Privacy Policy
Last updated: May 24, 2026 · Rev. 2
1. Overview & Data Controller
Savvu Forecast ("we," "us," "our," or "the app") is a personal finance forecasting and budgeting tool. We are committed to protecting your privacy. This policy explains what data we collect, how it is used, and your rights regarding that data. By using Savvu Forecast, you consent to the practices described in this policy.
Data Controller: Savvu Forecast is operated as an independent product. For all data-related inquiries, the responsible contact is:
Email: support@savvuforecast.com
Website: savvuforecast.com
No Data Protection Officer (DPO) is currently appointed, as we do not engage in large-scale systematic processing of personal data.
2. Data We Collect
Account data: When you sign in, we collect your email address to create and manage your account. You may optionally provide a display name.
Financial data: All financial data in Savvu Forecast is manually entered by you. This includes account balances, transactions, categories, budgets, goals, and settings. Savvu Forecast does not connect to banks, financial institutions, brokerage accounts, or any external financial data provider. No financial data is imported, fetched, or synced automatically from any third party. The data you enter is stored securely in our database and associated with your account.
Session data: We issue a secure session token (JWT) stored in your browser's local storage to keep you signed in for up to 30 days.
Local storage: Certain app preferences and cached data (such as theme settings) are stored in your browser's local storage to improve performance. This data remains on your device.
Usage analytics: We use Google Analytics, a web analytics service provided by Google LLC ("Google"), to monitor and analyze the use of our Service — but only after you give explicit cookie consent. Google Analytics uses cookies and tracking technologies to collect data including your IP address, device type, operating system, browser type, and general actions taken within the app. This data does not include your financial information or any data you manually enter. See our Cookie Policy for details. You can opt out using the Google Analytics Opt-out Browser Add-on.
Payment data: All payment processing is handled by our merchant of record, Lemon Squeezy (lemonsqueezy.com), whose platform uses Stripe's payment infrastructure. When you subscribe, you are redirected to Lemon Squeezy's hosted checkout. We do not store credit card numbers, CVV codes, or bank account details. We only retain non-sensitive metadata: payment status, subscription tier, and a unique customer reference ID. All payment data is governed by the Lemon Squeezy Privacy Policy.
Signup / authentication data: When you request a magic link, we collect your email address and log the timestamp of the request. No passwords are created or stored. We also log the IP address (hashed) and user agent at the time of sign-in for security purposes.
Cookie consent records: When you interact with our cookie consent banner, we record your choice (accepted/declined), the policy version shown, a one-way hashed IP address (not reversible), and timestamp. This is required for GDPR Article 7(1) accountability.
3. How We Use Your Data
Your data is used solely to provide the Savvu Forecast service: to display your financial information, sync it across your devices, enable household sharing with people you invite, and process your subscription. We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.
4. Third-Party Services
Savvu Forecast uses the following third-party services. Each has its own privacy policy which governs their data practices. We do not control these services and are not responsible for their privacy practices.
- Railway (railway.app) — hosts our backend server and PostgreSQL database. Your financial data is stored on Railway's infrastructure. Privacy Policy
- Vercel (vercel.com) — hosts the Savvu Forecast web application. Privacy Policy
- Resend (resend.com) — delivers magic link login emails. Your email address is transmitted to Resend solely for authentication purposes. Privacy Policy
- Lemon Squeezy (lemonsqueezy.com) — merchant of record for Pro subscription payments. Handles checkout, billing, tax, and refunds via a hosted redirect. Uses Stripe's payment infrastructure. Privacy Policy
- Google Analytics / Google LLC (google.com) — anonymized usage analytics, loaded only after cookie consent. Sets _ga, _gid, and _ga_* cookies. Privacy Policy | Opt-out add-on
- jsDelivr (jsdelivr.net) — CDN for app libraries. Requests may expose your IP address to jsDelivr's servers. Privacy Policy
5. Cookie Policy
See our dedicated Cookie Policy for full details on all cookies set by this site, their purpose, duration, and how to manage your preferences.
6. Authentication
Savvu Forecast uses passwordless "magic link" authentication. When you sign in, we send a one-time link to your email address. No passwords are created or stored. Sessions last up to 30 days and can be ended at any time by signing out. Magic link tokens expire after 15 minutes and can only be used once.
7. Data Retention & Deletion
Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting support@savvuforecast.com. Upon deletion, all your financial data, session tokens, and household associations will be permanently removed from our servers within 30 days. Note that Lemon Squeezy retains billing records independently per their own data retention policies.
8. California Residents — CCPA / CPRA
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of personal information we hold about you, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: We do not sell or share your personal information with third parties for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide the service.
- Non-Discrimination: We will not discriminate against you for exercising any of these rights.
To exercise your rights, contact us at support@savvuforecast.com. We will respond within 45 days as required by law.
Do Not Sell or Share My Personal Information →
9. Your Privacy Rights (All Users)
Depending on your location, you may have rights including: access to your data, correction of inaccurate data, deletion ("right to be forgotten"), data portability, and the right to opt out of analytics. To exercise any right, contact support@savvuforecast.com.
10. Data Security
We implement industry-standard security measures including HTTPS/TLS encryption on all connections, secure JWT session tokens, rate limiting on all API endpoints, and hashed/anonymized identifiers in analytics logs. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.
11. Children's Privacy
Savvu Forecast is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document will reflect any changes. Continued use of the app after changes are posted constitutes acceptance of the updated policy. For material changes, we will make reasonable efforts to notify users.
13. Contact
For questions, data requests, or privacy concerns:
Email: support@savvuforecast.com
Website: savvuforecast.com