imperabudget

Legal

Privacy Policy

Last updated: pending attorney review.

Our privacy practices, plainly stated.

Our formal Privacy Policy and GLBA Financial Privacy Notice are drafted and under attorney review. During the private beta, our data-handling practices are summarized below. The executed documents will supersede this summary once finalized.

What we collect

  • Your email and chosen display name
  • Financial data you enter or import (budgets, plans, subscriptions, transactions)
  • Bank-account metadata from Plaid when you connect an account (balance, transactions — never login credentials; those are held by Plaid, not us)
  • Stripe customer identifiers for subscription billing (payment method details are handled by Stripe, not stored on our servers)
  • Technical data: IP address, browser user-agent, device type, and timestamped audit events (login, password change, data export, etc.)

What we do NOT do

  • We do not sell your personal or financial data.
  • We do not license your data to third parties for their marketing.
  • We do not accept referral fees from partner financial products.
  • We do not show advertising.
  • We do not read or monitor your transactions for any purpose outside rendering your budget and providing the AI features you explicitly invoke.

Sub-processors

We use the following vendors to operate the service. Each is bound by a data processing agreement:

  • Supabase — database, authentication, storage (AWS us-east-1)
  • Vercel — web application hosting
  • Stripe — subscription payment processing
  • Plaid — bank account aggregation (only if you choose to connect)
  • Anthropic — AI features (transaction classification, Smart Budget Import); data sent is not retained for model training per the Anthropic API Commercial Terms
  • Resend — transactional email delivery
  • Sentry — error monitoring (session replay disabled for privacy)
  • Doppler — secrets management

Your rights

  • Export. Download all your data at any time from Settings → Security in CSV or JSON.
  • Delete. Delete your account from Settings → Security. 30-day grace period; after that, permanent erasure.
  • Correction. Edit your profile and data from Settings.
  • State-law rights. If you are a resident of California, Colorado, Connecticut, Oregon, Texas, Utah, or Virginia, you have additional rights under state privacy laws. Email us and we'll honor them.

Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access is authenticated per-user via Supabase Row-Level Security. Access to production systems is limited and audit-logged. Security concerns: security@impera-us.com.

Contact

Privacy questions or requests: support@impera-us.com. We respond within 30 days.

This summary is informational and does not constitute the executed Privacy Policy. The final documents will be posted here before general availability.