Privacy Policy

This policy applies to the Unbroke app, the Unbroke website, support requests, account features, billing flows, notifications, and related services.

The app covered by this policy is Unbroke. Privacy questions, data access requests, correction requests, deletion requests, and other privacy inquiries can be sent to support@unbroke.app.

We collect account data such as email address, display name, sign-in provider, provider account identifier, hashed password for credential accounts, session data, account role, suspension state, locale, theme, currency, privacy-mode preference, and navigation preferences.

Unbroke supports email/password sign-in and optional Google and GitHub OAuth sign-in. When you use an OAuth provider, that provider may share account identifiers needed for sign-in, such as your email address, profile name, and provider account ID.

Unbroke stores the finance records you add or import, including accounts, categories, tags, transactions, planned activity, recurring activity rules and occurrences, debts, payoff plans, savings goals, investment accounts, investment assets, holdings, investment transactions, investment plans, investment prices, notes, and related analytics outputs.

If you use CSV import/export, Unbroke processes the selected file contents, column mappings, preview rows, imported records, and generated export files for the import or export workflow you request.

If you use the finance assistant, Unbroke processes your chat messages and relevant finance context to generate responses. Assistant responses are informational and depend on the data you provide.

If you enable notifications, Unbroke processes notification preferences and delivery data such as email notification settings, browser push subscription endpoints, legacy push tokens, webhook URLs, notification titles/messages, delivery attempts, delivery status, and delivery error messages.

For paid plans, Stripe processes payment details. Unbroke stores billing records needed to manage subscriptions, such as Stripe customer IDs, subscription IDs, invoice IDs, plan keys, subscription status, billing period dates, and payment event references. Unbroke does not store full payment card numbers.

When you contact support, we process the email address you use, your request contents, and the account or billing details needed to respond.

We process request metadata and operational logs needed to operate and secure the service, such as IP-derived rate-limit keys, trusted proxy request metadata, user agent or browser context where needed, request IDs, security events, audit entries, service health data, and error details.

When the website is deployed on Vercel, Vercel Speed Insights may collect limited performance analytics for page-load and web-vitals measurement. We use this to understand reliability and performance, not to sell personal data or target advertising.

We use data to provide the finance workspace, authenticate users, sync settings, enforce plan limits, calculate balances, plans and insights, run import/export workflows, send requested notifications, process billing state, respond to support requests, prevent abuse, maintain security, audit sensitive actions, debug errors, and improve reliability.

We do not sell personal data. We do not use user finance records for third-party advertising, and we do not share user finance records with data brokers.

We share data only when needed to operate the service, comply with law, protect users, complete a user-requested integration, or work with service providers. Processors may include hosting and database providers, authentication providers, email providers, push notification services, webhook destinations you configure, analytics/performance providers, payment providers, and app stores.

Google, GitHub, Stripe, Apple, Google Play, Vercel, email providers, push providers, and webhook endpoints you choose may process data according to their own privacy policies when you use those integrations.

We use transport security, password hashing for credential accounts, access controls, user ownership checks, rate limiting, request-size limits, audit logs, secure webhook URL validation, and operational monitoring to protect account data.

No online service can guarantee perfect security. If we learn of a security issue affecting your data, we will handle it according to applicable law and platform requirements.

We keep account and app data while your account is active and as needed to provide Unbroke. Some operational logs, audit records, billing records, backups, and security records may be retained for longer where needed for legal compliance, fraud prevention, dispute handling, accounting, backup recovery, and service security.

Signed-in users can clear saved finance data in Settings. To request full account deletion from outside the app, use the Account Deletion page. Deletion covers the account and user-scoped app data except records we must retain for the limited reasons described above.

Unbroke is not intended for children under 13. If you believe a child provided personal data, contact support@unbroke.app.

We may update this policy as the product changes. Material changes will be reflected on this page with an updated effective date.