Privacy Policy

GuapStax is a manual-first personal finance application built to help individuals and couples manage debt, plan payoff strategies, and visualize their cash flow — without ever linking a bank account or surrendering credentials to a third-party aggregator.

Our intended audience is consumers tracking credit cards, loans, mortgages, recurring bills, and income on their own terms. Every entry is made manually (or via CSV import); the app never reaches out to your bank, your card issuer, or any external financial service on your behalf.

If you choose to sign in with Google, the sections below describe exactly what Google user data GuapStax accesses, why we use it, where we store it, and whether we share it. We comply with the Google API Services User Data Policy, including the Limited Use requirements (see the Limited Use section below).

GuapStax's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Google user data only to provide and improve the user-facing features described in the Google User Data section above.
• We do not transfer Google user data to others except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets — in which case we will give affected users advance notice.
• We do not use Google user data to serve advertisements, including personalized, retargeted, or interest-based advertising.
• We do not allow humans to read Google user data unless: (a) we have your affirmative agreement for specific data; (b) doing so is necessary for security purposes (such as investigating abuse); (c) doing so is necessary to comply with applicable law; or (d) the data has been aggregated and anonymized for internal operations.

To operate the service, we collect:

• Account information — your email address (used to sign in and recover your account) and, when you sign in with Google, the basic Google profile fields described in the Google User Data section above.
• Financial data you enter manually — tradeline balances, income, bills, subscriptions, and any other entries you choose to record. This data lives in your own account and is never shared outside it.

We do not collect: your real name (unless you supply it as a display name), mailing address, phone number, date of birth, government ID, bank credentials, or any other PII beyond what is listed above.

GuapStax uses essential / functional cookies to operate the service, plus a small set of analytics cookies described below.

• Session cookies — used to keep you signed in and to remember UI preferences (such as whether the sidebar is collapsed).
• Google Analytics cookies (_ga, _ga_*) — set by Google Analytics 4 to measure pageviews, unique visitors, and basic device/browser breakdown so we can understand which parts of the product are used. These cookies do not contain your name, email, or any other directly identifying information; Google Analytics is configured with IP anonymization and is not used for advertising or retargeting.

We do not use:

• Advertising or remarketing cookies;
• Cross-site profiling or fingerprinting;
• Data brokers or audience-syndication networks.

We do not sell, rent, lease, or otherwise share your data with any third party for marketing, advertising, or any other purpose. We have no plans to do so.

We use the following third-party processors strictly to operate the service. Each acts on our instructions and does not use your data for its own purposes:

• Supabase — hosted database and authentication provider. Your data lives in our Supabase project under our control.
• Google Analytics 4 (Google LLC)— aggregate usage analytics. We send pseudonymous event data (page paths, device type, referrer) so we can see which features are used. We do not pass your email address, financial data, or any other personally identifying content. See Google's privacy policy for how Google handles this data.

All data is transmitted over HTTPS. Row-level security policies ensure that your data is accessible only to you when signed in. Session tokens are stored in HTTP-only cookies.

No system is perfectly secure. We will notify you promptly of any breach that may have affected your data.

You can:

• Access your data at any time by signing in;
• Request a copy of your data by emailing support@guapstax.com;
• Request deletion of your account and associated data — including any Google-sourced data — by emailing support@guapstax.com.

We will respond to data access and deletion requests within a reasonable timeframe (no more than 24 hours for Google-sourced data deletion).

GuapStax is not directed to children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us information, contact support@guapstax.com and we will delete it.

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make a reasonable effort to notify you (e.g. via email or an in-app notice).

Questions about this Privacy Policy can be sent to support@guapstax.com.