Privacy Policy

• mailAccount email address — only when you sign up. Required for login; never shared with third parties for marketing.
• cloud_syncFinancial snapshots (cloud sync — opt-in) — your asset values, balance entries, and derived metrics are uploaded to our servers only if you turn on Cloud sync in Settings. The toggle defaults to on for authenticated users; you can turn it off at any time.
• bar_chartAnonymous product analytics. attribook uses Umami, a privacy-friendly, cookieless analytics tool, to understand which pages and features are used. We record page views (referrer, browser, country) plus a small set of named events when you take an action: saving a snapshot, dismissing a guidance card, or changing your reporting currency. The events carry only categorical and bucketed metadata: event name, tier or type, bucketed counts (e.g. 4-7 assets), mode (local or cloud), and tenure band. They never include your balances, asset names, goal target amounts, email, or any field that could reconstruct your wealth. Trial sessions are deliberately quiet: instead of recording every page view, we record one event per unique page you visit during the trial (so revisiting the same page does not fire again) plus the key milestones in the trial flow. No cookies are set and no cross-site tracking occurs.
• analyticsAnonymised benchmark metrics (telemetry — opt-in) — if you enable Contribute to benchmarks in Settings, attribook sends derived numbers (savings rate, health score, outflow rate) tagged with anonymised cohort bands (age range, income range, country). Your identity is replaced with a one-way cryptographic hash — we cannot reverse it to find you.

• receipt_longTransaction data or receipts — attribook tracks snapshots of totals, not individual transactions. We never ask for receipts, line items, or purchase history.
• lockBank credentials or API tokens — attribook has no bank API integration. No passwords, no OAuth tokens, no read access to your accounts.
• person_offIdentifying fields in telemetry — when telemetry is enabled, your user ID, email, and dataset ID are stripped before any row is written. Only the cryptographic hash and cohort bands travel over the network.
• sellSold or shared personal data — we do not sell, rent, or share your personal financial information with advertisers or data brokers.

• downloadExport your data at any time — Settings → Data → Download data file produces a portable JSON file containing everything attribook knows about your wealth. Take it to any device or any compatible tool.
• cloud_offDisconnect cloud sync — turning off Cloud sync in Settings stops all raw balance data from syncing to our servers. Your local IndexedDB copy is unaffected.
• toggle_offOpt out of benchmark contributions — the Contribute to benchmarks toggle in Settings → Data stops new telemetry rows from being written immediately. Existing rows are retained as they are already anonymised and untraceable.
• delete_foreverRequest account deletion — contact us via /support to request full deletion of your account and any server-side data. We will process the request within 30 days.

If you have any questions about how attribook handles your data, or to submit a data access or deletion request, please reach out via our support page.