LeakGuard

Privacy Policy

Last updated June 12, 2026

The 30-second version

We store your email, the subscription rows you save, and your billing status. We use one analytics tool (PostHog) to see which features get used - opt-in for EU visitors, off if you decline. We never sell data, never share with advertisers, and you can erase everything in one tap from Settings.

1. Who we are

LeakGuard Pro ("we", "us") is a subscription-leak tracker that helps you find forgotten recurring charges. This policy explains what personal data we collect, why, how long we keep it, who we share it with, and your rights under GDPR (EU/UK) and CCPA / CPRA (California).

The data controller is LeakGuard Pro. For any privacy request you can reach us at privacy@leakguardpro.app.

2. What we collect & why

Email address

Sign-in, security alerts, deletion receipts

Legal basis: Contract (Art. 6(1)(b))

Password (hashed) or Google OAuth ID

Authenticate your account

Legal basis: Contract

Subscription rows you save (merchant, amount, frequency, renewal date)

Power your dashboard and savings projections

Legal basis: Contract

Billing status from Stripe (active / canceled / past due)

Unlock or lock Pro features

Legal basis: Contract

Analytics events (page views, clicks, session duration, device/browser, approximate region)

Understand which features get used so we can improve them

Legal basis: Consent (EU/UK) / legitimate interest (rest of world)

Support / concierge messages you send us

Respond to your request

Legal basis: Contract

We never collect:

  • Your bank login credentials
  • Raw bank or credit-card statement files or text
  • Card numbers, CVV, account numbers, or routing numbers
  • Contact lists, location data, or microphone/camera input

3. Analytics (PostHog)

We use PostHog (PostHog Inc., USA) - and only PostHog - to understand product usage. We do not use Google Analytics, Meta Pixel, TikTok Pixel, ad networks, or any other third-party tracker.

What gets sent

  • Pages visited and route transitions
  • Clicks and form submissions (anonymized DOM selectors)
  • Session duration and frequency
  • Device type, browser, OS, viewport size
  • Coarse region inferred from IP (country / region, not street address)
  • Your account ID after sign-in, so we can debug your reports

What is explicitly excluded

  • Subscription names, amounts, or merchants you've saved
  • Raw statement uploads or pasted text
  • Password or auth-token contents
  • Card or banking data (these never reach our servers in the first place)

Consent & opt-out

EU / EEA / UK visitors see a consent banner on first visit. PostHog does not load until you click Accept analytics. Outside that region, PostHog loads by default under legitimate interest, but you can disable it at any time from Settings → Cookies & analytics.

Retention

Raw events: 12 months, then automatically deleted by PostHog. Aggregated counts (e.g. "5,200 dashboards viewed in May") are kept indefinitely because they cannot identify you.

4. Cookies & local storage

sb-* (auth session)Strictly necessary

Keeps you signed in

Retention: Until sign-out or 30 days

leakaudit:cookie-consentStrictly necessary

Remembers your analytics choice

Retention: Until you reset it

leakaudit:device_idStrictly necessary

Lets you save subscriptions before signing in

Retention: Until sign-in or browser clear

ph_* (PostHog)Analytics (opt-in in EU/UK)

Distinguish sessions and identify users

Retention: 12 months

__stripe_mid / __stripe_sidStrictly necessary (payments)

Fraud prevention on Stripe checkout

Retention: Set by Stripe - up to 1 year

Strictly-necessary cookies do not require consent under ePrivacy / GDPR because the service cannot function without them.

5. Who we share data with (sub-processors)

We never sell your personal data. We share it only with the processors below, each bound by a Data Processing Agreement.

SupabaseUnited States (AWS)

Database, authentication, file hosting

Account, subscriptions, support messages

StripeUnited States

Payment processing & subscription billing

Email, billing status, card details (handled by Stripe - never by us)

PostHogUnited States

Product analytics

Pseudonymous event data, account ID after sign-in

Lovable AI Gateway (Google Gemini)United States / EU

Optional AI parsing of statements you paste

Pasted statement text - zero-retention contract, not used for training

CloudflareGlobal

Edge hosting, TLS, DDoS protection

IP address & request metadata (transient)

Google (OAuth)United States

Sign-in with Google (optional auth provider)

Email, name, Google account ID - only if you choose Google sign-in

International transfers to the US rely on Standard Contractual Clauses (SCCs) under GDPR Art. 46.

Business customer? See our Data Processing Agreement (DPA) - auto-accepted with your Terms of Service, no signature required.

6. Payments

All payments are processed by Stripe under PCI DSS SAQ-A. Your card number, CVV, and expiry are entered into Stripe's hosted checkout and never touch our servers. We only receive an opaque customer ID, subscription status, and the last 4 digits of your card for receipts.

7. AI processing

When you paste a bank statement into the scanner, the text is sent over TLS to the Lovable AI Gateway (which routes to Google Gemini), parsed in memory, and discarded after the response. The provider is under a zero-retention agreement and does not use your data to train models.

The basic Manual scanner runs entirely on your device and sends nothing to any AI provider.

8. How long we keep data

Account & subscriptionsUntil you delete your account
Analytics events12 months, then deleted automatically
Stripe billing records7 years (tax/accounting law)
Support tickets24 months after last reply
Suppressed-email listIndefinitely (so we don't email bouncers)
Server logs30 days

9. Your rights

Under GDPR (EU/UK) and CCPA / CPRA (California) you have the right to:

  • Access a copy of your data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your account and all stored data - one-tap from Settings → Delete account (Art. 17). You receive an auditable deletion receipt.
  • Restrict or object to processing (Art. 18, 21) - disable analytics in Settings
  • Portability - export your subscriptions as CSV from the dashboard (Art. 20)
  • Withdraw consent at any time without affecting prior processing (Art. 7(3))
  • Lodge a complaint with your local data-protection authority (Art. 77)
  • Opt out of "sale" / "sharing" under CCPA - we don't sell or share, but you can submit a request anyway

For any of these, email privacy@leakguardpro.app. We respond within 30 days.

10. Security

  • TLS 1.2+ on every connection
  • Passwords stored as bcrypt hashes (never plaintext)
  • Row-Level Security on every user table - your data is invisible to other users at the database level
  • Server-side trigger blocks the client from upgrading itself to Pro or tampering with referral counters
  • Stripe webhooks verified with HMAC-SHA256 + 5-minute replay window
  • Secrets stored in an encrypted vault - never in source code

In the unlikely event of a personal-data breach, we will notify affected users and the relevant supervisory authority within 72 hours (GDPR Art. 33).

11. Children

LeakGuard is not directed at children under 16, and we do not knowingly collect data from anyone under 16. If you believe a child has signed up, email us and we'll delete the account.

12. Changes & contact

We'll post any material changes to this policy here and, where required, email account holders before the new version takes effect. The current version was last updated on June 12, 2026 and is effective June 12, 2026.

Questions, complaints, or rights requests: privacy@leakguardpro.app

← Back to appHelp center →