Privacy Policy
Last updated: January 24, 2026
Your Privacy Matters
At VeroFi, we believe your financial data should remain private. VeroFi is a local-first personal finance application, which means your sensitive financial information stays on your device. This privacy policy explains exactly what data we collect, how we handle it, and the choices you have.
Our Local-First Approach
VeroFi is designed with privacy at its core. Your financial transaction data—including amounts, dates, account numbers, and balances—is stored exclusively on your device using your browser's IndexedDB. VeroFi's servers never see or store your transaction history or bank balance.
Important: Because your data is stored locally, if you clear your browser cache or use a new device, you will lose this data. We recommend regularly backing up your data using the export feature.
Data Stored Locally on Your Device
The following data is stored only in your browser and never transmitted to our servers:
- Transactions: Full financial records including amounts, dates, and merchant names
- Budgets: Monthly budget allocations and spending targets
- Tags: User-defined labels for organizing transactions
- Merchant Rules: Your manual overrides for how specific merchants should be categorized
- Learned Decisions: A local cache of past AI categorization results to speed up future uploads
- Import History: A log of previously uploaded CSV files
Data Stored on Our Servers
We only store non-sensitive information on our servers:
- Account Information: Your email, name, and user ID (managed by Clerk)
- CSV Header Presets: Your preferences for how to parse your bank's CSV columns
- Subscription Status: Whether you have a Free or Pro account
- Global Merchant Categories: A shared database of merchant names mapped to categories (e.g., "Amazon" → "Shopping"). This is not linked to individual users.
AI-Powered Categorization
When you upload a CSV file for categorization, we use AI (Google Gemini) to categorize your transactions. Here's exactly what happens:
- What is sent: Only the merchant name (e.g., "Uber *Trip 1234") is transmitted
- What is NOT sent: Transaction amounts, dates, account numbers, or any personal identifiers
- Sanitization: Before sending to the AI, we strip common payment processor prefixes (e.g., "PayPal", "Square") from merchant names
Merchant names may be used to improve our global categorization database, helping all users receive more accurate categorizations over time.
Third-Party Service Providers
We work with trusted third-party services to provide VeroFi:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication & User Management | Email, Password (hashed), Name, Device Info |
| Stripe | Payment Processing | Credit Card Details (handled directly by Stripe, not stored by VeroFi) |
| Google Gemini | AI Categorization | Merchant Names Only (no amounts or personal identifiers) |
| Turso | Database Hosting | CSV Mappings, Global Merchant Dictionary |
| Upstash | Rate Limiting | IP Address, User ID (transiently for API limits) |
| PostHog | Product Analytics | Usage events (e.g., "button clicked", "upload completed") |
| Vercel | Hosting Infrastructure | IP Address, Request Logs |
Your Rights and Choices
- Access: Your transaction data is stored locally and you have full access to it at any time
- Export: You can export your data using the backup feature
- Deletion: You can delete your local data by clearing your browser storage. For server-side account data, contact us to request deletion
- Account Closure: You may close your account at any time through your account settings
Data Security
We implement appropriate technical and organizational measures to protect your data. Your local data is protected by your browser's security mechanisms. Server-side data is protected using industry-standard encryption and access controls.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date.
Contact Us
If you have questions about this privacy policy or our privacy practices, please contact us through the contact form on our website.