Privacy Policy

Ledger is a product of Bitty Studio (Croatia). The data controller is Bitty Studio. For data questions, write to support@bittystudio.com.

• Account email — provided at sign-in. Used to authenticate and to send transactional emails (welcome, cancellation receipts).
• Statement analyses — for each statement you upload, we store the structured result (transactions, totals, categories, insights) as JSON in your account. We do not store the original PDF. The PDF is parsed in memory and discarded with the request.
• Subscription status— whether you're on free or Pro, your Stripe customer/subscription IDs, current period end. Used to gate paid features.
• Usage events — anonymous page views and web vitals via Vercel Analytics (no cookies, no fingerprinting, no personal identifiers).

What we don't collect: we do not request, store, or process your bank account number, IBAN, or card details. Card payments are handled entirely by Stripe — we never see card data.

The data flows through these third parties — each is a sub-processor:

• OpenAI (US) — the extracted text of your statement is sent to gpt-4o-mini for parsing and categorisation. Under OpenAI's API terms (effective March 2023), requests are not used to train models. Requests are retained up to 30 days for abuse monitoring, then deleted.
• Supabase (EU — West Ireland) — stores your account email, subscription state, and saved analyses. Hosted in the EU.
• Stripe (US/EU)— processes payments, stores card and customer data for subscription billing. We share only your user ID, email, and the price ID of the plan you're buying.
• Resend (EU) — delivers transactional emails (magic link sign-in, welcome, cancellation).
• Vercel (US/EU) — hosts the app and serves anonymous analytics. Edge functions run in the region closest to you.
• Cloudflare (US/EU) — DNS for our domain, and email routing for support@bittystudio.com forwarding.

Where data leaves the EU (US-based providers), transfers are governed by Standard Contractual Clauses or equivalent safeguards under each provider's DPA.

We keep your account data while your account is active. Saved analyses persist until you delete them or close your account. After account closure, we remove your data within 30 days, subject to legal retention obligations (Stripe invoices, in particular, must be retained for tax purposes — those stay on Stripe's side per local law).

If you're in the EU/EEA, you have the right to:

• Access — request a copy of all data we hold about you.
• Rectify — correct anything that's wrong.
• Delete — request full erasure of your account and data.
• Portability — get your saved analyses as JSON.
• Withdraw consent — at any time, by closing your account.
• Complain — to your local data protection authority (Croatian DPA: AZOP).

To exercise any of these, email support@bittystudio.com from the address tied to your account. We respond within 30 days.

We use only essential cookies: a session cookie set by Supabase to keep you signed in. No tracking cookies, no advertising cookies, no cross-site identifiers. Vercel Analytics tracks page views via a cookieless method that hashes IP + user-agent into a daily-rotating identifier — it cannot uniquely identify you.

Ledger is not intended for anyone under 16. We don't knowingly collect data from minors. If you're a parent and believe your child has signed up, write to support@bittystudio.comand we'll delete the account.

All data in transit is TLS-encrypted. Database access is restricted by row-level security — your saved analyses are visible only to your authenticated session, enforced at the database layer. Internal Stripe/Supabase service keys are stored as server-only environment variables and never reach the client bundle.

We are a small team. We do our best, but we're not a bank — operate accordingly.

We update this policy from time to time. Material changes are announced via email and a notice on this page at least 14 days before they take effect.