Fruity Patootie

Privacy Policy

Last updated: May 25, 2026

Who we are

Fruity Patootie is a personal budgeting web app. You connect your bank accounts, categorize your transactions against a budget, and reconcile each month. This policy explains what personal information the app collects, how it is used, and who it is shared with. It applies only to the Fruity Patootie app at this domain.

What we collect

  • Account details. Your email address and, if you sign in with Google, the basic profile information Google returns (name and email). A display name you choose.
  • Financial data. Bank and credit-card account balances and transactions retrieved on your behalf through SimpleFIN Bridge, plus anything you add: budget categories, amounts, savings goals, splits, notes, and reconciliation history. For banks SimpleFIN cannot reach, any transaction CSV you choose to upload.
  • Your financial profile. A short, written summary of your goals and situation, synthesized from an in-app onboarding conversation and any later edits you make. Providing this is optional — you can skip it.
  • App content. Your chats with the in-app assistant, reminders you schedule, dashboard layout, and preferences (such as your chosen assistant and theme).
  • Usage data. Aggregate, anonymous pageview counts (via Vercel Web Analytics — no cross-site tracking, no advertising identifiers).

How we use it

  • To provide the core service: syncing accounts, categorizing transactions, tracking budgets and savings, and reconciling months.
  • To power the AI features: automatic transaction categorization and the in-app assistant chat (see sub-processors below).
  • To authenticate you and keep your account secure.
  • To understand aggregate usage so the app can be improved.

We do not sell your personal information, and we do not use your financial data for advertising.

Sub-processors

We rely on the following service providers to run the app. Each receives only the data needed for its function.

  • Anthropic (AI provider). Powers automatic transaction categorization and the assistant chat. Your financial data is sent to Anthropic: transaction merchant names and amounts, your budget structure, and — when relevant to a request — the financial profile you provided. This is how categorization and personalized answers work. Raw bank payloads from SimpleFIN (such as full account numbers or institution credentials) are not sent to Anthropic. Anthropic processes this data to return a response and does not train its models on it.
  • SimpleFIN Bridge (bank data aggregation). The service that connects to your financial institutions and returns your balances and transactions to the app. You establish this connection yourself.
  • Supabase(database & authentication). Stores your account and all app data, and manages sign-in. Hosted on managed PostgreSQL with encryption at rest.
  • Vercel(hosting & analytics). Serves the application and provides aggregate, privacy-friendly pageview analytics.
  • Upstash (rate limiting). Holds short-lived request counters keyed to your account to protect the app from abuse. No financial data is stored here.
  • Google(optional sign-in). If you choose “Sign in with Google,” Google handles authentication. We request only basic OAuth scopes (your email address and basic profile). We do not access your Gmail, Drive, contacts, or any other Google data.

Cookies

We use a small number of functional cookies only — there are no advertising or third-party tracking cookies, so the app does not show a cookie consent banner.

  • Authentication. Keeps you signed in securely.
  • Assistant & theme. Remember which assistant and color theme you picked, so the app looks right on load.
  • Timezone. Lets the app show dates and totals in your local time.

Data retention

We keep your data for as long as your account is active. When you delete your account, your personal data and app content are removed from our database. Backups and provider logs that may briefly retain copies are expired on their normal cycles. Aggregate, anonymized analytics that cannot be tied back to you may be kept.

Security

Data is encrypted in transit (HTTPS) and at rest. Each user’s data is isolated at the database level using row-level security, so one account cannot read another’s. The credentials used to reach your bank connection are stored using authenticated envelope encryption (AES-256-GCM). No system is perfectly secure, but we follow current best practices to protect your information.

Your rights & deleting your account

You can view and edit your data inside the app at any time, and you can correct or remove your financial profile through the in-app assistant chat. You can delete your account yourself from App Settings: deletion removes the stored bank-access credential and stops all syncing, then permanently erases your personal data and app content — budgets, transactions, chats, and connections. It is immediate and irreversible, with no recovery period or data export. If you need help exercising any privacy right — access, correction, or deletion — contact us at privacy@fruitypatootie.com.

Children's data

Fruity Patootie is intended for adults managing their own finances. It is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy as the app evolves. When we do, we will revise the “Last updated” date above. Material changes will be reflected here; please check back periodically.

Contact

Questions about this policy or your data? Email us at privacy@fruitypatootie.com.