GlidePath Money

Privacy

Privacy Policy

Plain-English version: by default, your financial data lives on your PC and we don’t keep a copy of it. A few optional features you can switch on — AI categorization, the email inbox, and the “help improve bank support” diagnostic — send limited data off your machine; we spell out exactly what, below. We also collect the minimum needed to provision your private subdomain and bill you. This page is the precise version of that promise.

Last updated: June 12, 2026

What we deliberately don't collect

Your bank account balances, transactions, credit card numbers, retirement account values, net worth, cash flow, debt amounts, real estate values, business income — by default none of this is sent to us. It all lives in plain files on your computer, and we keep no copy of your financial file. (The optional features below — AI categorization and the email inbox — send limited transaction details only when you switch them on.) This is the whole point of GlidePath Money.

We also don't collect:

  • Bank credentials (passwords, MFA secrets, security questions) — we never ask
  • Plaid, Yodlee, or any other aggregator-style integration data — we don't use those services
  • Browsing history, clipboard contents, screen recordings, or any telemetry from the installed app
  • Crash dumps with your data attached — the optional crash report excludes anything from your DataFolder

What we do collect

The minimum needed to operate the service:

  • Your email address — used as your license identifier, and as the username when you sign in at bridge.glidepathmoney.com for phone access (each sign-in uses a one-time 6-digit code we email you — there’s no reusable password to store or steal)
  • Your chosen subdomain (e.g., john for john.glidepathmoney.com) — provisioned at Cloudflare
  • A license key we generate and email you — used to authenticate the installer
  • Device records for your license — at activation (and on the app’s weekly re-verify) we store a device identifier, the device’s name, and its operating system, so the per-license device cap works and the in-app /License page can show you each device and let you remove one
  • Payment information — processed by Stripe (stripe.com). Stripe handles your card details directly; we never see your card number. Sales tax + Canadian GST are calculated and filed automatically by Stripe Tax. QuickTech LLC (dba GlidePath Money) is the seller of record. From Stripe we receive only the minimum needed to deliver and support your license: your email, billing country, and order status.
  • Cloudflare resource IDs for the tunnel, DNS record, and Access policy we create for you — used to operate phone access, and to remove those resources cleanly when your customer record is deleted (after a refund or termination, or on request)
  • Optional feedback you submit via the in-app Feedback button — content you choose to send us, and your email if you want a reply
  • Optional crash reports if you click "send report" on an error page — stack trace, app version, page URL. Excludes data folder contents.
  • IP address at legal acceptance — when you accept the legal documents on the in-app /Accept screen, we record the IP address you connected from alongside the timestamp. One row per (document, version) you accept. This is the audit trail that proves which version of each document was in effect when you agreed.

What gets emailed (and where it goes)

We use Resend (resend.com) as our outbound email provider for sending welcome notes, license keys, and operational replies. Resend sees the email body in transit but does not retain it. Our domain SPF/DKIM records are configured per Resend's standard setup.

Inbound mail to [email protected] is routed by Cloudflare Email Routing to a forwarding address. Cloudflare may scan for spam; the routing rule does not store the content beyond what's needed to forward.

Email inbox feature (optional, opt-in)

If you choose to use the email-forward feature, each customer gets a private address like [email protected]. Mail sent there is handled by a Cloudflare Email Worker that does three things, in order:

  1. Logs metadata — sender, subject, timestamp, the body — to our Cloudflare D1 database. This is transient: the body is purged the moment parsing completes. On the rare email we can’t parse, we keep the body to retry, then purge it automatically after 7 days.
  2. Calls Anthropic's Claude Haiku API to extract structured transactions (date, amount, merchant, last 4 of the card) from the body. Anthropic processes this content per their commercial API privacy commitments; they do not train on API traffic.
  3. Writes the extracted transactions to a per-customer queue. Your app polls the queue with your license key, writes the transactions to your PC, and acknowledges receipt — at which point we drop the queued rows from our side too.

