← Back

Privacy Policy

Effective date: May 6, 2026

This Privacy Policy explains how Frazier Digital (“Frazier Digital,” “we,” “us,” or “our”) collects, uses, and shares information when you use CASH Basis AI (the “Service”), including our website, web application, and mobile applications. By using the Service, you agree to the collection and use of information in accordance with this Policy.

1. Information we collect

We collect the following categories of information:

  • Account information. Name, email address, and profile information returned by your authentication provider (e.g., Google) when you sign in. We do not see or store your password when you authenticate with a third party.
  • Business profile. Business name, entity type, industry, and other information you provide during onboarding or in Settings.
  • Financial data. Bank and credit card account metadata, transactions, balances, merchant names, and category information imported via Plaid; receipts and documents you upload; and any transactions, accounts, or notes you enter manually.
  • Tax inputs. Filing status, state, dependents, W-2 income, withholding amounts, and any quarterly estimated tax amounts you enter.
  • AI interaction data. Chat messages, voice recordings (when you use voice input), and AI-generated responses including audio recap scripts and audio files.
  • Billing information. Subscription tier, billing cycle, and payment status. Card and bank-payment details are collected and stored by our payment processor (Stripe); we never see or store full card numbers.
  • Usage and device data. Pages visited, features used, AI model call counts, IP address, browser and device type, operating system, and error logs.
  • Cookies and local storage. Session cookies for authentication, a cookie identifying your active company, and local-storage values that remember your preferences.

2. How we use your information

We use your information to:

  • Provide, operate, and maintain the Service;
  • Sync, categorize, and analyze your financial transactions, including using AI to suggest categories and answer questions about your finances;
  • Compute estimated tax liabilities, generate financial reports, and produce audio recaps;
  • Process subscription payments and manage your account and billing relationship;
  • Send transactional messages (account notices, billing receipts, security alerts, support replies);
  • Detect, investigate, and prevent fraud, abuse, and security incidents;
  • Improve the Service, including evaluating model quality and debugging errors;
  • Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your financial data, chat messages, or voice recordings to train third-party AI models, and our agreements with our AI providers prohibit them from doing so.

3. AI processing

The Service uses third-party large-language-model providers (currently xAI) to categorize transactions, answer questions in chat, generate audio recap scripts, and produce text-to-speech audio. When you use these features, the relevant content (transaction text, merchant names, your chat messages, or your voice recordings) is transmitted to the provider on a per-request basis under a commercial agreement that prohibits the provider from retaining your content for training. You can disable AI categorization in Settings; chat and voice features are used only when you choose to use them.

4. How we share information

We share information only with the third-party service providers listed below, and only to the extent necessary to deliver the Service. We do not sell, rent, or trade your personal information.

  • Plaid Inc. — bank account linking and transaction sync. Plaid collects the credentials you provide to connect a financial institution and shares account metadata, balances, and transaction data with us. Plaid's use of your information is governed by Plaid's End User Privacy Policy.
  • Stripe, Inc. — subscription billing and payment processing. Stripe collects your name, email, billing address, and payment method directly. We receive subscription status, plan, and limited transaction metadata. Stripe's use of your information is governed by Stripe's Privacy Policy.
  • xAI Corp. — AI categorization, chat, voice transcription, and text-to-speech. We send only the content needed for the request (transaction text, your chat message, or your voice audio). Per our agreement, xAI does not retain or train on this content.
  • Supabase, Inc. — database hosting, authentication, and file storage. All of your account and financial data is stored in a Supabase Postgres instance hosted in the United States.
  • Vercel Inc. — web and API hosting. Vercel processes incoming requests and may log standard web-server metadata (IP address, user agent, request path, response code).
  • Sentry (Functional Software, Inc.) — error monitoring. When the Service encounters an error, a stack trace and limited request context (URL, user ID, browser) may be sent to Sentry to help us diagnose and fix the issue. Personally identifying form input is not sent.
  • Resend, Inc. — transactional email delivery (account notices, billing receipts, support replies).
  • Apple, Inc. and Google LLC — mobile app distribution and, if you sign in with Google, identity verification. These providers handle your information under their own privacy policies.

We may also disclose information when required by law, in response to a valid subpoena or court order, to enforce our agreements, to protect the rights, property, or safety of Frazier Digital, our users, or others, or in connection with a merger, acquisition, financing, or sale of all or part of our business (in which case the recipient will be bound by privacy commitments at least as protective as this Policy).

5. Data storage and security

Your data is stored in our Supabase Postgres database, hosted in the United States. Access to your rows is restricted at the database level using row-level security policies so that only your authenticated session can read your data. Data in transit is encrypted using TLS, and data at rest is encrypted by our hosting providers. Audio recap MP3 files are stored in Supabase Storage and served via short-lived signed URLs that expire after one hour.

No system is perfectly secure. We work hard to protect your information but cannot guarantee its absolute security. If we learn of a security incident that affects your information, we will notify you in accordance with applicable law.

6. Data retention

We retain your account and financial data for as long as your account is active so that the Service works. After you delete your account, we remove your data from our active database within 30 days. Encrypted database backups are retained for up to 90 days before being overwritten. We may retain limited records longer where required by law (for example, billing records for tax and audit purposes).

Anonymized vendor-to-category mappings (Community Vendor Intelligence) may be retained indefinitely with no link back to your account or identity, and are used to improve categorization quality for all users.

7. Your rights and choices

You may exercise the following rights:

  • Access. Request a copy of the personal data we hold about you.
  • Export. Download your transactions to Excel from the Reports page. A full account export is available on request.
  • Correction. Edit any data field directly in the app, or contact us if a correction cannot be made in-product.
  • Deletion. Delete your account at any time from Settings, or by contacting us. Deletion removes your data from our active database within 30 days; backup retention follows the schedule above.
  • Withdrawal of consent. Disconnect Plaid accounts, disable AI categorization, opt out of audio recaps, or close your account at any time.

To exercise any of these rights, email thefrazierdigital@gmail.com. We will respond within 30 days. We do not discriminate against you for exercising any of your rights.

8. California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you the following additional rights:

  • The right to know the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it (all described in Sections 1 through 4 above);
  • The right to request deletion of your personal information;
  • The right to correct inaccurate personal information;
  • The right to limit our use and disclosure of sensitive personal information to the purposes necessary to provide the Service;
  • The right to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising. We do not sell or share personal information for cross-context behavioral advertising;
  • The right to non-discrimination for exercising any of these rights.

To exercise these rights, email thefrazierdigital@gmail.com. We may need to verify your identity before responding, typically by confirming you control the email address on the account.

9. Cookies and local storage

We use first-party cookies and browser local storage for:

  • Authentication. Session cookies set by Supabase to keep you signed in.
  • Active company. A non-HTTP-only cookie that remembers which of your companies (if you have more than one) is currently active.
  • UI preferences. Local-storage values that remember your dashboard layout, model selection, theme, and audio playback speed.

We do not use third-party advertising cookies or cross-site-tracking pixels.

10. Children's privacy

The Service is intended for use by adults age 18 and older and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us at thefrazierdigital@gmail.com and we will promptly delete the information.

11. International users

The Service is operated from the United States and intended for use by United States residents. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States. United States privacy law may differ from the law of your country of residence.

12. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or via an in-app notice at least 14 days before the changes take effect. The “Effective date” at the top of this page reflects the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

13. Contact us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Frazier Digital
Attn: Privacy
thefrazierdigital@gmail.com