Privacy Policy

Last updated: February 27, 2026

FolioPilot ("we", "our", "the Service") is a Telegram-based budgeting assistant that helps you track spending across bank accounts, credit cards, and Venmo. This policy explains what data we collect, how we use it, and how you can control it.

1. Data We Collect

We collect only the data necessary to provide the Service:

• Telegram user ID — used to identify your account. We do not collect your name, phone number, or profile photo from Telegram.
• Bank & credit card data — account identifiers, institution names, and transaction details (date, description, amount) retrieved through Teller's secure API. We store encrypted access tokens; we never see or store your bank login credentials.
• Venmo data — bearer tokens (encrypted at rest), Venmo user ID, display name, and transaction details (counterparty, amount, direction). Tokens are provided by you voluntarily.
• Email forwarding — if you set up Venmo email forwarding, we process incoming Venmo receipt emails to extract transaction data. We store a per-user forwarding address.
• Transaction metadata — AI-generated expense categories, user-corrected categories, and clarification flags.

2. How We Use Your Data

• Display your transactions, spending breakdowns, and trends
• Categorize expenses using AI (Google Gemini)
• Match Venmo transactions to credit card charges
• Respond to your natural-language questions about your finances

We do not sell, rent, or share your personal or financial data with third parties for marketing or advertising purposes.

3. Third-Party Services

The Service integrates with:

• Teller — to securely connect your bank accounts. Teller's own privacy policy applies to data handled by their platform.
• Google Gemini — to power AI categorization and chat responses. Transaction descriptions may be sent to Google's API for processing. Google's terms of service apply.
• Telegram — messages you send to the bot are received via Telegram's Bot API.

4. Data Storage & Security

• Data is stored in a PostgreSQL database hosted on Google Cloud.
• Sensitive credentials (bank tokens, Venmo tokens) are encrypted at rest.
• Application secrets are managed via Google Cloud Secret Manager.
• All traffic is encrypted in transit via HTTPS.

5. Data Retention & Deletion

We retain your data for as long as you use the Service. You can request deletion of all your data at any time by messaging the bot or contacting us at the email below. Upon request, we will delete your account data, transaction history, and stored tokens.

6. Your Rights

You have the right to:

• Request access to the data we hold about you
• Request correction or deletion of your data
• Disconnect your bank accounts or Venmo at any time
• Stop using the Service, at which point no new data will be collected

7. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the bot or this page.

9. Contact

If you have questions about this privacy policy or want to request data deletion, contact us at privacy@patyoon.com.