Finance Bot ("we", "us", "our") operates an AI-powered life and business assistant accessible via Telegram, WhatsApp, Slack, and SMS. This Privacy Policy describes how we collect, use, store, and protect your information.
1. Information We Collect
1.1 Account Information
Messaging platform user ID (Telegram ID, WhatsApp phone number, Slack user ID, or phone number for SMS)
Display name as provided by your messaging platform
Language preference and timezone
Business type (if applicable)
1.2 Financial Data
Expense and income records you submit
Receipt images and scanned document data
Budget limits and recurring payment configurations
Merchant names and transaction categories
1.3 Life Tracking Data
Food and beverage logs
Mood, energy, and sleep check-ins
Personal notes, ideas, and reflections
Task lists, reminders, and shopping lists
1.4 Connected Services Data
Google account data (Gmail, Calendar) — only when you explicitly connect via OAuth
Contact information for your CRM/booking clients
1.5 Usage and Technical Data
Message timestamps and interaction patterns
Device and platform information provided by messaging services
Error logs for service improvement
2. How We Use Your Information
Provide core services: Process your financial transactions, generate reports, manage tasks, and deliver AI-powered insights
Personalization: Learn your preferences, categories, and communication style to improve accuracy
Memory and context: Maintain conversation history and personal memory to provide contextually relevant responses
Notifications: Send reminders, budget alerts, and scheduled briefings you have configured
Service improvement: Analyze anonymized usage patterns to enhance features and fix issues
3. Third-Party Services
We use the following third-party services to operate Finance Bot:
Messaging platforms: Telegram Bot API, WhatsApp Business Cloud API (Meta), Slack API, Twilio (SMS) — to send and receive messages
AI providers: Anthropic (Claude), OpenAI (GPT), Google (Gemini) — to process natural language and generate responses
Supabase (PostgreSQL): Database hosting and storage
Redis: Session state and caching
Mem0: Personal memory storage for context-aware interactions
Google APIs: Gmail and Calendar access (only with your explicit OAuth consent)
Stripe: Payment processing for subscription billing
Langfuse: Observability and quality monitoring
Each third-party service processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.
4. Data Storage and Security
All data is stored in a PostgreSQL database with Row-Level Security (RLS) ensuring multi-tenant isolation — your data is only accessible to your family/account
Database connections use TLS encryption
Sensitive credentials (API keys, OAuth tokens) are encrypted at rest
Browser session cookies are encrypted using Fernet symmetric encryption
We do not sell, rent, or share your personal data with third parties for marketing purposes
5. Data Retention
Your account data and financial records are retained for as long as your account is active
Conversation history is maintained in a sliding window for context (recent messages only)
You can request deletion of specific data types at any time by messaging the bot (e.g., "delete expenses for January")
Upon account deletion, all personal data is permanently removed within 30 days
6. Your Rights
You have the right to:
Access: Request a copy of your personal data
Correction: Update or correct inaccurate data
Deletion: Request deletion of your data ("right to be forgotten")
Portability: Request your data in a machine-readable format
Restriction: Limit how your data is processed
Objection: Object to processing of your data
To exercise any of these rights, contact us at the email address below.
7. WhatsApp-Specific Provisions
When using Finance Bot via WhatsApp:
Your WhatsApp phone number is used solely to identify your account and deliver messages
We access messages only within our bot conversation — we cannot read your other WhatsApp chats
Media files (photos, documents, voice messages) sent to the bot are processed for the requested function and not shared externally
You can stop interacting with the bot at any time by blocking or deleting the conversation
8. Children's Privacy
Finance Bot is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
9. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for cross-border data transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes through the bot or on this page. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us: