Privacy Policy

Effective: April 2026

StateVu ("we", "our", "the app") is a mobile application that analyzes bank statement PDFs and screenshots to categorize your expenses using artificial intelligence. This policy explains what data we collect, how we process it, and your rights.

1. What We Collect

When you use StateVu, we collect the following information:

  • Account information: email address and authentication credentials when you create an account.
  • Financial documents: bank statement PDFs and screenshots that you upload for analysis.
  • Expense data: amounts, dates, merchant names, descriptions, and categories extracted from your documents.
  • Usage data: app interaction events, device type, and operating system version for analytics and troubleshooting.

2. How We Use Your Data

We use your data exclusively to provide and improve the StateVu service:

  • Extract expenses from your uploaded PDFs and screenshots.
  • Categorize expenses using AI-powered analysis.
  • Generate spending summaries, charts, and household insights.
  • Authenticate your account and manage your subscription.
  • Send transactional emails (password resets, account notifications).

We do not sell, rent, or share your personal data with advertisers or data brokers.

3. Third-Party AI Processing

StateVu uses the Claude AI API provided by Anthropic, PBC ("Anthropic") to extract transactions from your uploaded bank statements and to categorize them. Anthropic acts as a sub-processor on our behalf.

What is sent to Anthropic. Each page of your uploaded bank statement PDF is rendered as an image and transmitted to Anthropic's Claude AI API so that Claude can identify and categorize the individual transactions on that page. This processing occurs via Anthropic's API infrastructure in the United States.

What is NOT sent to Anthropic. Raw account numbers, passwords, and any other authentication credentials are never transmitted to Anthropic.

Server retention. The uploaded PDF is deleted from StateVu servers immediately after processing is complete.

Anthropic's handling of your data. Under Anthropic's Commercial Terms of Service, Anthropic does not use customer API inputs or outputs to train its AI models. Anthropic provides data protections equal to those described in this Privacy Policy, including a contractual commitment not to use StateVu user data for model training. See Anthropic's Commercial Terms and Privacy Policy for details.

Your consent. Before your first upload, StateVu presents an in-app consent sheet that you must accept. Consent is required to use the statement-analysis feature — declining blocks upload. You may revoke this consent at any time from within the app.

4. Data Storage & Retention

Uploaded PDFs and screenshots are deleted immediately after expense extraction — they are never stored permanently. Extracted expense data is retained in your account until you choose to delete it.

Sensitive financial fields (merchant name, description, notes) are encrypted at rest using AES-256-GCM. Your data is stored on secure, access-controlled servers.

5. Third-Party Services

We use the following third-party services to operate StateVu:

  • Anthropic, PBC (Claude AI API): transaction extraction and expense categorization. Receives images of your uploaded bank statement pages as described in Section 3. Bound by Anthropic's Commercial Terms not to use StateVu user data for model training; see also Anthropic's Privacy Policy.
  • Apple / Google: In-app subscription billing and payment processing. We do not see or store your payment card details.
  • Firebase (Google): Authentication and push notifications.
  • DigitalOcean: Cloud infrastructure and data hosting.

Each third-party provider operates under their own privacy policy and data protection obligations.

6. Data Security

We implement industry-standard security measures including TLS encryption in transit, AES-256-GCM encryption at rest for sensitive fields, secure authentication, and access-controlled infrastructure. While no system is 100% secure, we are committed to protecting your financial data with best-practice safeguards.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

GDPR (European Economic Area)

If you are in the EEA, you have the right to access, rectify, erase, restrict processing, and port your data, as well as the right to object to processing. Our legal basis for processing is your consent and the performance of our contract with you.

CCPA (California)

California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

LGPD (Brazil)

Brazilian residents have the right to confirmation of processing, access, correction, anonymization, portability, deletion, and information about sharing. You may revoke consent at any time.

For all users: you may delete all your data at any time from within the app. One tap and all data is permanently removed. To exercise any other rights, contact us at [email protected].

8. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers in accordance with applicable data protection laws.

9. Children's Privacy

StateVu is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes through the app or via email. Continued use of StateVu after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or your data, contact us at [email protected].