Privacy Policy

Effective: March 2026

StateVu ("we", "our", "the app") is a mobile application that analyzes bank statement PDFs and screenshots to categorize your expenses using artificial intelligence. This policy explains what data we collect, how we process it, and your rights.

1. What We Collect

When you use StateVu, we collect the following information:

  • Account information: email address and authentication credentials when you create an account.
  • Financial documents: bank statement PDFs and screenshots that you upload for analysis.
  • Transaction data: amounts, dates, merchant names, descriptions, and categories extracted from your documents.
  • Usage data: app interaction events, device type, and operating system version for analytics and troubleshooting.

2. How We Use Your Data

We use your data exclusively to provide and improve the StateVu service:

  • Extract transactions from your uploaded PDFs and screenshots.
  • Categorize expenses using AI-powered analysis.
  • Generate spending summaries, charts, and household insights.
  • Authenticate your account and manage your subscription.
  • Send transactional emails (password resets, account notifications).

We do not sell, rent, or share your personal data with advertisers or data brokers.

3. AI Processing

StateVu uses Anthropic Claude to categorize transactions. Only the following fields are sent to the AI provider: category, amount, date, and merchant name. Your email, full name, bank account numbers, card numbers, and passwords are never sent to any AI provider.

Anthropic does not use API-submitted data to train their AI models, as stated in their API data usage policy.

4. Data Storage & Retention

Uploaded PDFs and screenshots are deleted immediately after transaction extraction — they are never stored permanently. Extracted transaction data is retained in your account until you choose to delete it.

Sensitive financial fields (merchant name, description, notes) are encrypted at rest using AES-256-GCM. Your data is stored on secure, access-controlled servers.

5. Third-Party Services

We use the following third-party services to operate StateVu:

  • Anthropic (Claude API): AI-powered transaction categorization. Receives only category, amount, date, and merchant name.
  • Apple / Google: In-app subscription billing and payment processing. We do not see or store your payment card details.
  • Firebase (Google): Authentication and push notifications.
  • DigitalOcean: Cloud infrastructure and data hosting.

Each third-party provider operates under their own privacy policy and data protection obligations.

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256-GCM encryption at rest for sensitive fields, secure authentication, and access-controlled infrastructure. While no system is 100% secure, we are committed to protecting your financial data with best-practice safeguards.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

GDPR (European Economic Area)

If you are in the EEA, you have the right to access, rectify, erase, restrict processing, and port your data, as well as the right to object to processing. Our legal basis for processing is your consent and the performance of our contract with you.

CCPA (California)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

LGPD (Brazil)

Brazilian residents have the right to confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing. You may revoke consent at any time.

For all users: you may delete all your data at any time from within the app. One tap and all data is permanently removed. To exercise any other rights, contact us at [email protected].

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers in accordance with applicable data protection laws.

9. Children's Privacy

StateVu is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through the app or via email. Continued use of StateVu after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or your data, contact us at [email protected].