Privacy Policy

Account information. When you sign in with Google, we receive the profile information Google shares with us - typically your name, email address, and profile picture. We do not receive or store your Google password.

Expense and workspace data. Data you enter into Recurex, including expense titles, amounts, currencies, categories, types (personal or business), recurrence settings, due dates, notes, planned/active status, project assignments, budget envelopes, and workspace names.

Profile preferences. Settings such as default currency, timezone, country, theme, reminder lead time, and the email address used for bill reminders.

Workspace membership. If you use team workspaces, we store membership records, roles (owner, admin, member), and email addresses used to send invitations.

Attachments.Files you upload to expenses - such as receipts or invoices (images, PDFs, and common document formats), up to 10 MB per file - are stored in our file storage system and linked to your workspace.

Integration credentials. If you connect an AI assistant, we store personal access tokens (hashed) or OAuth authorization records needed to authenticate requests to your workspace on your behalf. We do not store your third-party AI account passwords.

Technical and usage data. Standard server logs (such as IP address, browser type, request timestamps, and error logs), session cookies required for authentication, and reminder-delivery logs used to avoid sending duplicate emails.

We use the information above to:

• Provide, operate, and maintain the Recurex service
• Authenticate you and keep your session secure
• Calculate summaries, burn rates, budgets, and reports you request
• Send transactional emails, including bill-due reminders you have enabled
• Process workspace invitations and enforce role-based access
• Authenticate AI integrations (such as Claude via MCP or OAuth) at your direction
• Respond to support requests and protect against abuse or security incidents
• Improve reliability and fix bugs

We do not use your expense data for advertising, and we do not sell your personal information.

We share information only with service providers that help us run Recurex, and only as needed to provide the service:

• Supabase - database, authentication, and file storage
• Vercel - application hosting and scheduled jobs (such as daily reminder sweeps)
• Resend - delivery of reminder emails to the address you configure
• Google - sign-in authentication only

If you enable the optional unified base-currency view, Recurex may request public exchange rates from a third-party FX API. That request includes currency codes only - not your expense details or identity.

When you connect an AI assistant, requests authorized by you are sent between that service and Recurex's API. Anthropic (Claude) or other providers you choose are separate companies with their own privacy policies.

We may disclose information if required by law, to protect our rights, or to prevent fraud, abuse, or harm to users.

Recurex isolates data by workspace using database row-level security. Members of a workspace can access the expenses, projects, attachments, and settings within that workspace according to their role.

Workspace owners and admins can invite others by email. By accepting an invitation, you agree that existing workspace members with sufficient permissions may view and edit shared data. You are responsible for choosing whom you invite.

Recurex supports optional connections to AI assistants (such as Claude) through our MCP endpoint and OAuth flow. When you create a personal access token or approve an OAuth request, you grant that integration permission to read and modify expenses in the workspace you select.

You can revoke access at any time from Integrations in Settings. Revocation takes effect for new requests; you should also remove the connector from your AI provider's settings if you no longer want it connected.

AI providers may process prompts and tool calls according to their own terms and privacy policies. Do not share sensitive information in prompts that you do not want processed by those providers.

Uploaded files are stored in a private bucket and are accessible only to members of the workspace that owns the linked expense. Files may be compressed on upload to save space. Deleting an expense or attachment removes the associated storage object.

Do not upload files you are not permitted to store, or that contain information you do not want other workspace members to see.

Recurex uses essential cookies and similar technologies to maintain your login session and security. We do not use third-party advertising or analytics cookies on the authenticated application.

Your theme preference may be stored locally in your browser so the correct light or dark mode loads before the first paint.

We use industry-standard measures including HTTPS encryption in transit, Postgres row-level security for workspace isolation, and hashed storage for API tokens. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

You are responsible for keeping your Google account secure and for safeguarding any personal access tokens you generate. Treat tokens like passwords.

We retain your data for as long as your account is active and as needed to provide the service. If you delete individual expenses, attachments, or tokens, we remove or invalidate them from active systems.

Backup copies may persist for a limited period before being overwritten. Reminder logs are retained only as long as needed to prevent duplicate sends.

You can:

• View and edit your expenses, projects, and profile in the app
• Export your expense data as CSV from the dashboard or expenses page
• Delete individual expenses and attachments
• Revoke AI integration tokens from Integrations in Settings
• Leave a workspace or ask a workspace owner to remove your membership
• Sign out at any time from Settings

To request deletion of your entire account and all associated workspaces where you are the sole owner, contact us from the email address on your Recurex profile so we can verify your identity. We will delete or anonymize your data within a reasonable period, except where we must retain information for legal or security purposes.

Depending on where you live, you may have additional rights (such as access, correction, portability, or objection). Contact us to exercise those rights.

Recurex is not directed at children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.

Recurex may be operated from various locations. Your information may be processed in countries where we and our infrastructure providers maintain facilities (including where Supabase and Vercel operate). Those providers may be subject to the laws of their respective jurisdictions. By using Recurex, you consent to this transfer and processing.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you in the app or by email. Continued use of Recurex after changes take effect constitutes acceptance of the revised policy.

Questions about this Privacy Policy or your data? Email us from the address associated with your Recurex account so we can verify your request. For account deletion or data-access requests, include “Privacy request” in the subject line.