Privacy Policy

How we protect your data and respect your privacy

Last Updated: January 2026

Our Privacy Promise

Trak30 was built with privacy as a core principle, not an afterthought. We collect the absolute minimum data necessary to make the app work, and we never sell, share, or monetize your personal information.

Simple version: Your financial data is yours. We're just the tool you use to track it.

What Data We Collect

Required Data (App Functionality)

  • Username: Your chosen username for login
  • Password: Hashed using bcrypt (10 rounds) - we never see your actual password
  • Security Questions & Answers: Hashed for account recovery
  • Recovery Code: Generated unique code for password reset
  • Transaction Data: Amounts, categories, dates, notes you manually enter
  • Custom Categories: Category names, icons, and colors you create
  • Recurring Bills: Bill names, amounts, and schedules you set up
  • Timezone & Currency: For accurate date/time display and formatting

Optional Data

  • Email Address: ONLY if you choose to add it in Settings for bill reminders and notifications
  • Household Name: If you choose to set one
  • Receipt Images: Temporarily stored for OCR processing, then deleted

What We DON'T Collect

  • ❌ Phone numbers
  • ❌ Real names (unless you choose to add them)
  • ❌ Physical addresses
  • ❌ Location data
  • ❌ Banking credentials or account numbers
  • ❌ Social security numbers or government IDs
  • ❌ Browsing history
  • ❌ Device identifiers (beyond basic browser info)

How We Use Your Data

Your data is used exclusively for these purposes:

  • Authentication: Logging you in securely
  • App Functionality: Displaying your transactions, generating analytics, creating reports
  • Data Export: Generating CSV, JSON, and PDF exports when you request them
  • Account Recovery: Verifying your identity if you forget your password
  • Email Notifications: Sending bill reminders and tracking nudges (only if you add your email and enable notifications)

That's it. We don't use your data for marketing, advertising, profiling, or any other purpose.

Third-Party Services

Google Analytics (Minimal Tracking)

We use Google Analytics to count page visits and understand if anyone is actually using Trak30. That's it.

What Google Analytics tracks:

  • Page views (which pages you visit)
  • Session duration (how long you're on the site)
  • Device type (mobile, desktop, tablet)
  • Browser type

What it does NOT track:

  • Your username or account details
  • Your transaction data
  • Personally identifiable information

You can block Google Analytics with browser extensions like uBlock Origin if you prefer.

Hosting & Database

  • Heroku: Application hosting (owned by Salesforce)
  • MongoDB Atlas: Database storage with encryption at rest and in transit

Both services are GDPR and SOC 2 compliant with strict security standards.

No Other Third Parties

We don't use:

  • Marketing platforms (Mailchimp, etc.)
  • Advertising networks
  • Social media pixels (Facebook, Twitter, etc.)
  • Banking APIs (Plaid, etc.)
  • Payment processors (everything is free)

AI-Powered Classification

How We Use AI

Trak30 uses artificial intelligence (Claude AI by Anthropic) to automatically categorize your transactions and improve the accuracy of your financial insights.

What Data is Processed

When classifying transactions, we send only:

  • Transaction descriptions: Category names and notes (e.g., "Walmart - groceries")
  • That's it. No personal information, account numbers, usernames, or identifying details

Privacy Protections

  • Minimal Data: Only merchant names and transaction notes are processed
  • No Storage: Anthropic does not store or train on your data (per their privacy policy)
  • Encrypted Transmission: All data sent to AI services is encrypted via HTTPS
  • No Personally Identifiable Information: Your username, account details, and personal info are never shared

How Classification Works

The AI reads your transaction descriptions to determine if expenses are:

  • Essential: Rent, utilities, insurance, groceries, healthcare
  • Lifestyle: Subscriptions like Netflix, Spotify, gym memberships
  • Discretionary: Shopping, entertainment, dining out

This classification powers insights like Payday Effect analysis and Money Leak detection, helping you understand spending patterns without manual categorization.

AI Accuracy Disclaimer

Important: AI categorization is automated and may contain errors. Always review and verify AI suggestions before accepting them. You are responsible for ensuring transaction categories are correct. Trak30 is not liable for incorrect AI categorizations or any consequences resulting from them.

