Privacy
Privacy Policy
Plain-English version: your financial data lives on your PC. We never see it, store it, or analyze it. We do collect the minimum needed to provision your private subdomain and bill you. This page is the precise legal version of that promise.
Last updated: May 21, 2026
What we deliberately don't collect
Your bank account balances, transactions, credit card numbers, retirement account values, net worth, cash flow, debt amounts, real estate values, business income — none of this is sent to us. These all live in plain files on your computer. We have no copy. We could not produce one if subpoenaed, sold, or breached. This is the whole point of GlidePath Money.
We also don't collect:
- Bank credentials (passwords, MFA secrets, security questions) — we never ask
- Plaid, Yodlee, or any other aggregator-style integration data — we don't use those services
- Browsing history, clipboard contents, screen recordings, or any telemetry from the installed app
- Crash dumps with your data attached — the optional crash report excludes anything from your DataFolder
What we do collect
The minimum needed to operate the service:
- Your email address — used as your license identifier and as the destination for the 6-digit sign-in code that grants phone access via
bridge.glidepathmoney.com - Your chosen subdomain (e.g.,
johnforjohn.glidepathmoney.com) — provisioned at Cloudflare - A license key we generate and email you — used to authenticate the installer
- Payment information — handled entirely by Stripe; we never see your card number. We see only what Stripe shares with us (last 4, country, transaction status)
- Cloudflare resource IDs for the tunnel, DNS record, and Access policy we create for you — used to deprovision cleanly if you cancel
- Optional feedback you submit via the in-app Feedback button — content you choose to send us, and your email if you want a reply
- Optional crash reports if you click "send report" on an error page — stack trace, app version, page URL. Excludes data folder contents.
What gets emailed (and where it goes)
We use Resend (resend.com) as our outbound email provider for sending welcome notes, license keys, and operational replies. Resend sees the email body in transit but does not retain it. Our domain SPF/DKIM records are configured per Resend's standard setup.
Inbound mail to hi@glidepathmoney.com is routed by Cloudflare Email Routing to a forwarding address. Cloudflare may scan for spam; the routing rule does not store the content beyond what's needed to forward.
Email inbox feature (optional, opt-in)
If you choose to use the email-forward feature, each customer gets a private address like yourname-inbox@glidepathmoney.com. Mail sent there is handled by a Cloudflare Email Worker that does three things, in order:
- Logs metadata — sender, subject, timestamp, the body — to our Cloudflare D1 database. This is transient: the body field is purged the moment parsing completes.
- Calls Anthropic's Claude Haiku API to extract structured transactions (date, amount, merchant, last 4 of the card) from the body. Anthropic processes this content per their commercial API privacy commitments; they do not train on API traffic.
- Writes the extracted transactions to a per-customer queue. Your app polls the queue with your license key, writes the transactions to your PC, and acknowledges receipt — at which point we drop the queued rows from our side too.
Net effect: email content lives on our infrastructure for the seconds it takes to parse, never longer. Extracted transactions live in the queue only until your app picks them up. Don't use the feature and nothing reaches us. The in-app /EmailInbox page is the on/off switch on your end.
Tunneled remote access
Your dashboard URL (e.g. john.glidepathmoney.com) terminates at Cloudflare's edge and tunnels back to your PC via the Cloudflare Tunnel running locally. Cloudflare sees your encrypted traffic in transit; the traffic content is decrypted on your PC only. We have access to logs that show that requests happened (timestamps, source IPs, response codes) but not what was in them.
Phone sign-in goes through bridge.glidepathmoney.com, a tiny proxy we run on Cloudflare Workers. It accepts your email, mails you a one-time 6-digit code via Resend, sets a session cookie when you verify, and then forwards your requests to your subdomain with a Cloudflare service-token credential injected — so you don't need a Microsoft or Google account, and we don't pay per-seat identity-provider fees that would force us to charge you more. The proxy sees request URLs and response status codes in transit (same as the underlying tunnel) and never the dashboard content itself.
Where things are stored
| Data | Where it lives | Retention |
|---|---|---|
| Your financial data | Your PC's DataFolder | Until you delete it |
| License key + email + subdomain + Cloudflare IDs | Cloudflare D1 (our database) | Until you cancel + 30 days |
| Payment records | Stripe | Per Stripe's retention policy (≈ 7 years for tax) |
| Feedback submissions | Cloudflare D1 | Until you ask us to delete |
| Crash reports (opt-in) | Cloudflare D1 | 90 days then auto-deleted |
| Inbound email bodies (opt-in) | Cloudflare D1 | Purged the moment parsing completes (typically seconds) |
| Parsed transactions (opt-in) | Cloudflare D1 | Until your app picks them up via /inbound (typically < 5 min) |
| Tunnel + Access logs | Cloudflare | Per Cloudflare's standard log retention (≈ 30 days) |
Your rights
- Request deletion. Email hi@glidepathmoney.com. We delete your customer record + Cloudflare resources within 7 days, except payment records we're legally required to keep (Stripe).
- Request a data export. Same email. We send back the exact contents of your customer row + any feedback you submitted. (Your financial data is on your PC; we have nothing to export.)
- Disable optional collection. The in-app Feedback button and crash-reporter are off unless you click them. You can use the entire product without ever sending us a single byte beyond the license check.
GDPR / CCPA
We don't currently serve EU or California customers, but the principles above apply regardless. Right to access, right to deletion, right to data portability — covered by the email path above.
Cookies + analytics
The marketing site (glidepathmoney.com) uses no analytics, no cookies beyond what's strictly necessary, no fingerprinting, no ad-tech. The installed app sets a few first-party cookies for sign-in session state (Cloudflare Access); those don't leave your tunnel.
Changes to this policy
If we change anything material, we'll email everyone with an active license at least 30 days before the change. The current version is dated at the top.
Contact
Questions about anything on this page: hi@glidepathmoney.com.