Skip to main content

Privacy Policy

Effective date: April 1, 2026

1. Overview

Bortoh ("we", "us") is operated by Bortoh Inc., based in California, USA. This Privacy Policy explains what information we collect, how we use it, and what choices you have. We take your financial privacy seriously.

2. Information We Collect

Account information

When you sign up, we collect your name, email address, and authentication credentials. If you sign in with Google, we receive your name and email from Google.

Financial data

This includes bank accounts, transactions, budgets, savings goals, categories, and payees that you create or import. This data is the core of the Service and is used solely to provide you with financial tracking and insights.

Chat messages

Your conversations with Bortoh (the AI assistant) are stored to maintain conversation history and provide contextual responses. Chat messages are processed by our AI language model provider to generate responses.

Uploaded files

Receipts, bank statements, and other files you upload are processed to extract financial data. Files are stored securely by our hosting provider.

Usage data

We collect anonymous usage analytics through our website analytics service, including pages visited, feature usage, and general interaction patterns. This data is aggregated and not tied to your financial information.

Payment information

Payment processing is handled entirely by Stripe. We never see or store your full credit card number. Stripe provides us with a payment token, billing email, and subscription status.

3. How We Use Your Information

  • To provide and improve the Service (financial tracking, AI insights, budgets, goals)
  • To process your AI chat messages and return relevant responses
  • To process payments and manage your subscription
  • To send transactional emails (password resets, billing receipts, account notifications)
  • To detect and prevent abuse or fraud
  • To understand how the Service is used (via anonymous analytics) so we can improve it

We may share anonymized or aggregated data with financial partners to offer you relevant products and services. You can opt out of data sharing at any time in your account settings. We do not share your data with data brokers.

4. Third-Party Services

We use the following third-party services to operate Bortoh. Each processes only the data necessary for its function:

AI language model provider

Processes chat messages and financial data to generate AI responses and insights.

Speech recognition provider

Processes voice recordings for transcription only. Audio is not stored after processing.

Stripe

Handles payment processing and subscription management. Stripe is PCI-DSS compliant.

Database and authentication provider

Provides database hosting, user authentication, and file storage. Data is encrypted at rest.

Web hosting provider

Hosts the web application and serves static assets via CDN.

Website analytics service

Collects anonymous usage analytics to help us improve the product.

Plaid

Bank account connections (planned, not yet active). When enabled, Plaid will securely connect to your bank without sharing your credentials with us.

Email delivery service

Sends transactional emails (password resets, billing receipts, notifications).

5. Cookies and Local Storage

We use a minimal set of cookies and local storage. For details, see our Cookie Policy.

  • Authentication cookies: required for you to stay signed in
  • Theme preference: remembers your dark/light mode choice
  • Analytics cookies: anonymous usage tracking (can be disabled)
  • Chat state (localStorage): stores active conversation tabs for convenience

6. Data Retention

Your data is retained as long as your account is active. If you delete your account, we will delete all your personal and financial data within 30 days. Some anonymized, aggregated data may be retained for analytics purposes.

Backups that include your data are automatically purged within 30 days of account deletion.

7. Data Deletion

You can request deletion of your account and all associated data by contacting us at contact@bortoh.com or through the app's profile settings. Deletion is processed within 30 days.

You can also export all your data before deletion using the built-in export feature.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt out of the sale of personal information
  • Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at contact@bortoh.com.

9. Children's Privacy

Bortoh is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. International Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using Bortoh, you consent to this transfer. We ensure all providers maintain appropriate data protection standards.

11. Security

We protect your data with industry-standard security measures:

  • Industry-standard encryption for all data in transit
  • Industry-standard encryption for data at rest
  • We never store bank login credentials directly. Bank connections are handled by Plaid
  • Stripe handles all payment card data. We never see full card numbers
  • Row-level security policies ensure users can only access their own data

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we'll notify you via email or through the app. The effective date at the top of this page indicates when it was last updated.

13. Contact

Questions about this Privacy Policy? Reach us at contact@bortoh.com.