Leakr

Privacy Policy

Last updated: June 4, 2026

This policy is written in plain English for Leakr users and should be reviewed periodically by qualified legal counsel as the product evolves.

What Leakr is

Leakr is a personal finance management app that helps you understand spending, budgets, recurring charges, subscriptions, and potential money leaks. Leakr does not hold funds, move money, issue credit, or provide investment, tax, legal, accounting, lending, or financial advice.

Information we collect

We collect account/profile details, manual transactions, budgets, bills, subscriptions, savings goals, debts, app settings, support messages, and financial account transaction data you choose to connect through Plaid. We also receive subscription and billing status from Stripe, and collect limited device, usage, analytics, and security information.

How we use information

We use your data to show your dashboard, calculate spending summaries, detect recurring charges and money leaks, power budgets/reports, operate billing, provide support, improve Leakr, secure accounts, and troubleshoot reliability issues.

Plaid connected spending

Leakr uses Plaid to connect financial accounts when you choose automatic spending import. You authorize the connection through Plaid Link. Leakr receives transaction and account metadata needed to provide spending insights, recurring-charge detection, and money leak analysis. You can disconnect connected accounts from Bank Sync. Plaid's privacy policy is available at https://plaid.com/legal/#end-user-privacy-policy.

Stripe payments

Stripe processes Leakr subscription payments. Leakr does not store full card numbers or CVV. We store subscription status, plan, customer references, and billing lifecycle information needed to provide paid access and support.

Cookies, analytics, and local storage

Leakr uses Supabase auth cookies for login, app localStorage/sessionStorage for preferences, demo/setup state, and temporary Plaid Link flow state, and analytics tooling such as PostHog plus internal analytics events to understand usage and improve reliability. Some storage is necessary for login and app functionality. Analytics help us improve Leakr. You can contact support to request analytics deletion or opt-out help where possible.

Vendors and sharing

We use service providers including Supabase, Plaid, Stripe, Vercel, PostHog, and support/email tooling. We share data with these providers only as needed to operate, secure, bill, support, and improve Leakr, or where required by law.

Retention

Account/profile data and transactions are generally retained while your account exists. Plaid tokens are deleted when you disconnect a bank or delete your account. Stripe billing records may be retained as required for tax, accounting, dispute, fraud-prevention, and legal reasons. Analytics and support records are retained for product, security, and support purposes and deleted or anonymized where practical after account deletion. Backups may persist for a limited period before automatic deletion.

Your controls

You can request access, correction, export, deletion, withdrawal of consent, or Plaid disconnection through the app where available or by contacting support. Quebec and Canadian users may contact us about access, correction, deletion, withdrawal of consent, or questions about our privacy practices.

Security

Leakr is designed to protect user data with HTTPS, Supabase row-level security, server-side secrets, encrypted Plaid access tokens, least-privilege server routes, and webhook validation. No online service can guarantee perfect security.

Children

Leakr is not intended for children under 13. If you believe a child has provided personal information, contact us so we can review and remove it where appropriate.

Contact

Privacy questions, access/export/deletion requests, and complaints can be sent to support@leakr.app. Security concerns can be sent to support@leakr.app.