Privacy Policy

Frugavo ("we", "us") is a subscription-tracking service that helps consumers in the United States and Canada identify and cancel recurring charges on their bank accounts. This Privacy Policy explains what information we collect, how we use it, who else processes it, how long we keep it, and the rights you have.

By using Frugavo or joining our waitlist, you agree to this policy.

Account information. When you create an account we collect your email address and Clerk user identifier. If you join the waitlist before signing up we collect only your email.

Bank-connected data via Plaid. When you choose to connect a financial account, you authorize Plaid Inc. to share data about that account with us. Through Plaid we receive:

• Recurring transaction streams (merchant name, descriptor, average amount, currency, frequency, last and predicted charge dates).
• The bank institution name and an opaque item identifier so we can group your subscriptions per connected account.
• A long-lived access token that lets us re-read your recurring transactions on your behalf.

We do not request or store card numbers, account numbers, routing numbers, account balances, identity data (such as your name, date of birth, or SSN), or your bank login credentials. Your bank credentials are entered directly into Plaid's interface and never reach our servers.

Cancellation activity. When you mark a subscription as cancelled or kept in our app, we store that decision and the date you made it so we can verify the result against your bank's next charge.

Automatic data. Standard server logs (IP address, browser type, page visited, timestamp) and analytics (with your consent via our cookie banner) so we can debug and improve the service.

To operate the product. We use your Plaid data to detect recurring subscriptions, group them by category, flag cancel candidates, and verify whether cancellations stuck by watching for the next expected charge.

To improve merchant detection. We send transaction descriptor strings (e.g. "SP AFF*NETFLIX 866-579-7172 CA") to Anthropic's Claude API to clean them into readable merchant names. The descriptor and the charge amount are the only fields sent — no account or identity data.

To communicate with you. Transactional emails about your account, scan results, and pending cancellations via Resend. You can manage your email preferences in Settings.

We do not sell your personal information. We do not share your data with advertisers. We do not use your bank data to train models.

Your Plaid access token is encrypted at rest using AES-256-GCM before it reaches our database. Each token is wrapped with a unique initialization vector and authentication tag; tampering fails the decryption check.

All data is stored in a Supabase Postgres instance hosted in the United States (AWS US-East). Connections between Frugavo, Plaid, Supabase, and your browser are encrypted in transit with TLS 1.2+. Webhooks from Plaid are verified with full ES256 JWT signature checks plus a five-minute replay window.

We use a read-only Plaid scope (Transactions). We cannot move money, change account settings, or send messages through your bank.

Frugavo relies on the following sub-processors to deliver the service. Each operates under its own data-protection terms.

• Plaid Inc. — bank connection, recurring transaction detection. See Plaid's End User Privacy Policy.
• Clerk, Inc. — authentication and session management.
• Supabase, Inc. — encrypted Postgres database hosting (AWS US-East).
• Anthropic PBC — Claude API for merchant descriptor normalization. Transaction descriptors and amounts only; no account identifiers sent.
• Upstash, Inc. — Redis cache + scan event streaming.
• Resend, Inc. — transactional email delivery.
• Netlify, Inc. — application hosting and edge CDN.
• Google LLC — Google Analytics 4 (only if you opt in via the cookie banner) and the favicon API used for displaying brand logos.

We keep your bank-connected data for as long as your Frugavo account is active and for up to 30 days after you delete it or disconnect the bank. After that window, all personal data tied to your account — including subscriptions, scan history, cancellation records, and the encrypted Plaid access token — is permanently removed from our production database.

Aggregated, fully anonymized statistics (such as total scans run per day) may be retained for service-level analysis. These records contain no identifiable information.

Standard server logs are kept for up to 30 days for security and debugging.

You can, at any time:

• Access a copy of the data we hold about you by emailing hello@frugavo.com.
• Disconnect a connected bank from Settings → Connected banks. This revokes our Plaid token immediately.
• Delete all of your Frugavo data from Settings → Data & privacy → Delete everything. The action revokes every Plaid token tied to your account and wipes your records within seconds. This is irreversible.
• Opt out of analytics any time by declining the cookie banner or clearing the "frugavo:consent" key from your browser's local storage.

California residents have additional rights under the CCPA including the right to opt out of any sale of personal information (we do not sell yours) and the right to know what categories of data we collect (the list above). EU/UK residents have GDPR rights including access, rectification, erasure, restriction, portability, and objection. To exercise any of these rights, email hello@frugavo.com — we respond within 30 days.

Frugavo currently serves the United States and Canada. If you access the service from outside those regions, your data may be transferred to and processed in the United States, which may have different privacy laws than your country.

Frugavo is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete the record.

We may update this Privacy Policy as the product evolves. The "Last updated" date at the top reflects any change. Material changes are announced by email to active users.

For privacy questions or to exercise your rights, email privacy@frugavo.com. For security or vulnerability disclosure, email security@frugavo.com. For general support, hello@frugavo.com. We aim to respond within five business days and to fulfil verified requests within 30 days.

Registered entity: 2752676 Ontario Inc. (operating as Frugavo)
3546 Wyman Cres · Ottawa, ON K1V 0Z1 · Canada

See also our Terms of Service.