Privacy Policy

Effective April 14, 2026

Reviewed(“Reviewed,” “we,” “us,” or “our”) provides a personal-finance app that helps you review every charge on your linked bank and credit-card accounts. This Privacy Policy explains what we collect, how we use it, who we share it with, and the rights you have over your information. By creating an account or using Reviewed (the “Service”), you agree to this policy.

1. Information we collect

Account information

When you sign up we collect your name, email address, and authentication identifiers from our identity provider (Clerk). If you use a social login, we receive the basic profile fields you authorize.

Financial account information

When you link a bank or credit-card account, our partner Stripe Financial Connections authenticates you directly with your financial institution and returns a read-only data feed to Reviewed. We never see or store your online-banking username or password. From that feed we receive: institution name, account name and type, masked account number, account balances, and transaction history (merchant name, date, amount, category, and similar metadata).

Device and usage information

We collect basic device data (model, OS version, app version, language, time zone), log data (IP address, request timestamps, error reports), and product analytics (features used, screens viewed) to operate and improve the Service. Push tokens are stored only if you opt in to notifications.

Information you provide

Notes, tags, flags, approvals, and any messages you send us through in-app support or email.

2. How we use your information

• To provide the core Service: display your transactions, detect recurring charges, and send you charge alerts.
• To enrich merchant names so “SQ *AC0930 NY” becomes something you can actually recognize.
• To authenticate you, prevent fraud and abuse, and keep accounts secure.
• To send transactional messages (security alerts, receipts, account notices) and, if you opt in, product updates.
• To debug, monitor performance, and improve features.
• To comply with legal obligations and enforce our Terms.

We do not sell your personal information. We do not use your transaction data for advertising, and we do not share it with data brokers.

3. Legal bases (EEA/UK users)

Where GDPR applies, we process personal data on the basis of (a) performance of our contract with you, (b) your consent (e.g. for notifications), (c) our legitimate interests in operating and securing the Service, and (d) compliance with legal obligations.

4. Service providers (subprocessors)

We share information only with vendors that help us run the Service, each bound by data-protection commitments:

• Stripe — Financial Connections, payments.
• Clerk — authentication and account management.
• Convex — application database and server functions.
• Vercel — hosting and edge delivery.
• AgentMail — transactional email delivery.
• Anthropic (via Vercel AI Gateway) — merchant name enrichment. Only the raw merchant string and amount are sent; no account identifiers.
• Apple Push Notification service / Firebase Cloud Messaging — push delivery (only if you enable notifications).

5. Data sharing

Beyond the subprocessors above, we share information only: (a) with your consent, (b) to comply with valid legal process, (c) to protect the rights, property, or safety of Reviewed, our users, or the public, or (d) in connection with a merger, acquisition, or sale of assets, in which case we will provide notice before personal data is transferred.

6. Data retention

We keep your account and transaction data while your account is active. If you delete your account, we delete your personal data and transaction history within 30 days, except where we are required to retain certain records (for example, tax or anti-fraud logs) for a limited period.

7. Your rights and choices

• Access & portability: Request a copy of the personal data we hold about you.
• Correction: Update inaccurate information from Settings or by contacting us.
• Deletion: Delete your account at any time from Settings → Account → Delete account, or email us. Deletion disconnects every linked Stripe Financial Connections account and purges your transactions.
• Disconnect a bank: Remove any individual financial connection from Settings.
• Notifications: Turn off push or email notifications anytime from your device or in-app settings.
• Object/restrict: EEA/UK users may object to or restrict certain processing.
• Do Not Track: We do not respond to DNT signals but we also do not track you across third-party sites.

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined.

8. Security

We use TLS in transit, encryption at rest, scoped credentials, and least-privilege access controls. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at privacy@reviewed-app.com.

9. Children

Reviewed is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

10. International transfers

Reviewed is operated from the United States. If you use the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other jurisdictions where our service providers operate.

11. Changes to this policy

We may update this policy from time to time. If we make material changes we will notify you in-app or by email before the changes take effect. The “Effective” date above always reflects the current version.

12. Contact

Questions, requests, or complaints? Email privacy@reviewed-app.com. We respond within 30 days.