Privacy Policy

1Who We Are

Cashfox is a personal finance tracking application that helps you connect daily spending decisions to your long-term life goals. The service is operated by the Cashfox team ("we," "our," or "us"). This Privacy Policy applies to all users of the Cashfox website and mobile web application (collectively, the "Service").

By using Cashfox, you agree to the collection and use of your information as described here. If you don't agree, please don't use the Service.

2Information We Collect

Account Information

When you create an account, we collect your email address and a securely hashed password. If you sign in with Google OAuth, we receive your name and email from Google. We store a display name and your preferred currency in your profile.

Financial Data You Enter

Cashfox stores the financial information you actively enter:

• Budget allocations and monthly income sources
• Individual expense entries (amount, category, date, optional merchant and mood tag)
• Financial goals (name, target amount, current savings, monthly contributions)
• Net worth snapshots (assets and liabilities by category)

This data is stored in our database and tied to your account. It is never shared with other users or third parties for marketing purposes.

Usage and Device Data

When you use Cashfox, we may automatically collect basic technical information: your browser type and version, device type, operating system, pages you visit within the app, session duration, and referring URL. This is collected via Google Analytics (when enabled) and helps us understand how the product is used so we can improve it.

3How We Use Your Information

Your data is used to power the Service and nothing else. Specifically:

• Providing the core budgeting, expense tracking, and goal projection features
• Calculating real-time financial insights (safe-to-spend, goal timelines, net worth trends)
• Sending transactional emails (e.g., password reset, account verification)
• Processing payments for premium subscriptions via Stripe
• Improving the product using aggregated, anonymized usage analytics
• Responding to support requests you contact us about

We do not use your personal financial data for advertising, profiling for third parties, or any purpose beyond providing and improving the Service.

4Data Storage and Security

Your data is stored in a PostgreSQL database managed by Supabase, which runs on AWS infrastructure. We use Row Level Security (RLS) at the database level, meaning each user's data is cryptographically isolated from every other user's data, even within the same database.

All data in transit is encrypted using TLS. Data at rest is encrypted using AES-256. Authentication tokens are short-lived JWTs verified server-side on every API request.

No security system is perfect. We take reasonable and industry-standard measures to protect your data, but we can't guarantee absolute security. If we become aware of a breach affecting your data, we'll notify you as required by applicable law.

5Third-Party Services

Cashfox uses a small number of trusted third-party services. Each has its own privacy policy.

6Cookies and Tracking

Cashfox uses cookies for two purposes:

• Authentication cookies to keep you signed in across sessions. These are essential for the app to function.
• Analytics cookies (Google Analytics) to understand how the product is used. These are optional and can be blocked via your browser settings or a browser extension like uBlock Origin.

We don't use advertising cookies or sell cookie data to any third party. You can opt out of Google Analytics tracking specifically using Google's official opt-out tool.

7Your Rights

Depending on where you live, you may have rights over your personal data. Regardless of your location, Cashfox gives you meaningful control:

EU/EEA/UK users have rights under GDPR including data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority. California residents have rights under CCPA. Contact us at privacy@cashfox.app to exercise any of these rights.

8Data Retention

We keep your data for as long as your account is active. If you delete your account, your personal data is removed within 30 days, except where retention is required by law (e.g., billing records for tax purposes, which Stripe may retain per their own policies).

Anonymized, aggregated analytics data (no PII) may be retained indefinitely for product research purposes.

9Children's Privacy

Cashfox is intended for users 16 years of age and older. We do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account, please contact us at privacy@cashfox.app and we'll remove the account promptly.

10International Data Transfers

Cashfox is operated from Canada, and our infrastructure (Supabase / AWS) may process data in the United States or other jurisdictions. If you're located in the EU, EEA, or UK, your data may be transferred to countries whose data protection laws differ from your own. Where this applies, we rely on Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure adequate protection. Supabase's Data Processing Agreement covers these transfers.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Effective Date" at the top of this page. If the changes are material, we'll let you know via email or an in-app notice. Continuing to use Cashfox after changes go into effect means you accept the updated policy.

12Contact Us

Got a question about your data? Something not covered here? We're a small team and we take privacy seriously. Reach us at: