Back to Welcome

Privacy Policy

Last Updated: May 18, 2026

At iAccountApp, your financial privacy is our absolute highest priority. This Privacy Policy details how we collect, protect, isolate, and manage your data when you interact with our platform.

1. Information We Collect

To provide forensic analysis, we only collect the minimum amount of data required to serve your requests:

  • Account Credentials: Your Name, Email Address, and cryptographic password hashes to authorize entries.
  • Financial Raw Data: Transaction rows, dates, descriptions, categories, and amount figures parsed from statements you upload (PDF and CSV format).
  • AI Chat Context: The text logs of conversational messages you submit to the AI Chat Analyst.

2. How We Use Your Information

We process your data exclusively to generate analytical results in real time:

  • Building interactive dashboards showing credit/debit balances, cashflow stability scores, and habits patterns.
  • Running your transactions through the interactive Resilience Simulator to help you calculate emergency coverages.
  • Providing relevant, context-bound replies inside your AI Chat Assistant.

3. Complete Session Isolation & Sandbox Security

Unlike standard generic fintech platforms, we run a rigorous multi-user sandbox:

  • Your uploaded financial statements, goal thresholds, custom categories, and rules are securely keyed to your specific `user_id`.
  • We enforce parameterized database queries to ensure that another registered user can never query or view your financial records.
  • We use strict `X-XSRF-TOKEN` cookie synchronization headers to prevent cross-site request forgery and authenticate requests.

4. Retention & Permanent Deletion ("Source Eraser")

EMPOWERED TO ERASE: You hold absolute authority over your financial data. The "Source Eraser" utility allows you to instantly purge any bank statement data source you have imported. Clicking the trash icon securely deletes all raw source mappings and immediately propagates down to drop all associated transactions permanently from our database.

5. Third-Party Integrations & OAuth

We leverage industry-standard services to extend core capabilities safely:

  • Google OAuth: Allows you to authenticate quickly without sharing your Google account credentials or profile history.
  • Forensic AI (DeepSeek / OpenAI): We integrate with encrypted API models to answer conversational requests based *only* on context parameters sent. No transaction data is used to train these models.

6. Privacy Contact

If you have questions about how we isolate session variables, clean up orphaned entries, or validate tokens, feel free to review our local Help Guide or contact our developers.