Privacy Policy
This Privacy Policy describes how AllBrave LLC (“AllBrave,” “we,” “us”) collects, uses, discloses, and protects personal information in connection with our website, mobile applications, and related services (the “Service”). It is written to satisfy the disclosure requirements of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), and comparable comprehensive privacy laws in other U.S. states.
At a glance
- We’re a personal finance app — we store your buckets, transactions, and account info to provide the service.
- We don’t sell or share your personal information.
- You can download or delete your data at any time from Settings.
- We honor Global Privacy Control (GPC) signals.
- Questions? Email privacy@allbrave.ai.
1. Categories of personal information we collect
The following table summarizes the categories of personal information we collect, the sources, purposes, retention periods, and recipients. The letters in the first column refer to the categories enumerated in Cal. Civ. Code § 1798.140(v)(1).
| Category (CCPA letter) | Examples | Sources | Purposes | Retention | Recipients |
|---|---|---|---|---|---|
| A. Identifiers | email, account UUID, date of birth | from you at signup | account creation, authentication, age verification | while account active, deleted on request | Heroku (hosting), Stripe (subscribers only) |
| B. Commercial info | subscription status, billing dates | Stripe / RevenueCat | provide subscription service | while account active + as required by tax/accounting law | Stripe, Apple/RevenueCat |
| F. Internet/usage | IP address, device/browser type, page views | automatically | analytics, security | up to 30 days (Vercel Analytics) | Vercel |
| G. Geolocation (coarse) | timezone, country from IP | from you / browser | localizing timestamps, fraud signals | while account active | Heroku, Vercel |
| K. Inferences | spending patterns within AllBrave | derived from your transactions | provide budgeting features | while account active | none (stays in our systems) |
| Sensitive PI (financial) | transaction amounts, descriptions, bucket names/balances | from you | provide the budgeting service | while account active, 7-day Redis TTL for chat history | Anthropic (chat context only) |
2. Sensitive Personal Information (SPI)
Under the CPRA, financial information is treated as sensitive personal information. We use it only to provide the service you signed up for. We do not use sensitive personal information for advertising, for profiling that produces decisions with legal or similarly significant effects, or to infer characteristics about you beyond what the budgeting product itself displays back to you.
California residents have the right to request that we limit our use of sensitive personal information to those purposes specified in Cal. Civ. Code § 1798.121(a). In practice, we do not process SPI for any secondary purposes, so honoring such a request does not change how we handle your data.
3. How we share information
We share information in two ways, and only as described here:
Service providers. These vendors act on our behalf under a written contract that restricts their use of personal information to providing services to us. They are not permitted to use your information for their own purposes, including for advertising.
- Anthropic, PBC— provides the chat AI (Claude). Under Anthropic’s commercial terms, Anthropic does not train on our inputs.
- Stripe, Inc. — payment processing for web and Android subscriptions.
- Apple / RevenueCat — subscription processing for iOS in-app purchases.
- Heroku (Salesforce) — managed Postgres and application hosting.
- Redis Cloud (Redis Ltd.) — short-term chat memory, 7-day TTL.
- Vercel, Inc. — frontend hosting and product analytics.
Third parties (independent use): none. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA and similar state laws.
4. Your privacy rights
Depending on your state of residence, you may have the following rights with respect to your personal information:
- Right to know. Learn what categories of personal information we collect, the sources, purposes, and recipients. This policy provides those disclosures, and your in-app data export provides the specific pieces.
- Right to delete. Delete your account directly in Settings, or email us.
- Right to correct. Edit your profile in Settings. For fields that are not editable in-app, email us.
- Right to portability. Download a machine-readable copy of your data from Settings → Privacy.
- Right to opt out of sale/sharing. We do not sell or share personal information. See the Do Not Sell or Share page.
- Right to limit use of SPI. See the Sensitive Personal Information section above.
- Right to non-discrimination. We will not deny service, charge a different price, or provide a different level or quality of service because you exercised your rights.
5. How to exercise your rights
For most rights, the fastest path is Settings → Privacy, where you can download your data or delete your account without contacting support. For everything else, email privacy@allbrave.ai.
We will confirm receipt of your request within 10 business days and substantively respond within 45 days, with one 45-day extension if reasonably necessary (we’ll let you know if we need it). We may need to verify your identity before we act, typically by confirming control of the email address on the account. An authorized agent may submit a request on your behalf with written, signed permission.
6. California, Virginia, Colorado, Connecticut, Utah, and Texas residents
The rights enumerated above apply to all residents of states with comprehensive consumer privacy laws (including California, Virginia, Colorado, Connecticut, Utah, and Texas). We treat all users uniformly regardless of state of residence — if a right exists in one of these jurisdictions, you can exercise it.
7. Do Not Sell or Share My Personal Information
AllBrave does not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of. Learn more →
8. Cookies and tracking
We use first-party cookies for sessions and authentication. These are essential and cannot be turned off — without them you can’t stay signed in.
We use Vercel Analytics and Vercel Speed Insights for product analytics on the marketing site and the app. You can opt out at any time from Settings → Privacy → Analytics. We also honor Global Privacy Control (GPC) signals from your browser automatically: if you send a GPC signal, analytics are disabled regardless of your in-app setting.
9. Children’s privacy (COPPA)
AllBrave is intended for users 18 and older. We collect date of birth at signup to verify age, and users under 18 cannot register. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete it promptly. Parents who believe their child has provided information to us should contact privacy@allbrave.ai.
10. Financial data safeguards
AllBrave is not a bank, lender, broker, or financial institution, and we are not subject to the Gramm-Leach-Bliley Act. That said, we take financial information seriously. We use TLS in transit, encryption at rest via managed Postgres on Heroku, and restrict access to authorized personnel on a need-to-know basis. We do not commingle financial data with marketing data.
11. Data retention
We retain account data for as long as your account is active, plus up to 30 days after deletion to allow backups to age out. Chat history is retained in Redis for 7 days. Analytics data is retained for up to 30 days. Tax, billing, and accounting records are retained for the period required by law.
12. International users
AllBrave is operated from the United States, and all personal information is stored in the United States. By using AllBrave, you consent to the transfer of your information to the United States, where privacy laws may differ from those in your country.
13. Changes to this policy
We may update this policy from time to time. When we do, we’ll update the “Last updated” date above. For material changes, we’ll also notify signed-in users in-app.
14. Contact
Questions about privacy at AllBrave? Write to us at privacy@allbrave.ai.