Loocero← Back to home

Privacy Policy

Last updated: May 29, 2026

Summary

Loocero is a privacy-first personal finance app. As of the date above, we collect only what we need to run the product, we do not sell your financial data, and we do not use your financial records for interest-based advertising. If those practices change materially, we will update this policy and provide notice as described in §12.

1. Who we are

Loocero is a privacy-first personal financial management application operated by Aktivbrain LLC, a North Carolina limited liability company. References in this policy to Loocero, we, us, or our mean Aktivbrain LLC and the Loocero application.

Loocero is a software tool for personal financial organization. It is not a bank, broker, investment adviser, tax adviser, or insurance company. Nothing in the product or this policy constitutes financial, investment, tax, or legal advice.

2. Data we collect

2.1 Account information

When you create an account we collect the email address you sign up with, an optional display name, and your selected display currency (USD or COP today). We use Supabase Auth for password storage and session management; we never see or store your raw password.

2.2 Financial records you import or connect

Loocero stores the financial records you choose to add to your account. These include:

We do not store the raw upload files themselves, raw bank statement PDFs, free-form notes attached to records, or any chat history (see §4).

2.3 Subscription and billing data

If you upgrade to Loocero Pro, we mirror your Stripe customer ID, subscription ID, plan tier, status, and current billing-period end date so the app can gate Pro features. Card and bank-account details are entered into Stripe-hosted Checkout and never touch our infrastructure (see §3.4).

2.4 Optional AI provider key (BYOK)

If you choose the “Bring Your Own Key” option for AI chat, your OpenAI API key is encrypted with AES-256-GCM using a server-held key and stored as ciphertext only. The key value itself is never returned to the browser after save and is never logged.

2.5 Operational metadata

We log standard HTTP request data (URL, status, response time, IP address, user agent) via our hosting provider. We log application errors via Sentry with a strict allow-list — see §3.6.

We do not run third-party analytics, advertising pixels, behavioral trackers, or session recorders on any Loocero surface. Our cookie use is described separately at /cookies.

2.6 Data inventory (summary)

The table below summarizes the main categories of personal information we handle today. Details for each processor appear in §3.

CategoryExamplesPurpose
Account identifiersEmail, user ID, display nameAuthentication, support
Financial records you addTransactions, accounts, budgets, categoriesCore product features
Plaid-linked dataBalances, transactions, holdings (when you connect a bank)Sync at your direction
Billing metadataStripe customer/subscription IDsPro subscription
Operational logsIP, user agent, error codesSecurity and reliability

3. Third-party processors

Loocero is hosted SaaS, which means we rely on third-party processors to deliver the product. Each processor receives only the minimum data needed for its function.

3.1 Supabase (database, authentication, storage)

US-region Supabase project hosts our Postgres database and authentication. Receives every record described in §2.1, §2.2, §2.3, and §2.4. There is no copy elsewhere.

3.2 Plaid (bank and investment account connectivity)

When you connect an institution, you direct Loocero to retrieve account data on your behalf. Plaid handles credential entry inside its own iframe — your bank username and password are entered there, not on our site, and we never see them. Plaid returns institution metadata, account balances, transactions, and investment holdings to our server. We do not send Plaid your email, name, address, or any Loocero-side categorizations or notes. Plaid’s privacy policy applies to data they process.

3.3 OpenAI (AI chat)

When you use the AI chat feature, we send OpenAI a pre-computed financial summary (capped at approximately 3,500 characters) plus the most recent ten messages in the in-browser conversation. The summary contains rolled-up totals (net worth, top accounts, top categories, top merchants, active budgets and goals). It does not contain raw transactions, account numbers, institution identifiers, your email, or any other identifier. If you supply your own OpenAI API key (BYOK), your requests are routed to OpenAI under your billing relationship using that same context shape.

3.4 Stripe (subscription billing)

Stripe processes payments for Loocero Pro. Card numbers, billing addresses, and any other payment details are entered into Stripe-hosted Checkout pages and never touch our servers. We send Stripe your email and a Loocero user identifier so the subscription webhook can resolve back to your account.

3.5 Vercel (hosting)

Loocero runs on Vercel’s US infrastructure. Vercel sees standard HTTP request metadata (path, status, IP, user agent) and our application logs. Request bodies are not captured by default. Vercel retains operational logs for 30 days per their published policy.

3.6 Sentry (error tracking)

We use Sentry to capture application errors and stack traces. A strict server-side allow-list controls what context fields can be attached to an error report (action name, user ID, error code, fixed-set enums). A second-line scrubber strips any financial-payload-shaped values that slip through. We do not send Sentry transaction descriptions, amounts, balances, chat content, or API keys.

