Privacy Policy

1. Information We Collect

When you sign up or use AllSquare, we collect:

• Name and email address via Google OAuth or email/password authentication
• User-generated content, like group names, expense notes, descriptions, and avatars
• Session interaction data (e.g. clicks, scrolls, page visits, session recordings) for product improvement purposes via PostHog
• Device information (browser type, operating system, screen resolution)
• Usage analytics (feature usage, error logs, performance metrics)
• Connected AI client authorization data, such as the client name, granted scopes, consent records, token metadata, revocation status, and short-lived request idempotency records

We do not collect:

• Precise location data
• Credit card or payment details (handled directly by Stripe)
• Third-party advertising cookies

2. How We Use Your Data

We use your information to:

• Authenticate and sign you into the app
• Send transactional or account-related emails
• Personalize your experience and remember your preferences
• Provide customer support
• Process expense data using AI for natural language parsing
• Let AI clients you authorize, such as ChatGPT Custom GPTs or MCP clients, access or update your AllSquare data within the scopes you approve
• Improve our services through analytics
• Ensure security and prevent fraud

3. Data Sharing, Service Providers, and Third-Party Access

We share your data with these and similar service providers:

• Supabase: Authentication, database, and file storage (US-based)
• Resend: Transactional email service for invitations and notifications
• PostHog: Product analytics and session recording (may include interaction data)
• AI model providers and routing services: Providers such as OpenRouter, Anthropic, OpenAI, or Google AI may process expense descriptions and member names when you use AllSquare's natural-language expense entry
• Stripe: Payment processing (planned for future paid features - we will never store payment details)
• Vercel: Hosting and infrastructure (processes requests)

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Our service providers are bound by data processing agreements and are required to protect your data in accordance with this policy.

Authorized third-party access

Third-party AI clients, including ChatGPT Custom GPTs and MCP-compatible applications, receive AllSquare data only after you authorize access through our consent flow. These AI clients are controlled by their own providers and are subject to their own terms and privacy policies.

4. AI Data Processing

When you use our AI-powered expense entry feature:

• Your expense descriptions and group member names are sent to the AI model providers and routing services we use for this feature
• The AI processes this data to create structured expense entries
• We don't store your raw data with AI providers beyond processing
• AI providers may temporarily process data according to their policies
• You can opt out by manually entering expenses instead

The AI-generated suggestions are not guaranteed to be accurate. You are responsible for reviewing and confirming all entries.

Connected AI clients, GPT Actions, and MCP

If you connect AllSquare to an external AI client, such as a ChatGPT Custom GPT or an MCP-compatible client, that client may request access to your AllSquare account through OAuth. We show the requested permissions before you approve access.

• Read access: Allows the connected client to view your groups, group members, recent expenses, and balances.
• Write access: Allows the connected client to create one-time or recurring expenses in groups you belong to.
• We store authorization records, granted scopes, token metadata, revocation status, and related security logs so the integration can work and be revoked.
• We store access and refresh tokens only in hashed form. Access tokens are short-lived, refresh tokens expire after 30 days, and you can disconnect an AI client from your account settings.
• When a connected client sends an idempotency key for a write request, we may temporarily store an idempotency record, including a request hash and the response we returned, for up to 24 hours so retrying the same write returns the same result.
• ChatGPT Custom GPTs and other external AI clients may process your prompts and the AllSquare data returned to them according to that provider's own terms, privacy policy, data controls, and retention settings.

Disconnecting an AI client revokes future access from AllSquare, but it may not delete copies of data that were already sent to that client or its provider. You may need to use that provider's own privacy controls to manage data stored outside AllSquare.

5. Cookies and Tracking Technologies

AllSquare uses the following types of cookies and tracking:

• Essential cookies: Required for authentication and core functionality
• Analytics cookies: PostHog analytics to understand usage patterns
• Session recording: PostHog may record user sessions for product improvement
• Local storage: To save preferences and improve performance

You can control cookies through your browser settings, but disabling essential cookies may prevent you from using AllSquare.

