Basis
LGPD, GDPR, and US best practices
Privacy
Privacy policy
How Lumpefy collects, uses, protects, and deletes data.
Files
Receipts not permanently stored by default
Rights
Access, correction, export, and deletion
1. Data collected
- Account data: name, email, language, workspace, and subscription status.
- Financial data you enter: accounts, categories, transactions, goals, recurrences, imports, and reconciliations.
- Minimal technical data: security logs, error events, rate limits, device type, and product usage events.
2. Purposes
- Operate the app, authenticate users, and keep workspaces isolated.
- Display financial calculations, goals, filters, reports, and history.
- Prevent abuse, protect accounts, debug failures, and improve the experience.
3. Receipts and add by photo
A photo or file sent for reading is used to extract transaction details and is not permanently stored by default. The system saves only necessary structured data, such as amount, date, description, suggested category, status, and transaction link.
4. Analytics and Microsoft Clarity
We use Microsoft Clarity to understand navigation issues, visual performance, and friction points. These events help fix bugs and improve UX. Sensitive financial form information should remain protected through masking and privacy controls.
5. Privacy rights
Under LGPD, GDPR, and applicable laws, you may request access, confirmation of processing, correction, portability/export, deletion, restriction, objection, and information about sharing where these rights apply.
In the United States, specific rights may vary by state. Where applicable, we will follow requirements for transparency, access, deletion, and data security.
6. Security, retention, and deletion
We apply TLS in transit, Supabase authentication, workspace isolation, rate limits, and database access policies when configured. Data is kept while the account is active or as needed for legal obligations, security, and audit.