Privacy Policy

Last updated: 2026-05-19

Granary is a personal-finance and retirement-planning tool. We take privacy seriously because the data you give us is sensitive — net worth, income, medical costs, family details. This document describes exactly what happens to that data.

1. What we collect

Financial data you enter: portfolio, income, expenses, assets, debts, goals, medical, family. Synced to Google Firestore behind your account so your plan follows you across every device you sign in on. Cached locally in your browser for speed and offline reads.
Account metadata: signup date, founding-member status, schema version. Used to drive the app, never sold.
Subscription state: which plan you're on, billing status. Provided by Stripe or Square via secure webhooks. We never store your card details.
Email address: only if you sign up with Firebase email auth. Used for login and for backup emails (when enabled).

2. What we don't collect

Card numbers (Stripe / Square handle these directly).
Bank account credentials (we never ask).
Behavioral analytics that fingerprint you. We use Plausible, which is cookie-free and anonymous; we don't use Google Analytics.
Marketing trackers from social networks.

3. Where data lives

Your browser (localStorage + IndexedDB) — a local cache so reads are instant and the app works briefly offline. The cloud copy in Firestore is the source of truth.
Google Firestore (Firebase, US-based) — when you're signed in, your data is synced here so it follows you across devices. Per-user isolation is enforced by Firestore security rules: only the authenticated owner of an account can read or write that account's data, verified by the rules in our repository.
Stripe / Square — billing data only (subscription status, customer ID, period end). We never see or store your card details.
Resend (when configured) — for backup-export emails and transactional notifications. We send only what you request; we don't send marketing.

4. Encryption

In transit: all traffic between your browser and Firestore is encrypted with TLS.
At rest: Google encrypts all Firestore data at rest with AES-256.
Application-level encryption (so that even Granary staff and Google cannot read your raw data): not yet implemented. This is on our roadmap as a v2 feature. Until then, Granary engineers with admin access to the Firebase project, and Google Cloud staff acting in their official capacity, could technically read your stored data in cleartext. We do not access user data except to investigate a support request you initiate, and we log all such access.

5. AI features

When you use AI Insights, AI CSV mapping, or AI categorization, anonymized financial summaries are sent to Google Gemini for processing. We strip email and IP from error reports before they reach Sentry. AI providers do not train models on your data per their stated agreements; Granary does not retain AI request history.

6. Sharing

We do not sell, rent, or share your personal data. Specific exceptions:

Service providers (Firebase, Stripe / Square, Gemini, Resend) acting on our behalf, bound by their own privacy policies.
If required by law (court order, subpoena). We will fight any over-broad request.

7. Your rights

Access: download a full JSON backup of your data at any time from Settings → Backup.
Deletion: Settings → Data Management → Delete my account permanently wipes localStorage, IndexedDB, Firestore, and your Firebase auth account.
Correction: edit anything in the app; changes are immediate.
Portability: the JSON backup is in a documented schema; you can take it elsewhere.

8. Cookies

Granary uses no advertising cookies. We use a small number of strictly necessary cookies / localStorage entries to keep you signed in and remember your preferences (theme, dashboard layout). Plausible analytics is cookie-free.

9. Contact

Privacy questions: Everyoneneedsasamwise@gmail.com. We respond within 5 business days.

This is a good-faith summary, not legal advice. The latest revision applies to all use of the service from the date noted above.