3.7 Email (Resend)

We use Resend to deliver transactional email — password resets, waitlist confirmations, bank-connection alerts, and similar operational messages. Resend receives your email address and the content required to send each message. Resend does not receive your financial records.

3a. Advertising, sale, and sharing

As of the date above, Loocero does not sell personal information as that term is commonly defined under U.S. state privacy laws, and we do not use your financial data for interest-based or cross-context behavioral advertising. We also do not run third-party advertising pixels or behavioral analytics on product surfaces.

If we introduce advertising, data sharing for ad measurement, or similar practices in the future, we will update this policy, describe the categories involved, and provide notice before those practices take effect for existing users where required by law.

4. AI chat and what is never stored

Loocero ships under seven non-negotiable rules that constrain what we hold:

  1. Raw uploaded import files are deleted automatically after a successful import.
  2. Abandoned uploads and parser staging artifacts are auto-deleted on a short window.
  3. Hosted Loocero stores only normalized financial records and minimal import metadata.
  4. Hosted Loocero stores no saved free-form notes.
  5. Hosted Loocero stores no AI chat history, summaries, or memory. The conversations and messages tables do not exist in the database.
  6. AI chat is real-time only. You can export a chat to your own device as Markdown or JSON; nothing is persisted on our side. Closing the tab discards the conversation.
  7. Internal logging, analytics, and error reporting do not capture financial payloads or chat content.

The technical controls that enforce each rule are documented at /privacy/architecture.

5. How we use your data

We do not sell your personal information for money. We do not share your financial data with third parties for their independent advertising purposes. We do not use your financial data to train machine-learning models, ours or anyone else’s, except as needed to operate product features you invoke (such as categorization rules you configure).

6. Data retention

Records you create remain in your account until you delete them or close your account. Deleted records (transactions, holdings) are removed immediately or soft-deleted with a deletion timestamp; soft-deleted rows are not visible in the application. Vercel operational logs are retained for 30 days. Sentry retains the structured allow-listed error context per its standard plan retention. Stripe retains billing records per its own retention policy, which we cannot override.

Detailed deletion mechanics are documented at /data-deletion.

7. Your rights

8. California residents (CCPA / CPRA notice)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.

8.1 Categories of personal information collected

In the past twelve months we have collected the following CCPA categories: identifiers (email, account ID), commercial information (subscription status, transaction records you choose to import), internet or other electronic network activity (request logs), and inferences (categorizations applied to your transactions).

8.2 Sale or sharing of personal information

We do not sell or share your personal information as those terms are defined under the CCPA / CPRA. We do not run cross-context behavioral advertising.

8.3 Your rights

California residents may request to know what personal information we hold, request its deletion, request correction of inaccurate information, and opt out of any future sale or sharing. Submit any of these requests by emailing [email protected] with the subject line CCPA Request and the email address associated with your account. We will respond within 45 days as required by law. We will not discriminate against you for exercising any CCPA right.

8.4 Authorized agents

You may designate an authorized agent to make a request on your behalf. We will require the agent to provide written authorization and may require you to verify your own identity directly.

8.5 Other U.S. state privacy laws

Residents of Colorado, Connecticut, Virginia, Texas, and other states with comprehensive privacy laws may have additional rights to access, delete, correct, or obtain a portable copy of personal information, and to opt out of certain processing such as targeted advertising or profiling. Submit requests to [email protected] with the subject line Privacy Request and the email address associated with your account. We will respond within the timeframe required by applicable law.

8.6 Accessibility

If you need this policy in an alternative format, contact [email protected].

9. Children

Loocero is not intended for users under 18 and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

10. Security

All traffic is encrypted in transit using TLS 1.3. Data at rest is encrypted at the platform level by our database provider. Sensitive credentials such as Plaid access tokens and BYOK API keys are additionally encrypted at the column level using AES-256-GCM with server-held keys. Production database access is gated by Row-Level Security policies scoped to auth.uid(); service-role access is restricted to a small, explicitly-listed set of server modules.

11. International users

Loocero is operated from the United States and our processors operate primarily in the United States. If you access the service from outside the US, your information will be transferred to and processed in the US.

12. Changes to this policy

We will update this policy as the product changes. Material changes will be reflected in the “Last updated” date at the top and, where appropriate, communicated in the application before they take effect.

13. Contact

Questions, requests, or concerns about this policy: [email protected].