6. Data Retention

We retain your data according to the following schedule:

• Account data: Retained while account is active
• Expense data: Retained for 7 years for financial records
• Connected AI client records: Retained while the connection is active and for a reasonable period afterward for security, audit, and abuse-prevention purposes
• Connector idempotency records: Retained for up to 24 hours
• Avatar images: Deleted 30 days after removal from profile
• Analytics data: Aggregated and anonymized after 90 days
• Session recordings: Deleted after 30 days
• Inactive accounts: Deleted after 24 months of inactivity

Upon account deletion, personal data is removed within 30 days, except where retention is required for legal compliance.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Object: Opt out of certain data processing activities

Residents of certain U.S. states (including, but not limited to, California, Virginia, Colorado, Connecticut, Utah, and Texas) may have additional privacy rights under applicable state privacy laws. Depending on where you reside, these rights may include:

• Right to Know/Access: You may request to confirm whether we process your personal data and to access such data.
• Right to Correction: You may request that we correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of processing.
• Right to Deletion: You may request deletion of personal data that we hold about you, subject to certain exceptions (such as if we must keep the data to comply with legal obligations).
• Right to Data Portability: You may request to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
• Right to Opt-Out: You may request to opt out of: (i) targeted advertising, (ii) the sale of your personal data, and/or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your state privacy rights.

For California residents (CCPA): You have additional rights to know what personal information we collect, request deletion, opt-out of sale (we don't sell data), and non-discrimination.

For EU/EEA residents (GDPR): You have the right to lodge a complaint with your supervisory authority and withdraw consent where processing is based on consent.

For more information about your state privacy rights, you may visit the following official state resources:

• California (CCPA/CPRA) – https://oag.ca.gov/privacy/ccpa
• Virginia (VCDPA) – https://www.oag.state.va.us/consumer-protection
• Colorado (CPA) – https://coag.gov/resources/data-privacy/
• Connecticut (CTDPA) – https://portal.ct.gov/AG/Sections/Privacy/Privacy
• Utah (UCPA) – https://dcp.utah.gov/
• Texas (TDPSA) – https://www.texasattorneygeneral.gov/divisions/consumer-protection/data-privacy
• Oregon (OCPA) – https://www.doj.state.or.us/consumer-protection/
• Delaware (DPDPA) – https://attorneygeneral.delaware.gov/fraud/consumer-protection/

These resources are maintained by the respective state authorities and may provide additional guidance on your privacy rights and how to exercise them.

To exercise your rights, email support@allsquare.app

8. Data Security

We implement industry-standard security measures:

• Encryption in transit (TLS/SSL) and at rest
• Row-level security in Supabase for data isolation
• Regular security audits and updates
• Limited access controls for team members
• Secure password hashing (bcrypt)
• OAuth scopes, PKCE for public clients, token hashing, refresh token rotation, and revocation controls for connected AI clients

In case of a data breach affecting your personal information, we will notify you within 72 hours via email and provide information about the incident and steps to protect yourself.

However, no system is 100% secure. Use AllSquare at your own risk.

9. Children's Privacy

AllSquare is not intended for children under 13 (or 16 in some jurisdictions), and we do not knowingly collect data from minors. If we learn we have collected data from a child, we will delete it promptly.

10. International Data Transfers

Your data may be transferred to and processed in the United States where our service providers are located. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses with service providers
• Applicable cross-border transfer safeguards where required
• Data processing agreements with service providers

By using AllSquare, you consent to the transfer and storage of your data in the United States.

11. Changes to This Policy

We may update this policy periodically. If changes are significant, we'll notify you by email or through the app at least 30 days before the changes take effect. Continued use after notification constitutes acceptance of the updated policy.

12. Data Controller and Access

AllSquare is the data controller for personal information collected through our service.

Currently, only authorized team members have access to user data, and only when necessary—for example, to investigate a bug, respond to a support request, or maintain the service. Access is limited, logged, and handled with care.

13. Contact

For privacy questions, data requests, or to exercise your rights:

📧 support@allsquare.app

Response time: We aim to respond to all privacy-related requests within 30 days.