Privacy Policy

Last updated: March 18, 2026

1. Introduction

Outlai ("we", "our", "us") operates the Outlai personal finance application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a hashed version of your password. We never store passwords in plain text.

Financial Data

We collect transaction data that you manually enter or import, including amounts, descriptions, dates, and categories. If you use bank sync features, we collect account and transaction data through our third-party provider (Plaid).

Usage Data

We may collect information about how you access and use the Service, including your device type, browser type, IP address, and pages visited.

AI Processing Data

When you use AI-powered features (smart add, auto-categorization, recommendations), your transaction descriptions are sent to our AI provider (Anthropic) for processing. This data is not used to train AI models and is processed in accordance with Anthropic's usage policies.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and categorize your spending
• Generate spending insights and recommendations
• Process payments and manage subscriptions
• Send you service-related communications
• Detect and prevent fraud or abuse

4. Data Sharing

We do not sell your personal information. We may share data with:

• Service providers: Stripe (payments), Anthropic (AI processing), Plaid (bank connections), and Fly.io (hosting) — only as necessary to operate the Service
• Legal requirements: When required by law, regulation, or legal process

5. Data Security

We implement industry-standard security measures including:

• AES-256 encryption for sensitive data at rest
• TLS/HTTPS for all data in transit
• Bcrypt password hashing
• JWT-based authentication with token expiry
• Rate limiting to prevent abuse

6. Data Retention

We retain your account and transaction data for as long as your account is active. You may export your data at any time using the export feature. Upon account deletion, your data will be permanently removed within 30 days.

7. Your Rights

You have the right to:

• Access and export your data
• Correct inaccurate information
• Delete your account and associated data
• Opt out of non-essential communications

8. Cookies

We use essential cookies and local storage (Hive, secure storage) to maintain your session and preferences. We do not use third-party tracking cookies.

9. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@outlai.io.