Privacy Policy

What we collect

When you create an account, we collect your name and email address through Clerk, our authentication provider. That is the only personal information you give us directly.

If you connect a bank account, transaction data flows into DonkeyBucks: merchant names, amounts, dates, and account balances. This is financial data and we treat it accordingly.

If you import a CSV file, we store that transaction data in the same way. If you enter transactions manually, same deal.

How bank connections work

Bank sync is available on the Pro tier and uses Plaid. Here is exactly what happens:

Plaid (Pro tier bank sync): At most banks, Plaid uses your bank's own OAuth login: you authenticate on your bank's website or app, and a read-only access token is issued. Your bank credentials go to your bank. DonkeyBucks never receives or stores your bank username or password at any point. Plaid is SOC 2 Type II certified and operates under its own published security and privacy program.

The access token Plaid shares with us is read-only. We use it to pull transaction and balance data. We cannot initiate transfers, move money, or make any changes to your accounts.

No bank connection is required to use DonkeyBucks. The Free tier works from CSV imports and manual entry. SimpleFIN is also available as an alternative connection option for users who prefer it ($1.50/mo paid directly to SimpleFIN).

AI categorization

When you trigger AI categorization, batches of your transaction data (merchant names, amounts, dates) are sent to Anthropic's Claude API for categorization. This only happens when you click the button. It does not run automatically in the background.

Anthropic processes this data under their API terms of service. Per Anthropic's policies, API input data is not used to train their models. We do not retain any processed results on Anthropic's infrastructure, just the categorization suggestions we store in your DonkeyBucks account.

What we never do

• Sell your data to anyone, full stop.
• Share your financial data with advertisers.
• Use your data to target you with financial products.
• Store your bank login credentials anywhere.
• Access your bank accounts for any purpose other than fetching read-only transaction data at your direction.

Where your data lives

Your account and transaction data is stored in Convex Cloud, a serverless database platform. Data is encrypted in transit (TLS) and at rest. Authentication is handled by Clerk, which is SOC 2 Type II certified.

DonkeyBucks is hosted on Vercel. Your data does not leave the United States under normal operation.

Cookies

We use cookies and local storage for authentication sessions only. Clerk sets a session token so you stay logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. There is no cookie banner because there is nothing invasive to consent to.

Deleting your data

Email us at hello@donkeybucks.com and we will delete your account and all associated data within 30 days. That includes your profile, all connected accounts, all transactions, all rules and categories you created, everything. We do not hold on to anything after a deletion request.

Changes to this policy

If we make material changes, we will update the effective date at the top of this page and, if it is significant, notify you by email. Continuing to use DonkeyBucks after a change means you accept the updated terms.

Questions

Email hello@donkeybucks.com. A human reads it.