Grove is a personal finance coaching app. We take your privacy seriously — especially because you're trusting us with sensitive financial information. This Privacy Policy explains what data we collect, how we use it, and your rights.
1. What We Collect
Account Information
- Email address and display name (provided at signup)
- Authentication credentials (stored securely by Supabase — we never see your password)
- Profile preferences (preferred name, household type, onboarding status)
- Terms of Service acceptance timestamp
Financial Data
- Bank and credit card account information you add (account name, type, balance)
- Transaction records from uploaded CSV and PDF statements
- Debt details (balances, APR, minimum payments)
- Assets (property, vehicles, investments) and their estimated values
- Goals, budgets, sinking funds, and recurring bills you create
- Uploaded statement files (PDFs and CSVs)
Usage Data
- AI query logs (questions asked, token usage) — used for cost monitoring and abuse prevention
- API request logs (endpoint, timestamp, response code) — used for error monitoring
- Application errors captured by Sentry (may include stack traces, not financial data)
2. How We Use Your Data
- Providing the App: Your financial data powers your dashboard, net worth calculations, budgets, debt payoff plans, and all other features.
- AI features: Your financial data (account balances, transactions, goals) is sent to Anthropic's Claude AI to generate Money Meeting narratives, answer Ask Grove questions, and categorize transactions. See Section 4 for details.
- Transactional email: We send verification emails and password reset links via Resend. We do not send marketing email unless you opt in.
- Error monitoring: We use Sentry to detect and fix application errors. Error reports do not include your financial data.
- Improving Grove: Aggregated, non-identifiable usage patterns help us prioritize features and improve reliability.
3. Data Storage and Security
Your data is stored in a PostgreSQL database hosted by Supabase (US region). All data is encrypted at rest and in transit (TLS). Grove uses Supabase's Row-Level Security (RLS) to ensure that every database query is scoped to your user account — you can only ever read or write your own data.
The app is deployed on Vercel with HTTPS enforced. We do not store your data on local servers.
4. AI Processing (Anthropic Claude)
Grove uses Anthropic's Claude AI models for transaction categorization, Money Meetings, Ask Grove, and PDF statement analysis. When you use these features, relevant portions of your financial data are sent to Anthropic's API.
What is sent: Account names, balances, transaction descriptions and amounts, debt details, and your explicit questions to Ask Grove. We do not send your full name, email address, or government ID numbers to the AI.
Anthropic's data handling:Per Anthropic's API terms, data submitted via the API is not used to train their models. Anthropic may retain API request data for safety monitoring for up to 30 days. See Anthropic's Privacy Policy for full details.
5. Third-Party Services
Grove uses the following third-party services to operate:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database & authentication | All user data |
| Vercel | App hosting & CDN | Request metadata (IP, headers) |
| Anthropic Claude | AI features | Financial data (no PII) |
| Resend | Transactional email | Email address |
| Sentry | Error monitoring | Error logs (no financial data) |
| Google (OAuth) | Optional sign-in | Name & email (if used) |
We do not sell your data to any third party, ever.
6. Cookies
Grove uses cookies only for authentication — specifically, the session cookies set by Supabase to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required.
7. Data Deletion
You can delete your account at any time from Settings → Delete Account. You will be offered two options:
- Full wipe: All your data is permanently deleted from our systems within 30 days. This includes all accounts, transactions, goals, and profile information.
- Keep anonymized data: Your financial transaction history is retained in anonymized form (no name, email, or account identifiers) for 12 months. This allows you to restore your data if you re-register with the same email. After 12 months, it is permanently deleted.
To request deletion of specific data without deleting your account, contact us at privacy@grovefi.app.
8. Your Rights (CCPA / GDPR)
Depending on where you live, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your personal data (see Section 7)
- Portability: Request your data in a machine-readable format
- Opt-out: We do not sell personal information, so there is nothing to opt out of
To exercise any of these rights, email privacy@grovefi.app. We will respond within 30 days.
9. Children
Grove is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect. Your continued use of Grove after the effective date constitutes acceptance of the updated policy.
11. Contact
Privacy questions or requests: privacy@grovefi.app
General support: support@grovefi.app