Your privacy matters. This Privacy Policy explains what personal information TheCashFox collects, how we use it, how we protect it, and the choices you have. It applies to our website and all services operated under TheCashFox (the "Service").
1. Information we collect
Information you provide
Account information — name, email address, and password (stored as a cryptographic hash, never in plain text)
Business and financial data — business names, book titles, entry amounts, categories, descriptions, receipts, comments, and attachments you upload
Team and collaboration data — invitations you send, team member emails, and role assignments
Payment information — billing details are collected and stored directly by Stripe; we receive only a customer identifier and subscription status. We never see or store your card number.
Support correspondence — messages you send us
Information collected automatically
Usage data — pages visited, features used, device type, browser, operating system, referring URL, timestamps
Log data — IP address, access times, and errors encountered (used for security, debugging, and abuse prevention)
Cookies and similar technologies — used to keep you signed in, remember preferences (e.g. theme), and measure usage. You can disable cookies in your browser but some features may stop working.
2. How we use your information
To provide, operate, and maintain the Service
To authenticate you and protect your account
To process payments and manage subscriptions (via Stripe)
To send transactional emails — account verification, password reset, team invitations, report emails you have opted into
To improve the Service, fix bugs, and add features
To detect and prevent fraud, abuse, and security incidents
To comply with legal obligations
We do not sell your personal information, and we do not use your financial data to train AI models.
3. AI features and third-party processing
When you use AI-assisted features (receipt scanning, auto-categorization, cash flow insights) your input — the image or aggregated numbers — is sent to our AI provider (Anthropic) for processing. We do not send raw entry descriptions, customer names, or any data that is not strictly required for the requested feature. Our provider is bound by its own data-processing terms and does not retain content for training.
4. Sharing and disclosure
We share your information only with:
Service providers who help us operate TheCashFox — hosting (e.g. Railway), payments (Stripe), email delivery (e.g. Mailgun or Amazon SES), error monitoring, and AI (Anthropic). Each is bound by contract to protect your data and use it only for the services they provide us.
Team members you invite — if you invite another user to a business, they will see the business data you share access to, scoped by their role.
Legal requests — if required by valid law, court order, or subpoena, or to protect rights, property, or safety.
Successors — in a merger, acquisition, or sale of assets, your data may transfer to the successor entity, subject to this Policy.
5. Data retention
We retain your account and business data for as long as your account is active. If you close your account, we will delete or anonymise your personal data within a reasonable period, unless we are required to retain it to comply with legal, tax, or accounting obligations or to resolve disputes.
6. Security
We use industry-standard measures to protect your information, including HTTPS encryption in transit, encrypted passwords, access controls, and regular security review. No system is perfectly secure, but we work hard to keep your data safe and will notify affected users promptly of any confirmed data breach as required by law.
7. Your rights
Depending on where you live, you may have the right to:
Access the personal information we hold about you
Correct inaccurate information
Delete your account and associated personal data
Export a copy of your data in a portable format
Object to or restrict certain processing
Withdraw consent where processing is based on consent
You can exercise most of these rights directly inside the Service (profile settings, account deletion, data export). For anything else, email us.
8. Children
TheCashFox is not directed at children under 16 and we do not knowingly collect personal information from them. If you believe a child has given us information, contact us and we will delete it.
9. International data transfers
Your information may be processed in countries other than the one you live in. By using the Service you consent to the transfer of your information to those countries, subject to appropriate safeguards.
10. Cookies
We use a small number of strictly necessary cookies (session, authentication, theme preference, CSRF protection). We do not use advertising or cross-site tracking cookies. If we add analytics or marketing cookies in the future we will update this Policy and provide appropriate notice.
11. Changes to this Policy
We may update this Policy from time to time. When we make material changes we will notify users by email or through the Service. The "last updated" date at the top of this page reflects the most recent revision.
12. Contact
Questions about this Policy, or want to exercise your rights? Email [email protected].
This Policy is a general template. For production use with real customers, and especially if you operate in the EU, UK, California, or other jurisdictions with strict data-protection laws (GDPR, UK GDPR, CCPA), have a qualified lawyer tailor it to your data flows.