← Back to Charge Sleuth

Privacy Policy

Effective May 13, 2026

1. Who we are

Charge Sleuth is a personal-finance application operated by Jordan Button as a single-administrator service. It is currently in closed family beta, available at chargesleuth.quest. Questions about this policy: jbutton909@gmail.com.

2. What we collect

We collect only what is necessary to provide the service:

  • Account data: email address, hashed password (argon2), full name (optional), TOTP secret (encrypted), hashed backup recovery codes, account creation timestamp.
  • Bills you create: name, vendor, amount, billing cycle, due date, category, tags, notes, optional uploaded PDF/image documents.
  • Income you record: source name, type, amount, frequency, expected dates.
  • Bank transaction data: imported via CSV upload or, optionally, Plaid. Includes posted date, amount, merchant description, account name, account balances. We do not store full account or card numbers — only masked identifiers.
  • Account balances: manually entered or pulled via Plaid for cash-flow forecasting and (optional) SSI asset-limit monitoring.
  • Budgets and goals: categories, limits, targets, progress.
  • Audit log: a record of state-changing actions on your account (login, signup, bill creation, payment, settings change, data export) including IP address and user-agent, for security review.
  • Session cookies: a signed, HttpOnly session cookie set on login. No third-party tracking or advertising cookies.

We do not collect: Social Security numbers, full bank account numbers, full card numbers, biometric data, precise geolocation, or browsing behavior outside of Charge Sleuth.

3. Why we collect it

  • To operate the service — display your bills, income, budgets, dashboard analytics.
  • To send you alerts and reminders about upcoming bills, free-trial endings, renewals, savings opportunities.
  • To run AI-assisted bill analysis and savings recommendations (described in Section 5).
  • To enforce account security (TOTP 2FA, rate-limited login, audit log).
  • To allow you to export or delete your data.

We do not sell your data. We do not use your data for advertising. We do not share aggregated or anonymized data with third parties for marketing.

4. How long we keep it

  • Account data: for as long as your account is active.
  • Bills, income, budgets, goals: for as long as your account is active, or until you delete them.
  • Bank transactions (Plaid or CSV): up to 24 months of history.
  • Audit log: 12 months, then automatically purged.
  • Uploaded documents (bill PDFs / images): until you delete the corresponding bill or your account.
  • Backups: 30 days of nightly database backups, 12 weeks of weekly document backups, encrypted at rest off-site.

When you delete your account, all personal data is removed from production within 7 days and purged from backups within 90 days.

5. Third parties we share data with

We use a small number of service providers to operate the app. Each receives only the minimum data needed for its function:

  • Anthropic (Claude API) — when AI features are enabled, individual bill text and (when you click Deep Scan) bill metadata are sent to Anthropic for analysis. Anthropic does not train on API data. Anthropic privacy policy.
  • Plaid — only if you choose to link a bank account. Plaid retrieves transactions and balances under your authorization and shares them with Charge Sleuth. Plaid privacy policy.
  • Resend — if email notifications are enabled, your email address and the notification body are sent to Resend for delivery. Resend privacy policy.
  • Twilio — if SMS notifications are enabled, your phone number and the message body are sent to Twilio for delivery. Twilio privacy policy.
  • Backblaze B2 — encrypted database and document backups are stored on Backblaze B2 cloud storage. Backups are encrypted at rest with a key under our exclusive control.
  • Cloudflare — DNS resolution for chargesleuth.quest. Cloudflare may see your IP address when resolving the domain.
  • Let's Encrypt — issues the TLS certificate used to secure traffic to chargesleuth.quest.

We do not share your data with advertisers, data brokers, social networks, or analytics providers.

6. Security measures

  • Mandatory TOTP two-factor authentication on every account.
  • Passwords stored as argon2 hashes — never in plaintext.
  • All traffic over HTTPS (TLS 1.2 or higher) with HSTS preload.
  • Login rate limiting (5 attempts per IP per 15 minutes; account lockout after 10 failures per hour).
  • SSH key-only access to production servers; no password login.
  • Strict least-privilege Linux user accounts for the running application.
  • Firewall restricting public ingress to ports 80, 443, and 22.
  • Audit log of every state-changing action.
  • Backups encrypted with GPG before leaving our infrastructure.

7. Your rights

You can at any time:

  • Export — download a complete JSON or CSV copy of your data from Settings → Export.
  • Correct — edit any bill, income source, balance, or profile field directly in the app.
  • Delete — bulk-delete bills, transactions, budgets, goals, and account balances from inside the app. For full account deletion, email jbutton909@gmail.com; we will remove all personal data within 7 days.
  • Revoke bank access — disconnect a linked Plaid account from Settings → Bank connections at any time. Plaid is instructed to delete its corresponding access token immediately.
  • View your audit log — at Settings → Audit log.

If you are a California, Virginia, Colorado, Connecticut, or Utah resident, you have additional rights under state privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA). These rights are honored via the same export/delete mechanisms above. Email us if you need anything more specific.

8. Children

Charge Sleuth is not intended for and does not knowingly collect data from anyone under 13. If you believe a child has created an account, email us and we will delete the account.

9. Changes to this policy

If we make material changes to how we collect, use, or share your data, we will notify active users by email at least 30 days before the changes take effect. Non-material changes (clarifications, typo fixes, contact-info updates) take effect immediately upon publication; the "Effective" date at the top of this page tracks the latest revision.

10. Contact

Questions, concerns, or privacy requests:
Jordan Button — jbutton909@gmail.com