Net effect: email content lives on our infrastructure for the seconds it takes to parse — or, on the rare email we can’t parse, up to 7 days while we retry, then it’s purged automatically. Extracted transactions live in the queue only until your app picks them up. Don't use the feature and nothing reaches us. The in-app /EmailInbox page is the on/off switch on your end.

AI categorization (optional, opt-in)

The in-app Categorize with AI page can suggest categories for uncategorized transactions. When you click it — and only then — the app sends, for each transaction in the batch you chose: the payee text, the amount, the date, and a high-level account type (like “Liquid” or “Business” — never the account’s name, its balance, or whose it is), plus your category names so the suggestions speak your vocabulary. That goes through our Cloudflare Worker to Anthropic’s Claude API, which processes it under their commercial API privacy commitments — they do not train on this traffic.

We don’t store the transactions: the Worker forwards the batch, returns the suggestions, and keeps only a monthly usage count (so the included cap works). Every result comes back as a suggestion — nothing is written to your file until you confirm it in the app. The feature requires active maintenance. Don’t click it and nothing is sent.

Browser extension — help improve bank support (optional, opt-in)

The GlidePath browser extension captures your bank exports straight to your PC; it never sends your financial data to us. The one exception is fully optional and off by default: a setting called “Help improve bank support.” If you turn it on, then whenever the extension downloads a file it can’t automatically recognize, it sends us a small, redacted diagnostic so we can add support for that bank:

  • the column names from the file’s header row (e.g. “Trans. Date, Description, Amount, Category”) — never any data rows;
  • the download URL with every value stripped to <redacted>, so we see the endpoint shape, not your account number or tokens;
  • the file type, the outcome, and your extension version + browser.

It never sends your transactions, amounts, balances, account numbers, the filename, the page title, cookies, or anything identifying you — and our server re-strips the data a second time before storing it, as a backstop. Leave the setting off (the default) and the extension sends us nothing, ever. There’s also a “Copy diagnostic” button in the extension that shows you the exact redacted text so you can send it to us by hand instead.

Tunneled remote access

Your dashboard URL (e.g. john.glidepathmoney.com) terminates at Cloudflare's edge and tunnels back to your PC via the Cloudflare Tunnel running locally. Because the tunnel runs through Cloudflare's edge, Cloudflare — like any reverse proxy — can technically see the request and response contents in transit there. We never store them, and your data folder always stays on your PC. We have access to logs that show that requests happened (timestamps, source IPs, response codes), but we don't capture or retain what was in them.

Phone sign-in goes through bridge.glidepathmoney.com, a tiny proxy we run on Cloudflare Workers. You enter your email, it emails you a fresh one-time 6-digit code, it sets a session cookie when the code matches, and then forwards your requests to your subdomain with a Cloudflare service-token credential injected — so you don't need a Microsoft or Google account, and we don't pay per-seat identity-provider fees that would force us to charge you more. Like the underlying tunnel, the proxy can technically see request and response contents in transit, but we never store or log the dashboard bodies — only that a request happened (timestamps, URLs, response codes).

Live market prices (optional)

If you track holdings and tap Refresh, the ticker symbols (e.g. AAPL, VTI) are sent through our Cloudflare Worker to a market-data provider (Yahoo Finance) to fetch current prices. Only the symbols leave your machine — never quantities, cost basis, or account info — we don’t log them, and results are cached about 15 minutes at the edge. Don’t tap Refresh and nothing is sent; you can also enter prices by hand. The provider is listed on /subprocessors.

