MrBottomLine (“we”, “us”, “our”) operates the website mrbottomline.club and the MrBottomLine Tracker mobile app (collectively, the “Service”). This page explains what personal data we collect, why we collect it, how we store it, who we share it with, and how you can request its deletion.
By using the Service, you agree to the collection and use of information in accordance with this policy.
When you sign up, we collect your phone number (for OTP-based authentication via Supabase Auth) and optionally a name, username, and short bio if you choose to add them on your profile screen.
The Service is an expense tracker. We store the transactions you log — including amount, date, description, category, wallet, optional note, and labels — in our database. We never connect to your bank account; everything is entered manually by you (typed or via voice input).
If you use the voice-input feature, your spoken text is transcribed on-device and the transcript is sent to Anthropic's Claude API for parsing into a structured transaction. Audio is not stored. The transcript is sent only to extract transaction fields; we do not retain it for training purposes.
If you use the AI insights feature on the dashboard, an aggregated summary of your recent spending is sent to Anthropic's Claude API to generate a one-paragraph insight. The summary contains category totals and date ranges — never raw transaction text.
If you subscribe to MrBottomLine Pro, payment is processed by Razorpay, an Indian payment gateway. We do not see, store, or process your card or UPI details. We store only the Razorpay subscription ID, your plan tier (free or pro), the renewal date, and whether you have cancelled or applied a loyalty discount — so we can show your subscription state on your Pro page.
We log standard server logs (IP address, user agent, request path, response time) for debugging and abuse prevention. These logs are retained for up to 30 days. We do not run third-party analytics or advertising trackers on the Service.
We do not sell or rent your personal data. We do not use your data to train any AI model.
The Service relies on a small number of trusted infrastructure providers:
We may also disclose information if required to do so by law or in response to a valid legal request.
All transaction data is stored in our Supabase database, hosted in the AWS Mumbai (ap-south-1) region. Data is encrypted in transit (TLS) and at rest. Database access is gated by row-level security (RLS) — you can only read or write your own rows.
Server-side secrets (API keys, webhook signing secrets) are stored as encrypted environment variables on Vercel. We rotate sensitive credentials periodically.
Your transactions and profile remain stored for as long as your account is active. If you delete your account, all data associated with it is removed from our active database within 30 days, with backups purged within 90 days.
You can, at any time:
The Service is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. Material changes will be communicated via in-app notice or email.
For privacy questions, data export, or account deletion, email hello@mrbottomline.club. We aim to respond within 7 business days.
Operator: MrBottomLine, India.