Legal
Privacy Policy
Effective June 10, 2026
This page describes how RetroFi handles your data. We do not sell your personal information. Your bank credentials never touch our servers — today all financial data enters RetroFi through files you upload, and future live bank connections will be handled by Plaid.
1.Who we are
RetroFi (“RetroFi,” “we,” “us,” or “our”) provides an AI-native personal finance application that helps you track disposable income, detect recurring subscriptions, forecast cash flow, and receive plain-English financial insights. This Privacy Policy applies to the RetroFi website and application (the “Service”).
If you have questions about this policy or your data, contact us at privacy@retrofi.app.
2.Information we collect
We collect the following categories of information:
- Account information. Your name, email address, and authentication credentials, managed through our authentication provider (Supabase Auth). Passwords are hashed and salted — we never store them in plain text.
- Financial data you upload. You upload bank statements (CSV, Excel, or PDF). We process and store the resulting transactions (dates, amounts, merchant names, categories) to power the Service.
- Bank connection data (upcoming feature). Live bank connections are not yet available. When they launch, our partner Plaid will retrieve your transaction and balance data on your behalf; we will store transactions and balances plus an encrypted Plaid access token. We never receive or store your online banking username or password.
- Billing information. Payments are processed by Stripe. We store your subscription status and a Stripe customer identifier. We do not store full card numbers.
- Usage and device data. Standard log data (IP address, browser type, pages viewed) and product analytics used to improve the Service and detect abuse.
3.How we use your information
- To provide, maintain, and improve the Service.
- To categorize transactions, detect subscriptions, and forecast cash flow.
- To generate AI-powered insights. Transaction data may be sent to our AI provider (Anthropic) solely to generate insights, categorizations, and your monthly digest. This data is not used to train third-party models.
- To process payments and manage your subscription (via Stripe).
- To send transactional email such as verification, password reset, and your monthly digest.
- To secure the Service, prevent fraud, and comply with legal obligations.
4.How we share information
We do not sell your personal information. We share data only with service providers (“sub-processors”) that help us operate the Service, under contractual confidentiality and security obligations:
- Stripe — payment processing and subscription billing.
- Supabase — database, authentication, and file storage.
- Anthropic — AI categorization and insight generation.
- Resend — transactional email delivery.
- Plaid — secure bank connectivity (upcoming feature; will be added as a sub-processor when live bank connections launch).
We may also disclose information if required by law, to enforce our Terms, or to protect the rights, property, or safety of RetroFi or others.
5.Data retention
We retain your data for as long as your account is active. If you delete your account, we delete your personal and financial data within 30 days, except where retention is required for legal, accounting, or fraud-prevention purposes.
6.Security
We protect your data with encryption in transit (TLS) and at rest, encrypted storage of sensitive tokens, row-level access controls scoped to your account, and least-privilege access for our team. No method of transmission or storage is 100% secure, but we work to protect your information using industry-standard safeguards.
7.Your rights
Depending on where you live, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing.
- Access & portability. Export your data anytime from Settings → Privacy & Data.
- Deletion. Delete your account and associated data from Settings → Privacy & Data, or by emailing us.
- California (CCPA/CPRA) & EU/UK (GDPR). We honor applicable rights and do not sell personal information. EU/UK users may lodge a complaint with their supervisory authority.
To exercise any right, email privacy@retrofi.app.
8.Children's privacy
The Service is not directed to anyone under 18, and we do not knowingly collect information from children. If you believe a child has provided us information, contact us and we will delete it.
9.Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, notify you by email or in-app.
10.Contact us
Questions or requests? Email privacy@retrofi.app.