Where things are stored

DataWhere it livesRetention
Your financial dataYour PC's DataFolderUntil you delete it
License key + emailCloudflare D1 (our database)For as long as your license exists — it’s perpetual, and the app’s weekly license check reads it. Deleted within 30 days of a refund or termination, or on request via privacy@ (note: the license check needs this record, so deleting it deactivates the app)
Subdomain + Cloudflare IDsCloudflare D1Phone-access sign-ins stop when your maintenance ends; the subdomain, tunnel, and these stored IDs are removed with your customer record — within 30 days of a refund or termination, or on request (see row above)
Payment recordsStripe (our payment processor)Per Stripe's retention policy + our 7-year US tax-records requirement
Feedback submissionsCloudflare D1Until you ask us to delete
Crash reports (opt-in)Cloudflare D190 days then auto-deleted
AI-categorization batches (opt-in)Anthropic API via our WorkerNot stored by us — forwarded for suggestions and dropped; we keep only a monthly usage count
Device records (identifier, name, OS per activated device)Cloudflare D1Until you remove the device on /License, or with your customer record
Inbound email bodies (opt-in)Cloudflare D1Logged transiently; purged when parsing completes (typically seconds; an unparseable email is kept up to 7 days for retry, then purged)
Parsed transactions (opt-in)Cloudflare D1Until your app picks them up via /inbound (typically < 5 min)
Holdings ticker symbols (opt-in refresh)Market-data provider via our WorkerNot stored; cached ≈ 15 min at the edge, never logged
Tunnel + Access logsCloudflarePer Cloudflare's standard log retention (≈ 30 days)
Legal-acceptance audit log (timestamp + IP per accepted doc version)Cloudflare D1Retained for the audit trail; you can request deletion via privacy@
Conversion events (buy-click / download / checkout-success)Cloudflare Analytics EngineAggregate, cookieless, no PII; per Cloudflare’s Analytics Engine retention

One consequence worth stating plainly: the app’s weekly license check reads your customer record. If that record is deleted — after a refund or termination, or because you ask us to delete it — the check can no longer succeed, and the installed app will stop opening. Your data files on your disk stay exactly where they are either way.

Children’s privacy

GlidePath Money is intended for adults 18 years or older. We do not knowingly collect personal information from individuals under 18. If we discover we have inadvertently collected such information, we will delete it. If you believe a minor has provided us information, please contact [email protected] and we will remove it promptly.

Automated decision-making and Glide AI

We do not make automated decisions about you that produce legal or similarly significant effects. We do not profile you. The optional Glide AI helper (powered by Claude Haiku via Anthropic) generates conversational responses to conceptual questions you ask — for example, “what is a Roth conversion?” or “why is this Monte Carlo range so wide?”. It does not make decisions about your account, your license, or your access to the service. It never sees your transactions, balances, or holdings. You can disable Glide AI at any time in app settings. See the subprocessors page and security page for the technical details.

Your rights

Regardless of where you live, you have the rights below. Where applicable state, provincial, or federal law gives you additional rights, those are listed in the region-specific sections that follow.

  • Request deletion. Email [email protected]. We delete your customer record + Cloudflare resources typically within 7 days, and no later than 30 days from a verified request. Payment records that we’re legally required to retain for tax purposes (7 years under US tax law) are held by Stripe as our payment processor — see Stripe’s privacy policy for their retention and deletion process.
  • Request a data export. Same email. We send back the exact contents of your customer row + any feedback you submitted. (Your financial data is on your PC; we have nothing to export.)
  • Disable optional collection. The in-app Feedback button and crash-reporter are off unless you click them. You can use the entire product without ever sending us a single byte beyond the license check.
  • Correct inaccurate information. If your email or other record data is wrong, email us and we’ll fix it.
  • Withdraw consent for any optional collection (feedback, crash reports) at any time, with no effect on your license.

Where we offer GlidePath Money

At this time, GlidePath Money is offered to customers with a billing address in the United States or Canada. Stripe Tax gates checkout to jurisdictions where we hold tax registration; non-US/non-Canadian billing addresses can’t complete a purchase. We do not currently serve customers in the European Union, United Kingdom, or other regions because the app’s tax-modeling and retirement-planning features assume U.S. tax rules; we’d rather not sell you a tool whose core calculations don’t fit your situation. Canadian users: please see the “For Canadian customers” note at the bottom of the tax disclaimer.

Your privacy rights — U.S.

If your U.S. state privacy law gives you rights to access, correct, delete, export, appeal, or opt out of certain processing, we honor those rights where they apply to us. State privacy laws are expanding quickly, so we apply the same practical request process below instead of making you wait for a formal policy update.

