Loocero← Back to home

What Loocero does with your data.

No vague promises. Here is every service we use, what it sees, and what we will never do.

Services we use

Supabase

Database, authentication, storage

Stores your financial data — accounts, transactions, net worth, budgets, goals. Hosted in the US. Encrypted at rest. Every read is scoped to your account by row-level security.

Plaid

Bank and investment connections

Connects to your bank to pull account balances and transactions. You enter your bank credentials into Plaid's own form — Loocero never sees them. Disconnect at any time from /accounts.

Resend

Transactional email

Sends password resets, waitlist confirmations, and account notifications. Receives your email address only. Never receives your financial data.

Vercel

Hosting

Runs the Loocero application and processes incoming web requests. Sees standard HTTP metadata (path, status, IP, user agent). Does not have direct access to your stored financial data.

Sentry

Error tracking

Captures application errors so we can fix bugs. Error reports go through a strict allow-list and a scrubber — no transaction amounts, balances, descriptions, or account details ever leave.

What Loocero never does

  • We do not sell your data to anyone, ever.
  • We do not run advertising. There are no ad networks on this site.
  • We do not use session-replay tools (like FullStory or Hotjar) that record your screen.
  • We do not use behavioral fingerprinting (like Castle.io) to track your device.
  • We do not share your financial data with AI providers in a way that could be used for training.
  • If you bring your own API key (BYOK), your key is encrypted before storage. We cannot read it.

AI chat and your privacy

Loocero’s AI chat sees your financial data only for the duration of a session.

Nothing from your AI conversations is stored. When you close the chat, it is gone — the conversations and messages tables do not exist in our database.

If you use your own OpenAI or Anthropic key, your queries go through Loocero’s server so we can attach your financial context, then on to the AI provider. The provider sees the question and a rolled-up summary — not your name, your email, or your account credentials.

If you set your birth month and year on /settings, that age is included in the per-request summary so retirement and time-horizon answers can be grounded. We never collect day-of-birth — month and year only, and you can clear it at any time.

Want the full policy? Read the privacy policy or go back home.