Privacy Policy

Last updated: March 2026

The short version

Most privacy policies are written by lawyers to protect the company. This one is written by Claude, with oversight from someone trying to build something useful and learning a thing or two about zero-code product development, to tell you what's actually going on.

We don't sell your data. We don't share it. We don't use it for marketing. You can download everything we have on you, or delete it all with one button. That's genuinely it.

What we collect

Only what you give us, and nothing more:

  • Your email address — so you can log in and we can reach you if something breaks
  • A display name — if you feel like setting one, entirely optional
  • Your preferred currency and settings
  • The financial data you enter — monthly budget entries, net worth accounts, balances
  • Bank or credit card statements you choose to upload

If you use passkey login, we store your public key credential and device type. Your actual biometrics (fingerprint, face) never leave your device. We couldn't access them even if we wanted to, which we don't.

Where your data lives

Everything is stored in Supabase, hosted on AWS in Singapore (ap-southeast-1). Every table has Row-Level Security, which is a fancy way of saying the database itself enforces that you can only see your own data. Not even we can peek at your rows through the application. Your spending habits are between you and your bank statements.

Cookies

We use exactly two types of cookies, both boring and necessary:

  • Session cookies — so the app remembers you're logged in
  • Passkey challenge cookies — httpOnly, expire in 5 minutes, used during login and immediately discarded

No tracking cookies. No third-party cookies. No advertising pixels. You will never see a cookie consent banner on this site because there's nothing to consent to.

How you log in

Two options, both passwordless:

  • Passkeys — Face ID, Touch ID, or your device PIN. The future of authentication, available today. No passwords to forget, reuse, or have stolen.
  • Magic links — we email you a one-time link. Click it, you're in. Not as cool as passkeys, but it gets the job done.

AI processing

When you upload a bank statement, we send the PDF to the Anthropic Claude API to extract and categorize your transactions. Under Anthropic's API data policy, your data is not used to train their models and is not retained after processing. It goes in, gets read, comes back as structured data, and that's the end of it.

The AI insights on your dashboard work similarly — we send aggregated spending summaries (not individual transactions) to Claude for analysis. Think of it as handing a summary to a very fast accountant who immediately forgets everything after giving you advice.

Payments

There aren't any. CraneAi does not currently charge for anything. No billing, no credit cards, no payment processor. If you find the upgrade button and click it, congratulations — you now have a premium account, on the house. We'll figure out the money part when we grow up. This section will be updated when that day comes.

Advertising

There are no ads on CraneAi. No banners, no sponsored content, no affiliate links. We are, to put it diplomatically, too small for anyone to want to advertise with us.

If the app somehow grows to the point where the cost of providing the free tier gets uncomfortably high, we might consider cookie-free, context-based ad providers that don't need your data — the kind that show you an ad because you're on a finance app, not because they've been following you around the internet. Paid tiers will never have ads, full stop. That said, this is a hobby project and the builder has a day job, so the odds of getting around to setting up an ad integration are approximately the same as the odds of reconciling a bank statement on the first try.

Demo accounts

You can take the app for a spin without signing up. Demo accounts come pre-loaded with synthetic data — fake people with fake budgets living their best fake financial lives. No personal information is collected during demo usage, and the data resets periodically so it stays fresh.

Data export and deletion

Head to Settings and you can export everything we have on you as JSON. Want to leave? Delete your account and we permanently wipe your profile, financial entries, uploaded statements, net worth records, passkey credentials — all of it. Gone. No 30-day grace period, no “are you sure” emails for the next six months. We respect a clean exit.

Analytics

We don't run any analytics right now. We have no idea how many people visit this page, which buttons they click, or how long they stay. It's strangely peaceful. If we add analytics in the future, it'll be something privacy-respecting and cookie-free like Plausible or Umami, and we'll update this policy to say so.

Regulations

CraneAi is a solo project, built with privacy as a core principle rather than a checkbox exercise. We're aware of the regulations that matter for our users:

  • Australian Privacy Act 1988 — including the Australian Privacy Principles
  • GDPR — for users in the EU and EEA
  • PDPA — for users in Singapore and Malaysia

We don't have a legal team or a compliance department. It's one person building something useful. But we take your data seriously: we don't collect what we don't need, we don't share what we have, and we give you full control to export or delete everything. If you have questions, reach out and you'll hear back from the person who built this. Well, technically Claude wrote the code — but you'll hear from the person who told Claude what to build, which honestly was the harder job.

Changes

This policy may be updated as the product evolves. When it changes, the date at the top changes with it. We won't quietly water down your privacy protections — if anything, they'll get stronger as we figure out more ways to need less of your data.

Contact

The official contact address is [email protected]. In the interest of full transparency, that inbox is not yet active. Setting it up is on the list, somewhere between “inspire my team to adopt new ways of working” and “build the coolest job search agent” — yeah, that's my day job.

Realistically, if you're reading the privacy policy of an app this small, you probably know who built it. Just drop me a text.