What those rights mean, in plain English:

  • Ask what we have. “What personal info do you hold about me?” Email us; we’ll tell you. (Formally: right to know / access.)
  • Ask us to delete it. “Get rid of my customer record.” We do, within 30 days. Some payment records we’re legally required to keep for tax purposes (7 years under US tax law); those stay with Stripe only as long as the law requires. (Right to delete.)
  • Ask us to fix something. “My email is wrong.” We fix it. (Right to correct.)
  • Ask for a copy in a portable format. We send it. (Right to data portability.)
  • No discrimination. Asking us to do any of the above doesn’t affect your license, your price, or anything else. (Right to non-discrimination.)
  • Opt out of selling, sharing, targeted advertising, profiling. We don’t do these — see the section below — but the right exists in case anything ever changes.

Do Not Sell or Share My Personal Information

We don’t sell your personal information. We don’t share it with third parties for cross-context behavioral advertising, and we don’t use targeted-advertising cookies. We don’t have your financial file, and the customer record we do hold is used to operate, bill, secure, and support the service. If a privacy law treats a future marketing or analytics tool as a sale, sharing, targeted advertising, or profiling, we will publish the required control and honor applicable browser opt-out signals before enabling it.

How to actually exercise your rights

Email [email protected] and tell us what you want. We respond within 30 days. If we need more time (the law lets us extend by 30 more for genuinely complex cases), we’ll tell you in advance, not after. We verify your identity by matching the email against your license; if we can’t verify, we’ll ask for what we need — we won’t quietly deny.

If you think we mishandled a request, you can complain to your state’s attorney general or to the Federal Trade Commission. We’d rather you tell us first so we can fix it.

Your privacy rights — Canada

If you’re a Canadian customer, you have rights under PIPEDA (the federal privacy law) and, if you live in Quebec, the stronger Law 25 (think GDPR-ish). British Columbia, Alberta, and other provinces have their own laws that apply where relevant.

What those rights mean, in plain English:

  • Ask what we have. Email us; we’ll tell you.
  • Ask us to fix it. We fix wrong information.
  • Withdraw your consent for anything optional (feedback, crash reports) at any time. Doesn’t affect your license.
  • Quebec residents under Law 25 also have the right to receive your data in a normal portable format, and the right to know if we make automated decisions about you. We don’t make those; if that ever changes, we’ll tell you.
  • Complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial commissioner. We’d rather you tell us first.

Email [email protected]. We respond within 30 days, as PIPEDA requires. Requests in French are welcome from Quebec residents.

Where your data physically lives

Practical reality: our infrastructure runs on Cloudflare’s global edge network, and Anthropic (for the Glide AI helper) and Resend (for outbound email) are based in the United States. If you’re a Canadian customer, your customer record + any feedback or crash report you submit will be processed on servers that may sit in the U.S. By using the service you’re consenting to that. We rely on the standard vendor safeguards for the transfer. The full vendor map is at /subprocessors.

Cookies + analytics

The marketing site (glidepathmoney.com) uses Cloudflare Web Analytics — a privacy-first, cookieless measurement tool that counts page views and referrers without cookies, fingerprinting, cross-site tracking, or any personally identifying data (visitors in the EU are excluded entirely). Beyond that, no other analytics and no ad-tech. The installed app sets a few first-party cookies for sign-in session state (Cloudflare Access); those don't leave your tunnel.

We also count a few high-intent actions on the marketing site — clicking a buy button, starting a download, or reaching the post-checkout thank-you page — by sending a small cookieless event to our own server (not a third-party). Each event records only the action, the page path, a coarse label (which plan, or a purchase vs. an upgrade), the referring site’s domain, any campaign tags in the link you followed, and a country code. No cookies, no device or visitor ID, no IP stored, nothing that identifies you — just aggregate counts so we can see how many people who look end up buying. It runs on our own infrastructure (Cloudflare Analytics Engine), not a marketing vendor.

Changes to this policy

If we change anything material, we'll email everyone with an active license at least 30 days before the change. The current version is dated at the top.

Contact

Privacy or data requests (deletion, export, questions about this policy): [email protected]. General product questions: [email protected].