Privacy
Plain-language privacy policy.
No dark patterns.
This page is a complete answer to the question "what does Viably do with my data?" Effective May 2026. We update it when something material changes and post a release note when we do.
For the technical retention windows + collection-level audit, see the engineering doc /security (which mirrors the same TTL contracts the database actually enforces).
What we collect
Only what's needed to make the app work for you. Each item below is editable in-app, exportable on request, and deletable.
Account & profile
Email, hashed password (bcrypt, 12 rounds), display name, timezone, household composition (adult/child counts only — no names, dates of birth, or relationships).
Financial inputs you enter
Workplace records, pay rules, shifts, bills, debts, goals, ZIP code(s), and other financial data you explicitly add. This is the data we exist to crunch — without it the app does nothing.
Uploaded documents (Pro)
Pay statements, bank statements, receipts you upload for OCR. Documents are preprocessed by Viably, sent to the configured Gemini OCR model for extraction, and can be deleted individually or in bulk.
Authentication metadata
Per-device session records (IP, user-agent, last-seen) so you can review and revoke them from /settings/security. Optional TOTP secret and/or registered passkey credentials.
Audit log (security events)
Login attempts, MFA enrollments, password changes, billing transitions, account deletion. Retained 365 days for security review (you can request your full log via support).
What we never collect
The list below is a commitment, not a default. Verify in your browser devtools Network tab — we don't load any third-party tracking scripts.
- ·Names, ages, or relationships of household members.
- ·Government identifiers (SSN, ITIN, driver license).
- ·Bank account / routing numbers (we never connect to your bank — you upload statements you choose).
- ·Browsing history outside the Viably app.
- ·Third-party tracking pixels (no Facebook, no LinkedIn, no Quora — verify in your devtools Network tab).
- ·Cross-site tracking cookies. Auth cookies are first-party, HttpOnly, Secure, and SameSite=None for supported app domains.
- ·Behavioural advertising signals. We do not advertise on your data.
Who we share with
Named subprocessors, all listed below. Each one has a narrow, named role — payments, email delivery, optional sign-in, transit, or document OCR. We do not sell, rent, or trade your data with anyone.
Stripe
Privacy policy →Payment processing only.
Email, billing address (if you provide one), Stripe customer ID. We never see or store your card number — Stripe-hosted Checkout collects it directly.
Resend
Privacy policy →Transactional email delivery (verification codes, password resets, billing receipts).
Email address + the rendered email body. No bulk marketing — we don't operate a mailing list.
Google OAuth (optional)
Privacy policy →Sign-in only, if you choose Google as your auth method.
Your Google email + the OAuth-scoped userinfo Google chooses to share. We do not request Drive, Calendar, or Gmail scopes.
Cloudflare
Privacy policy →CDN + DDoS protection. Sees every request.
IP, user-agent, request URL. Cloudflare's role is purely transit; they do not retain your application data.
Gemini OCR
Privacy policy →Document OCR and statement parsing when you upload files for extraction.
Document text and page images needed to extract pay, receipt, and statement fields.
How long we keep things
Most data either auto-deletes on a schedule (TTL) or sticks around until you delete your account. Engineering enforces these at the database layer — see /security.
| Audit logs (security events) | 365 days, then auto-deleted. |
| In-app notifications | 90 days, then auto-deleted (30 days post-dismissal if you dismiss earlier). |
| Marketing-funnel analytics | 90 days, anonymous (visitor_id is a client-generated UUID, not your account). |
| Auth artifacts (OTP codes, password reset, MFA challenges) | 5 minutes to 1 hour depending on the artifact. |
| Brute-force lockout state | 1 hour after the lockout fires. |
| Session records | 24 hours (default) or 30 days (if you check 'remember me'). |
| Account & financial data you enter | Indefinite while your account is active — deleted on account deletion. |
| Payment-transaction ledger | Retained per accounting requirements + mirrored by Stripe. |
Your rights
Whether or not your jurisdiction (GDPR, CCPA, PIPEDA, etc.) requires it, you can do all of the following with one click in-app or one email to support.
Export your data
Request a full export of every record we hold about you (JSON + CSV bundle). 5-business-day turnaround.
Delete your account
Settings → Account → Delete. Cascading hard delete: every personal record removed within seconds. Audit-log entries are preserved (anonymised) for the 365-day security window, then auto-purged.
Correct your data
All financial fields are user-editable in-app. For account email/billing details, contact support.
Opt out of analytics
Toggle in Settings → Privacy disables landing-funnel telemetry on your device. (The collection auto-purges in 90 days regardless.)
Need to delete your data right now?
If you have an account: go to Settings → Security → Delete account— the cascade runs immediately.
If you don't have an account but think we have data on you (e.g. you submitted feedback or signed up and never confirmed), email privacy@viably.app with the email you used and we'll delete it within 5 business days.
Children
Viably is not directed at children under 16 and we do not knowingly collect data from them. If you believe we have, email privacy@viably.app and we'll delete it.
International transfers
We host in the United States. If you access Viably from outside the US, your data is transferred into and processed in the US. We use Cloudflare for transit (TLS 1.3 only) and store at rest with AES-256 encryption.
Changes to this policy
We post material changes 30 days in advance via in-app notification + an entry in our public release notes. Minor edits (typo fixes, link updates, restructuring without changing substance) we just commit and update the effective date.
Contact
Questions about this policy or about your specific data: privacy@viably.app. Security incidents: security@viably.app.
Trust, then verify
The privacy commitment is real.
The product is too.
Run your audit Free. No credit card. Account creation requires only an email.