Trackli

Trackli Privacy Policy

Last Updated: May 8, 2026

This Privacy Policy explains how Trackli LLC ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our web-based service at https://trackli.app/ (the "Service"), a comprehensive budgeting and expense tracking application with features for spending plans, planned spending category management, savings goals, bank balance projections, recurring transaction management, maaser/tithes management, and custom categorization rules. Trackli offers two subscription tiers: Standard (manual expense tracking with CSV/PDF imports, spending plans, savings goals, and projections) and Premium (includes automatic bank account synchronization via Plaid integration with automatic categorization).

Trackli LLC is organized under the laws of the State of New Jersey. We are committed to protecting your privacy. By using the Service, you agree to the practices described in this Policy.

1. Information We Collect

Account Information

  • Email address, name, and hashed password (we never store plain-text passwords)

Financial and Budgeting Data (user-provided)

  • Expenses, income, transaction amounts, dates, merchants, categories, subcategories, notes, budgets, and maaser/tithes tracking details
  • Spending Plans: Monthly spending plan data including income sources, bills, planned expenses, and budget allocations
  • Planned Spending: Planned spending budget categories, budget amounts, recurring vs. one-month budget configurations, and rollover carry settings that allow unused budget to carry forward to subsequent months
  • Savings Goals: Goal names, target amounts, target dates, and contribution history
  • Recurring Transactions: Recurring expense/income patterns, frequencies, and projected future occurrences
  • Bank Balance Projections: Current balances, projection settings, and 12-month cash flow forecasts
  • Dashboard Forecasts: 7-day balance forecasts based on recurring and expected transactions, and net worth calculations (assets minus liabilities)
  • Categorization Rules & Merchant Mappings: User-defined rules for automatically assigning categories to transactions based on merchant names or keywords, applied to both manual imports and automated Plaid syncs
  • Import History: Records of past CSV/PDF import events including import dates, file metadata, and processing status
  • Standard Tier: Data is entered manually or imported via CSV/PDF files
  • Bank Statements: When you upload CSV or PDF bank/credit card statements, they contain highly sensitive financial information including transaction details, merchant names, and spending patterns
  • Premium Tier (Plaid Integration): If you connect your bank account using Plaid, we collect account balances, transaction history, account numbers (masked), institution names, and account types. This data is automatically synced from your financial institutions through Plaid's secure API. Your categorization rules and merchant mappings are applied automatically to synced transactions

Subscription and Payment Information

  • Stripe customer ID, subscription status, and billing history
  • We do not store credit card numbers or full payment details — these are handled securely by Stripe

Usage Data

  • Login times, features used (e.g., CSV uploads, reports viewed), device/browser type, IP address, and session information

Technical and Analytics Data

  • Necessary cookies for authentication and session management, browser type, operating system, and referring pages

We do not collect sensitive financial data such as full bank account numbers, routing numbers, or passwords.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the Service (e.g., track expenses, generate spending plans and planned spending budgets, manage savings goals, project bank balances, calculate recurring transactions, calculate maaser, display reports and analytics, calculate 7-day forecasts and net worth)
  • Apply your categorization rules and merchant mappings to automatically categorize imported and synced transactions
  • Display dashboard metrics based on the most recent data import (for Standard tier users, showing "as of last import" to indicate data freshness)
  • Process subscriptions and payments through Stripe
  • Send essential transactional emails (e.g., account confirmation, subscription reminders, password resets)
  • Improve the Service, fix bugs, and develop new features
  • Provide customer support
  • Detect and prevent fraud, abuse, or security issues
  • Comply with legal obligations

We do not use your data for advertising, third-party marketing, or any unrelated purpose without your consent.

3. How We Share Your Information

We share information only in limited circumstances:

With Third-Party Service Providers

  • Stripe: For secure payment processing (subject to Stripe's Privacy Policy)
  • Supabase: For database hosting, authentication, and storage (subject to Supabase's Privacy Policy and Data Processing Agreement)
  • Vercel: For application hosting and infrastructure
  • Plaid (Premium Tier Only): For secure bank account connections and transaction synchronization (subject to Plaid's End User Privacy Policy). Plaid connects to your financial institutions to retrieve account balances and transaction data. We store the Plaid access tokens securely to maintain your bank connections, but we never see or store your banking credentials

These providers process data on our behalf under strict data protection agreements and only for the purposes described in this Policy. They do not have permission to use your data for their own purposes.

