Privacy Policy
Last updated: February 28, 2026
Alertifi (“we”, “our”, “us”) is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we protect it.
1. What We Collect
Account information
Your name, email address, and a hashed (bcrypt) password when you sign up with email. If you sign in with Google, we receive your name and email from Google — no password is stored.
Gmail connection
When you connect your Gmail account, Google issues us an OAuth access token and refresh token. These tokens are encrypted at rest using AES-256 before being stored in our database. We request read-only access — we can never send, delete, modify, or forward your emails.
Extracted alert data
When you run a scan, we read email subjects and bodies to identify bills, renewals, and deadlines. We do not store raw email bodies. What we extract and save is only the structured data our AI identifies:
- Alert title (e.g. “Netflix — Annual Renewal”)
- Due date and amount (if present)
- Category (subscription, bill, document, etc.)
- Source email subject line (for reference)
- AI confidence score
The full email body is processed in memory and discarded. It is never written to our database.
Usage data
Reminder history (which alerts received email reminders), action logs (when you mark something as paid or cancelled), and subscription/billing records via our payment processor.
2. How We Use Your Data
- To scan your inbox and surface upcoming bills and renewals
- To send you email reminders before items are due
- To maintain your account and billing
- To improve the accuracy of our AI detection (aggregate, anonymised usage patterns only)
We do not sell your data. We do not use your inbox for advertising.
3. Third-Party Services
We use the following trusted sub-processors:
| Service | Purpose |
|---|---|
| Google (Gmail OAuth) | Read-only inbox access |
| Anthropic (Claude API) | AI analysis of email content — bodies are sent for parsing but not retained by us |
| Supabase | Encrypted database storage (PostgreSQL) |
| Vercel | Application hosting and serverless functions |
| Resend | Transactional email delivery (reminders, account emails) |
| Dodo Payments | Payment processing — we never see your card details |
When email content is sent to Anthropic's API for analysis, it is governed by Anthropic's Privacy Policy. Anthropic does not use API inputs to train models by default.
4. Data Security
- OAuth tokens encrypted at rest — your Gmail access and refresh tokens are encrypted with AES-256-GCM (authenticated encryption) before storage. A random IV is generated per token; the auth tag prevents tampering.
- Passwords hashed — bcrypt with a unique salt per user
- HTTPS everywhere — all traffic is encrypted in transit
- Database encryption — Supabase PostgreSQL with encryption at rest
- Bot protection — hCaptcha on all authentication forms
- Webhook integrity — HMAC-SHA256 signatures verified on all payment webhooks
- Rate limiting — scan and authentication endpoints are rate-limited
5. Data Retention & Deletion
Your data is retained for as long as your account is active. You can delete your account at any time from Settings → Account. On deletion, all your alerts, connected accounts, reminders, and personal data are permanently removed from our database within 30 days.
You can revoke Gmail access at any time from your Google account permissions page. This immediately prevents further inbox access.
6. Your Rights
Depending on your location, you may have rights to:
- Access — request a copy of the data we hold about you
- Correction — request that inaccurate data be corrected
- Deletion — request that your data be deleted
- Portability — receive your data in a structured, machine-readable format
- Objection — object to certain processing of your data
To exercise any of these rights, contact us at support@alertifi.xyz.
7. Cookies
We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
8. Changes to This Policy
If we make material changes to this policy, we will notify you by email or by posting a notice in the dashboard. The “Last updated” date at the top of this page reflects when the most recent changes were made.
9. Contact
Questions or concerns? Email us at support@alertifi.xyz and we'll respond within 2 business days.