TROVE

Privacy Policy

Last updated: 1 Jun 2026

The short version: We don't store your bank statements or transactions. They're parsed in memory, analyzed by AI for categorization, and discarded the moment your dashboard renders. The only data we keep is your account profile (name + email) so you can log back in.

1. Who we are

TROVE is a personal financial-intelligence tool that analyzes your bank statements and helps you understand your spending. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Information we collect

2.1 Account information (stored)

When you create an account or sign in with Google, we collect:

Email address — to identify your account and contact you about it
Display name — to personalize the app's greeting
Last login timestamp — for security auditing
Account creation timestamp — internal record-keeping

If you sign in with Google, this information is provided by your Google account. We do not receive your Google password, contacts, calendar, Drive, photos, or any other personal data beyond your name and email address.

2.2 Bank statement data (NOT stored)

When you upload an Excel (.xlsx / .xls) bank statement, we read its contents to extract:

Transaction date
Description / merchant name
Debit and credit amounts
Account balance
The filename (used as the bank name label)

This data is processed entirely in memory. It is never written to any database, log, or persistent storage on our servers. As soon as your analysis request completes and the dashboard renders, the data is discarded from server memory.

2.3 Technical information

For security and rate-limiting we temporarily process your IP address and the timestamps of your requests. These are kept only in volatile memory and rotate out every minute.

2.4 Mobile app (Android) — even less data leaves your device

If you use the Trove Android app instead of the web app, the data flow is even more restricted:

Bank statements are parsed entirely on your phone. The .xlsx / .xls file never leaves the device. Parsing happens locally — including the legacy .xls format, which is read via Apache POI through a native Android bridge.
Transactions are stored locally in an on-device SQLite database (Drift). They are never uploaded to our servers, never backed up to Google Drive by us, and never shared with any third party.
Two kinds of data leave your device, only when needed:
- Anonymous merchant strings (e.g. "AMAZON IN GROCERY") sent to our categorization API in batches of 50. No amounts, no dates, no balances — just the description text.
- A month's transactions (date, amount, type, merchant, category) sent to our AI insights API when you view the dashboard, refresh insights, or finish an import. We never send your account number, balance, customer ID, name, or any field that identifies which bank account a row belongs to.
Both APIs process every request in memory only and return the result. Neither the merchant strings nor the transaction snippets are logged or stored on our servers. Insights are cached on your device so the next dashboard render is instant — and that cache lives only on your phone.
Uninstalling the app deletes every on-device row. There is nothing on our servers tied to your transaction history to delete.

3. How we use your information

Account information is used solely to authenticate you and display your name in the app. It is never used for marketing, advertising, or shared with any third party.
Bank statement data is used for the sole purpose of categorizing each transaction (Food, Transport, etc.) and generating spending insights using our 3rd Party AI partner. Our AI partner's terms prohibit them from using customer data to train their models without explicit consent, which we do not provide.
The categorized data is returned to your browser, displayed in charts and tables, and held only in your browser's memory. Closing or refreshing the tab discards it.

4. Data storage and retention

Your profile data (name, email, timestamps) is stored in Google Cloud Firestore in the asia-south1 region. It is retained until you request deletion (see Section 8).
Bank statements and transactions are not stored. They exist only in transient server memory during a single API request, typically for fewer than 10 seconds.
We do not place tracking cookies. The only browser storage we use is the standard Firebase Authentication local storage, which holds your sign-in token.

5. Third-party services we rely on

TROVE is built on Google Cloud Platform. We use multiple GCP services like Firebase, CloudRun etc. to power the service.

All GCP services are governed by Google's Data Processing Addendum. We do not share your data with any other third parties.

6. Security

All traffic to and from TROVE is encrypted with TLS 1.3 (HTTPS-only, HSTS-enforced).
Authentication uses Google-signed ID tokens, verified on every request.
The Firestore database is configured with default-deny access rules. Only the authenticated backend can read or write profile data, and only for the account that's currently signed in.
Bank statement files are validated for type, size, and content. We use Apache POI's zip-bomb defenses to prevent malicious file attacks.
Per-user and global rate limits prevent abuse of the AI categorization endpoint.

7. International transfers

Our servers and data storage are located in Google Cloud's asia-south1 (Mumbai) region. If you access TROVE from outside this region, the request travels via Google's global network. All transfers are encrypted.

8. Your rights

You can, at any time:

Sign out from any device using the sign-out button.
Request account deletion by emailing us (see Section 10). We will delete your Firestore profile record and your Firebase Authentication account within 14 days.
Request a copy of your stored data — which consists solely of your name, email, and timestamps — by email.
Reset your password (email/password accounts only) via the "Forgot password?" link on the sign-in screen.

9. Children

TROVE is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe we have, please email us and we'll delete the account.

10. Contact

For any privacy questions, data requests, or account deletion, email us at:
trovefi-support@googlegroups.com

11. Changes to this policy

We may update this policy occasionally. When we do, the "Last updated" date at the top of this page changes. Material changes will be communicated by email to all active users at least 14 days before they take effect.