Privacy Policy

Last updated: April 2026 · Version 1.1

1. Information We Collect

When you create an account, we collect your name, email address, and a hashed password. If you sign in via Google, we receive only the profile information Google shares (typically name and email). We do not store OAuth tokens.

We also store the financial data you enter (jar names, balances, transaction amounts, and categories) so we can display it back to you across sessions.

For security and fraud prevention purposes, we store the IP address used at the time of account registration (registration IP) and the IP address of your most recent authenticated session (last login IP). IP addresses are considered personal data under GDPR. They are stored securely, never shared with third parties, and are deleted when you delete your account.

For legal compliance, we record your acceptance of our Terms of Service at the time of registration. This record includes your user ID, the version of the Terms accepted, the date and time of acceptance, and the registration method (email/password or Google).

2. How We Use Your Information

  • To provide and operate the FillJar service.
  • To authenticate you and keep your account secure.
  • To process payments via Stripe (Pro upgrade). We never see or store your card details.
  • To send transactional emails (e.g. password reset) — no marketing without consent.

3. Data Storage & Security

Your data is stored in a MongoDB database hosted on secure infrastructure. Passwords are hashed with bcrypt and never stored in plain text. We use HTTPS everywhere.

4. Third-Party Services

  • Stripe — payment processing for Pro upgrades.
  • Google OAuth — optional sign-in method.

We do not sell, rent, or trade your personal information to any third party.

5. Your Rights

You can delete your account and all associated data at any time from the dashboard settings. You may also contact us to request a copy of your data or to ask any privacy-related questions.

6. Cookies

We use a single session cookie to keep you logged in (via NextAuth). We do not use tracking or advertising cookies.

7. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via a banner on the site.

8. Contact

Questions? Reach out on @KalbarczykDev on Twitter/X.