Privacy Policy

Leakr helps users track personal finance information such as income, spending categories, transactions, bills, subscriptions, savings goals, and debts.

Account and finance data is stored in Supabase with row-level security so authenticated users can only access their own data.

Supabase service keys, Stripe secrets, and webhook secrets are server-side only. They should never be shipped to the browser or committed to the codebase.

Payments are processed by Stripe on web. Leakr does not store raw card numbers.

Bank Sync is currently limited to Plaid sandbox testing. Plaid public tokens are exchanged server-side, and Plaid access tokens are never returned to the browser.

You can request an export or deletion of your account data by contacting support@leakr.app. Account deletion requests may require ownership verification before data is removed.

Leakr provides personal finance tracking and educational insights. It is not a bank, financial adviser, credit counselor, tax adviser, or investment adviser.

This policy is written for beta transparency and should be reviewed by qualified legal counsel before a broader public launch.