Privacy Policy

Last Updated: December 26, 2025

At ExpenseHelm, powered by COBRA AI Systems, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense tracking and financial management service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, password (encrypted), and currency preferences
• Subscription Data: Names, amounts, billing cycles, renewal dates, and categories of your recurring expenses
• Payment Information: When you upgrade to a paid plan, payment details are processed securely through Stripe. We do not store your full credit card information
• Communications: Messages you send us through contact forms or support channels

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the platform
• Device Information: Browser type, operating system, IP address
• Cookies: We use essential cookies for authentication and session management

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide, maintain, and improve ExpenseHelm's features
• AI-Powered Insights: To generate personalized spending insights and answer your questions through our AI assistant "Helm AI"
• Renewal Alerts: To send you notifications about upcoming subscription renewals
• Account Management: To manage your account, process payments, and provide customer support
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Communications: To send you service updates, security alerts, and support messages
• Analytics: To understand how users interact with our service and improve user experience

3. AI and Data Processing

ExpenseHelm uses AI providers to power our AI features (spending insights and the Helm AI chat assistant). When you use these features:

• Your expense data is sent to OpenAI's API to generate insights and responses
• We do not use your data to train AI models
• OpenAI processes data according to their privacy policy and data processing agreements
• You can choose not to use AI features if you prefer

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party services (Stripe for payments, OpenAI for AI features) who assist in operating our platform
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit using HTTPS/TLS and at rest in our database
• Password Security: Passwords are hashed using bcrypt before storage
• Access Controls: Strict access controls limit who can view your data
• Regular Audits: We regularly review our security practices
• Secure Infrastructure: Hosted on secure, enterprise-grade cloud platforms

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your expense data in a portable format
• Opt-Out: Unsubscribe from marketing communications (service emails may still be sent)
• Restrict Processing: Limit how we use your data in certain circumstances

To exercise these rights, please contact us.

8. Children's Privacy

ExpenseHelm is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using ExpenseHelm, you consent to such transfers.

10. Third-Party Services

Our service integrates with the following third-party providers:

• Stripe: Payment processing (see Stripe Privacy Policy)
• OpenAI: AI-powered features (see OpenAI Privacy Policy)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of ExpenseHelm after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our contact form.