:

A. Account data

• Your email address (used to sign in via magic link).
• Your name and phone number (if you join the waitlist or update your profile).
• A unique forwarding token we generate for you.

B. Financial data you give us

• Transactions you add manually (amount, merchant, category, date, your notes).
• Transactions auto-imported via bank email forwarding or Mono bank linking.
• The budgets and categories you set.
• Bank account metadata returned by Mono (institution name, last four digits of account number, account holder name). We never see or store your bank password or full account number.

C. Technical data

• Device push-notification subscriptions (so we can send you push notifications).
• IP address and user agent when you submit forms (basic anti-abuse).
• Standard hosting logs (HTTP requests, timestamps) — kept by our hosting provider Vercel.

3. What we don't collect

• Your bank login credentials. We never see them. Mono handles bank authentication directly.
• Your card details. Payments go through Paystack, who holds them, not us.
• Location data, contacts, photos, microphone, camera. We don't ask, we don't want.
• Cross-site tracking cookies. No Facebook pixel, no Google Analytics.

4. How we use what we collect

• To provide the service: showing your transactions, computing budgets, sending categorization push notifications.
• To process payments (your waitlist deposit and any future subscription).
• To use AI to categorize your transactions when you type a natural-language description. The description is sent to Anthropic's Claude API (US servers) for parsing, then discarded.
• To improve the app — we look at aggregated, anonymized usage patterns. We don't analyze individual users.
• To contact you about your account or launch updates. You can opt out of marketing emails any time.

5. Who else sees your data

We use a small set of vetted service providers. None of them sells your data. Each only sees the slice they need to do their job.

• Supabase — stores your account data and transactions. Servers located in the EU (Ireland). They are SOC2 compliant.
• Vercel — hosts the app. Sees HTTP request logs.
• Paystack — processes payments. Sees your name, email, and amount. Does NOT see your transactions or budgets.
• Mono — connects your bank account if you opt in. They handle bank authentication and return transaction data to us.
• Cloudflare — receives forwarded bank emails and parses them. Only sees the emails you choose to forward.
• Anthropic — receives the natural-language descriptions you type into the AI categorize input, and returns a category + merchant. Descriptions are not used for AI training.

We share data with these providers only as needed to run the service. We never sell your data to advertisers, brokers, or anyone else. Under no circumstances.

6. How long we keep it

Your account data and transactions stay with us for as long as your account is active. If you delete your account (email us to request this), we delete your row data from Supabase within 7 days. Hosting logs that may contain your IP address roll off after 30 days. Anonymized usage analytics are kept indefinitely.

Payment records may be retained for up to 7 years to comply with Nigerian and international financial record-keeping requirements.

7. Your rights (under NDPR and similar laws)

You can, at any time:

• Ask us what data we have on you (we'll email you a copy within 7 days).
• Ask us to correct anything wrong.
• Ask us to delete your account and your data.
• Ask us to stop sending you marketing emails.
• Withdraw consent for any specific processing.

To exercise any of these, email hotakaraandakamu@gmail.com with the subject "Data request".

8. Security

Your data is encrypted in transit (HTTPS everywhere) and at rest (Supabase + Vercel disk encryption). Row-Level Security policies on our database mean even our own queries can only return your own data when you're signed in. We follow standard practices for password storage (handled by Supabase Auth) and API key management.

That said, no system is bulletproof. If we suffer a breach that affects your data, we'll notify you within 72 hours of discovery, as required by NDPR.

9. International data transfers

Some of our service providers are based outside Nigeria (Supabase in the EU, Anthropic in the US, Vercel in the US). When your data is processed by them, it leaves Nigeria. We rely on each provider's standard contractual clauses and equivalent protections to keep your data safe abroad.

10. Children

Frugal is for users 18 and older. If you are under 18, please do not use Frugal. If we learn that a user is under 18, we will delete the account.

11. Changes to this policy

We may update this policy as the app evolves. If we make a significant change, we'll email everyone with an active account at least 14 days before the change takes effect. The "last updated" date at the top of this page always reflects the most recent version.

12. Contact

Questions, concerns, or want your data exported or deleted? Email hotakaraandakamu@gmail.com. We respond within 7 days, usually much sooner.