Legal

Privacy Policy

How ReservWise handles your data, your money information, and your rights as a customer.

Last updated: April 26, 2026 · Effective: April 26, 2026

ReservWise, Inc. ("ReservWise," "we," "us") provides cashflow software for entrepreneurs with variable income. Privacy is foundational to that promise — your financial data should help you run your business, not anyone else's. This policy describes what we collect, why, how we secure it, and what you can do about it.

1. What we collect

Account and profile

  • Name, work email, password (hashed), and business type you provide at signup.
  • Authentication metadata when you log in (timestamps, IP, browser fingerprint) for security audit logs.

Financial data you connect or enter

  • Income events, expenses, invoices, reserve targets, owner-draw plans, tax estimates, and any notes you record.
  • Bank account metadata and transaction history when you connect an institution via Plaid. We never store your bank credentials — Plaid manages those tokens on our behalf.
  • Receipt photos and voice notes processed for automatic transaction parsing. Images and audio are sent to our AI provider (OpenRouter) for parsing only and not retained outside the request lifecycle.

Usage and product analytics

  • Page views, feature interactions, and error events. Aggregated and de-identified where reasonably possible.

2. How we use your data

  • To run the product: build forecasts, fund reserves, parse transactions, generate invoices, surface AI guidance.
  • To operate the business: process payments, send service emails, support requests, and security notifications.
  • To improve ReservWise: anonymized analytics on which features get used and where users hit friction.

We do not sell your data, ever. We do not share your data with advertisers or marketing networks.

3. Where it lives

ReservWise runs on Hostinger VPS infrastructure for application data and Vercel for the marketing site. Bank transactions move through Plaid. Payments are handled by Stripe. AI features call OpenRouter. Each of these vendors has their own security and privacy posture; we list them publicly so you can audit the chain.

4. Security

  • All traffic to and from app.reservwise.com uses TLS 1.2+ via Let's Encrypt.
  • Plaid access tokens are stored in encrypted form (envelope encryption rolling out as part of our production hardening track).
  • Database backups are encrypted at rest. Application secrets are kept in environment configuration, never in source control.
  • We log authentication and significant account events for security audit. Logs are retained 90 days.
  • We are in the process of formalizing SOC 2 Type II controls — see the Security page for current status.

5. Your rights

  • Access: request a copy of any data we hold about you, in a portable format.
  • Correction: update or correct any inaccurate data through the app or by emailing support.
  • Deletion: close your account and request full data deletion. We honor this within 30 days, except where retention is required by law.
  • Portability: export every report, invoice, and reserve record as CSV or PDF at any time.

6. Cookies and tracking

ReservWise uses essential cookies for authentication and a minimal set of first-party analytics cookies. We do not use third-party advertising cookies or cross-site trackers. You can clear them at any time without losing account access.

7. Children's data

ReservWise is built for adult business operators. We do not knowingly collect data from anyone under 18.

8. Changes to this policy

When we make material changes, we notify customers by email and post the updated policy here with a new "last updated" date. Continued use after a change means acceptance.

9. Contact

Questions, requests, or concerns: privacy@reservwise.com. For security disclosures, use security@reservwise.com.