Privacy Policy

Last updated: March 3, 2026

1. Information We Collect

1.1 Gmail Data (Limited Scope)

With your explicit consent, we access only the following Gmail data:

  • Email headers (sender, subject, date) for transaction emails only
  • Email body content for bank transaction notifications and receipts
  • Email metadata (message ID, timestamps) for synchronization purposes

Important: We do NOT access personal emails, social media notifications, marketing emails, or any non-financial correspondence. Our AI filters specifically target bank transaction emails only.

1.2 Financial Transaction Data

  • Transaction amounts and dates
  • Merchant names and descriptions
  • Transaction categories (auto-assigned)
  • Account balances (when available)
  • Currency information

1.3 Account Information

  • Name and email address from Google OAuth
  • Encrypted OAuth tokens (for Gmail access)
  • Service usage patterns and preferences
  • Dashboard settings and custom categories

1.4 Technical Data

  • IP address (approximate location only)
  • Browser type and version
  • Device information and operating system
  • Service usage analytics and performance metrics
  • Error logs for service improvement

2. How We Use Your Information

2.1 Primary Service Functions

  • Transaction Extraction: Parse bank emails to extract financial data
  • Categorization: Automatically categorize transactions using AI
  • Dashboard Display: Show financial insights and spending patterns
  • Reporting: Generate financial reports and analytics

2.2 Service Improvement

  • AI Training: Improve transaction categorization accuracy
  • Performance: Optimize service speed and reliability
  • Features: Develop new financial insights and tools

2.3 Security and Compliance

  • Fraud Prevention: Detect suspicious account activity
  • Security: Protect against unauthorized access
  • Legal Compliance: Meet regulatory requirements

3. Data Storage and Security

3.1 Encryption

  • In Transit: All data transmitted using HTTPS/TLS 1.3
  • At Rest: Database encryption using AES-256
  • OAuth Tokens: Encrypted with application-specific keys
  • Email Content: Encrypted during processing and storage

3.2 Data Retention

  • Transaction Data: Retained until account deletion
  • Email Content: Processed and stored as structured data only
  • Raw Emails: Not stored after processing
  • Analytics Data: Aggregated and anonymized after 90 days

3.3 Access Controls

  • Authentication: Multi-factor authentication required for admin access
  • Authorization: Role-based access control system
  • Audit Logs: All data access logged and monitored

4. Data Sharing and Third Parties

4.1 No Personal Data Sharing

We do NOT sell, rent, or share your personal financial data with third parties for marketing or advertising purposes.

4.2 Service Providers

  • Google: OAuth authentication and Gmail API access
  • Cloud Hosting: Secure infrastructure providers (AWS/GCP)
  • Payment Processors: For subscription billing (if applicable)

All service providers are carefully vetted and contractually bound to protect your data.

4.3 Legal Requirements

We may disclose information only when required by law, court order, or government request, and only after careful legal review.

5. Your Rights and Choices

5.1 Access and Control

  • View Data: Access all your financial data in your dashboard
  • Export Data: Download your data in JSON or CSV format
  • Delete Data: Delete individual transactions or entire account
  • Revoke Access: Disconnect Gmail access at any time

5.2 GDPR Rights

  • Right to Access: Know what data we have about you
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Portability: Transfer your data to another service
  • Right to Object: Object to certain data processing

6. Google OAuth and Gmail Integration

6.1 OAuth Scope

We request minimal Gmail permissions necessary for our service:

  • gmail.readonly: Read-only access to Gmail messages
  • userinfo.email: Access to your email address
  • userinfo.profile: Basic profile information

6.2 Email Processing

  • Automatic Filtering: AI identifies transaction emails only
  • No Manual Review: Your emails are never manually reviewed
  • Secure Processing: All processing happens in secure environment
  • No Email Storage: Raw emails are not stored permanently

6.3 Revocation

You can revoke our Gmail access at any time through:

  • Your Google Account settings
  • Your PayTrackify account settings
  • Contacting our support team

7. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected such information, we will delete it immediately.

8. International Data Transfers

Your data may be processed and stored on servers located outside your country. We ensure appropriate safeguards are in place for international data transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Technical and organizational security measures

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by:

  • Emailing the address associated with your account
  • Posting a notice in our service
  • Updating the "Last updated" date at the top

10. Contact Information

If you have questions about this Privacy Policy or your data rights, please contact us at:

  • Email: support@paytrackify.com
  • Support: support@paytrackify.com