Third-Party AI Provider

We use Anthropic's Claude AI for transaction classification. Learn more about their privacy practices: Anthropic Privacy Policy

Your Control & Opt-Out

  • Classification happens automatically in the background
  • You can override any AI classification by editing transactions
  • The more specific your transaction notes, the more accurate the AI becomes
  • You can disable AI categorization entirely in Settings → AI Features

When AI categorization is disabled, all transactions will default to "Uncategorized" and you must manually categorize them.

Data Security

We use bank-level security to protect your data:

Encryption

  • In Transit: HTTPS/TLS 1.3 encryption for all connections
  • At Rest: MongoDB Atlas encrypts all database data
  • Passwords: bcrypt hashing with 10 rounds (industry standard)
  • Security Answers: Also hashed with bcrypt

Authentication

  • JWT Tokens: Secure session management
  • HttpOnly Cookies: Protects against XSS attacks
  • Rate Limiting: Prevents brute force attacks (5 login attempts per 15 minutes)

Infrastructure Security

  • Regular security updates
  • Helmet.js security headers
  • NoSQL injection prevention
  • Input sanitization

Security Disclaimer

Important: While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your information. You acknowledge that you provide your information at your own risk.

Your Data Rights

Access & Export

You can export all your data anytime in CSV, JSON, or PDF format from Settings → Data Management.

Correction

You can edit or delete any transaction, category, or recurring bill directly in the app.

Deletion

You can delete your account anytime from Settings → Account Management → Delete Account.

When you delete your account:

  • All your data is permanently removed from our database
  • No backups are kept
  • No recovery is possible
  • Deletion is immediate and irreversible

Data Portability

Your exported data is in standard formats (CSV, JSON) that can be imported into other tools.

Data Retention

  • Active Accounts: Data is stored as long as your account exists
  • Deleted Accounts: Data is permanently deleted immediately (no retention period)
  • Backups: We don't maintain backups of user data
  • Temporary Files: Receipt images are deleted after OCR processing

Cookies

Trak30 uses only one type of cookie:

  • Authentication Cookie: Required to keep you logged in (JWT token, httpOnly, secure, 7-day expiry)

That's it. No tracking cookies, no marketing cookies, no social media cookies.

Google Analytics: May set its own cookies for visit tracking. You can block these with browser settings or extensions.

Children's Privacy

Trak30 is intended for users 13 years and older. Users under 18 should have parental permission before creating an account.

We don't knowingly collect data from children under 13. If we discover an account belongs to a child under 13, we will delete it immediately.

International Users

Trak30 is based in the United States (Lancaster, SC). Your data is stored on servers in the US.

If you're outside the US, by using Trak30 you consent to your data being transferred to and stored in the US.

Note: We don't specifically target EU users, but if you're in the EU, you have rights under GDPR including data access, correction, deletion, and portability (all of which are already built into Trak30).

Data Breaches

In the unlikely event of a data breach:

  • We will investigate immediately
  • Affected users will be notified within 72 hours
  • If you have an email on file, we will notify you via email
  • If you don't have an email, we will post a notice on the login page
  • We will take steps to secure the system and prevent future breaches

Note: Because email is optional, we may not be able to directly notify you of breaches if you haven't added an email. Check the app periodically for any security notices.

Changes to This Policy

We may update this Privacy Policy occasionally. Changes will be posted on this page with an updated "Last Updated" date.

Major changes will be announced on the app's login/dashboard page.

Continued use of Trak30 after changes means you accept the updated policy.

Your Choices

  • Disable AI Features: Turn off AI categorization in Settings
  • Stop Using Trak30: You can stop using the app anytime
  • Export Your Data: Download everything before you go
  • Delete Your Account: Permanent removal of all data
  • Block Analytics: Use browser extensions to block Google Analytics

Contact Us

Questions about privacy? Contact:

  • Email: edgar@codedevhub.com
  • Developer: Edgar Robledo
  • Business: CodeDevHub
  • Location: Lancaster, SC, United States

Bottom Line: We respect your privacy. We collect only what's necessary, secure it properly, never sell it, and let you delete it anytime. That's our promise.