Legal Requirements & Law Enforcement

We may disclose information if required by law, court order, subpoena, or government request, or to protect our rights, property, or safety, or that of our users or the public. We will notify you of such requests unless prohibited by law.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our Site before your information becomes subject to a different privacy policy.

We do not sell your personal data. We do not share your data for marketing purposes.

4. Data Security

We implement reasonable security measures, including:

  • Password hashing (bcrypt) — we never store plain-text passwords
  • Encrypted connections (HTTPS/TLS) for all data transmission
  • Row-Level Security (RLS) in Supabase to isolate user data
  • Regular security updates and monitoring
  • Limited employee access to user data (only when necessary for support)

Important: No system is 100% secure. While we use industry-standard protections, we cannot guarantee absolute security against unauthorized access, hacking, data loss, or other breaches.

You are responsible for maintaining the security of your account credentials. Use a strong, unique password and enable two-factor authentication if available.

5. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify you via email within 72 hours of discovering the breach (or as required by applicable law). The notification will include:

  • The nature of the breach
  • The types of information affected
  • Steps we are taking to address the breach
  • Recommended actions you should take to protect yourself

6. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data (CSV export available in-app)
  • Correction: Update or correct inaccurate data in your account settings
  • Deletion: Delete your account and all associated data directly from your account settings (self-service). This triggers a full data cascade — all your expenses, spending plans, planned spending categories, savings goals, categorization rules, import history, Plaid connections, and Stripe subscription are permanently removed. We retain your data for 30 days after deletion to allow reactivation, then permanently delete it
  • Portability: Export your data in CSV format
  • Opt-out: Unsubscribe from non-essential marketing emails (transactional emails required for service operation)

GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to be forgotten: Request complete erasure of your personal data
  • Right to restrict processing: Limit how we use your data in certain circumstances
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

California residents have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know: Request disclosure of categories and specific pieces of personal information we collect
  • Right to delete: Request deletion of personal information we hold about you
  • Right to opt-out: We do not sell personal information
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

To exercise any of these rights, contact us at getontrackli@gmail.com. We will respond within 30 days (or as required by applicable law).

7. Data Retention

  • Active accounts: Retained as needed to provide the Service
  • Canceled accounts: 30 days (to allow reactivation), then permanently deleted
  • Backups and archives: Up to 90 days in secure backups (for disaster recovery purposes)
  • Payment records: Retained as required by law and tax regulations (typically 7 years)
  • Legal obligations: If we are required to retain data due to legal, regulatory, or contractual obligations, we will retain it for the required period

After the retention period, we permanently delete or anonymize your data so it can no longer be associated with you.

8. Cookies and Tracking

We use only necessary cookies for authentication and session management. We do not use third-party analytics, advertising cookies, or tracking pixels.

Types of cookies we use:

  • Essential cookies: Required for login, authentication, and core functionality (cannot be disabled)
  • Session cookies: Maintain your logged-in state during your visit

9. International Users & Data Transfers

Our Service is hosted in the United States via Supabase and Vercel. If you access the Service from outside the US, your data will be transferred to and processed in the United States.

By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

EU users: If you require EU-region data hosting for GDPR compliance, contact us at getontrackli@gmail.com to discuss options. We can work with you to enable EU-region Supabase hosting if needed.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13 (COPPA compliant).

Users aged 13–18 must have parental or guardian consent to use the Service. If we learn that we have collected personal information from a child under 13, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via:

  • Email notification to your registered email address
  • Prominent in-app notice upon login
  • Updated "Last Updated" date at the top of this page

Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy. If you do not agree, discontinue use and contact us to delete your account.

12. Contact Us

For privacy questions, data requests, or to exercise your rights, contact us at:

Email: getontrackli@gmail.com

We will respond to all requests within 30 days (or as required by applicable law).

Trackli LLC

New Jersey, USA

https://trackli.app/

Email: getontrackli@gmail.com