TroutTrout
§ Legal · Privacy policy

How we handle your data.

Last updated · 2026-04-14

Trout ("we", "us") provides an open-source envelope budgeting service. This policy explains what personal data we process when you use the hosted service at trout.money. If you self-host Trout, you are the data controller for your own installation and this policy does not apply to your instance.

1. Data we collect

  • Account data. Name, email address, hashed password, account timestamps.
  • Financial data you enter. Accounts, categories, transactions, budget allocations, rules, investment holdings, notes, tags.
  • Bank-sync data. When you connect a bank, transactions and balances fetched from your institution via GoCardless (Nordigen) Open Banking APIs.
  • Operational data. Server logs (IP, user agent, endpoint, timestamp) for security and debugging. Error reports captured by Sentry.

2. How we use your data

  • To provide and improve the Trout service.
  • To authenticate you and send service-related email (verification, password reset, welcome).
  • To detect and block abuse (brute-force login, spam).

We do not sell your data, do not show advertising, and do not use your financial data to train machine-learning models.

3. Subprocessors

The hosted service relies on these third-party processors:

  • Neon / Supabase — managed PostgreSQL hosting (EU region).
  • Resend — transactional email delivery (verification, password reset, welcome, replies).
  • GoCardless (Nordigen) — Open Banking connectivity when you opt in to bank sync.
  • OpenAI — AI-assisted categorization and chat features (only invoked when you use them).
  • CoinGecko — public crypto price feed (no personal data sent).
  • fxratesapi — public FX rate feed (no personal data sent).
  • Sentry — error and performance monitoring.
  • Plausible — cookie-free, privacy-friendly marketing-page analytics (EU-hosted).

4. Legal basis

We process your data under:

  • Contract — running the service you signed up for (Art. 6(1)(b) GDPR).
  • Legitimate interests — security, abuse prevention, debugging (Art. 6(1)(f) GDPR).
  • Consent — when you opt in to bank sync or AI features (Art. 6(1)(a) GDPR).

5. Your rights

You can, at any time from inside the app (Settings → Data & Privacy):

  • Export all your data as a JSON file.
  • Delete your account and all associated data.

You also have the right to access, rectify, restrict, or object to processing, and to lodge a complaint with your national data protection authority. Email privacy@trout.money for any of the above.

6. Data retention

Account data is retained while your account is active. When you delete your account, all tenant-scoped data is erased from the live database within 24 hours. Backups rotate out within 30 days.

7. International transfers

Primary data storage is in the EU. Some subprocessors (OpenAI, Sentry) may process limited data in the United States under Standard Contractual Clauses and the EU–US Data Privacy Framework.

8. Security

Passwords are hashed with bcrypt. Transport is TLS everywhere. Bank credentials are never stored — authentication uses OAuth consent flows handled by GoCardless. Credential-derived secrets for investment sync are encrypted at rest.

9. Changes

We may update this policy as the service evolves. Material changes will be announced via email at least 14 days before they take effect.

10. Contact

privacy@trout.money