Back to home

Privacy Policy

Last updated: 10 February 2026

Our commitment to your privacy

Netsum is built on the principle that your financial data is yours alone. We don't sell your data, we don't show you ads, and we don't use third-party tracking scripts. This privacy policy explains exactly what data we collect, why we need it, and how we protect it.

What we collect

Account information

  • Email address: Required for account creation and login
  • Password: Securely hashed, never stored in plain text
  • Name: Optional, only if you choose to provide it

Financial data

  • Assets and liabilities: Account names, values, currencies, and categories you manually enter
  • Historical snapshots: Records of your net worth over time
  • Notes and tags: Any additional information you choose to add

Payment information (Premium subscribers)

  • Billing details: Processed and stored by Stripe (our payment processor)
  • Payment method: Card type and last 4 digits (e.g., Visa ending in 1234)
  • Billing address: Required for payment processing
  • Card details: Never stored on our servers. Stripe handles all sensitive payment information.

Usage data

  • Login activity: When you access your account
  • Feature usage: Which parts of the app you use (anonymized)
  • Device information: Browser type and operating system (for compatibility)

What we DON'T collect

  • Bank credentials: We never ask for or store your banking login details
  • Bank connections: We don't connect to your bank accounts
  • Tracking cookies: No third-party advertising or tracking scripts
  • Personal identification: No national insurance numbers, addresses, or phone numbers
  • Behavioral profiling: We don't build profiles of your spending habits for marketing

How we use your data

We use your data for one purpose only: to provide you with the Netsum service.

  • ✓ Display your financial dashboard
  • ✓ Calculate your net worth and trends
  • ✓ Send you essential account emails (password resets, security alerts)
  • ✓ Improve the product based on anonymized usage patterns
  • ✓ Provide customer support when you contact us

We will never sell your data to third parties, show you targeted ads, or share your information with advertisers.

How we protect your data

Infrastructure security

  • SOC 2 certified hosting: Your data is stored on SOC 2 Type II certified infrastructure
  • Database encryption: All data is encrypted at rest using industry-standard protocols
  • HTTPS only: All data transmission is encrypted using TLS 1.3
  • Regular backups: Automated daily backups stored securely

Application security

  • Password hashing: Passwords are hashed using bcrypt with salt
  • Row-level security: Database policies ensure users can only access their own data
  • Regular security audits: We monitor for vulnerabilities and apply patches promptly

Data retention and deletion

Your data belongs to you. You can export or delete it at any time.

  • Export: Download all your data as CSV files from your account settings
  • Deletion: Delete your account and all associated data from your account settings
  • Retention: When you delete your account, all personal and financial data is permanently removed within 30 days
  • Backups: Deleted data is removed from backups within 90 days

Third-party services

We use a minimal set of trusted third-party services to operate Netsum. Each service has been carefully selected for privacy and security compliance:

PostHog (Analytics)

Purpose: Privacy-friendly analytics to understand how Netsum is used and improve user experience.

Data collected: Page views, feature usage, button clicks, time on page. Configured with person_profiles: 'identified_only' to minimize tracking. When you create an account, usage data is associated with your account to help us provide better support and product improvements.

Data location: EU-hosted (https://eu.i.posthog.com). GDPR compliant.

View PostHog Privacy Policy

Vercel Analytics

Purpose: Privacy-friendly web analytics (page views, performance metrics).

Data collected: Aggregated page views, Web Vitals performance data. No cookies, no personal data, no cross-site tracking.

Data location: Global CDN with EU data centers.

View Vercel Analytics Privacy Policy

Resend (Transactional Email)

Purpose: Send essential account emails (password resets, security alerts, billing notifications).

Data shared: Your email address and name (if provided) to deliver account-related emails. No marketing emails, no third-party sharing.

Data location: US-based with SOC 2 Type II certification. GDPR-compliant data processing agreement in place.

View Resend Privacy Policy

Stripe (Payment Processing)

Purpose: Process Premium subscription payments securely.

Data shared: Email address, billing details, and non-sensitive payment method references (for example card brand and last 4 digits), plus Stripe customer and payment method IDs. Card details are entered directly into Stripe and card numbers or security codes never touch or are stored on our servers.

Security: PCI DSS Level 1 certified (highest security standard for payment processing). Stripe uses bank-level encryption and security.

Data location: Global infrastructure with EU data residency options. GDPR compliant.

View Stripe Privacy Policy

Database Hosting

Infrastructure: SOC 2 Type II certified database hosting in the EU. All data encrypted at rest and in transit.

What we don't use: Google Analytics, Facebook Pixel, advertising networks, data brokers, or any third-party tracking platforms. We never sell your data to third parties.

Cookies

We use minimal cookies to provide essential functionality and privacy-friendly analytics:

Essential cookies (required)

  • Authentication cookie: Keeps you logged in to your account
  • Session cookie: Maintains your session state and preferences

Analytics cookies (optional)

  • PostHog analytics: Stores anonymous session data to track page views and feature usage. You can opt out by enabling "Do Not Track" in your browser or by disabling JavaScript.

What we don't use: Advertising cookies, tracking cookies for marketing, third-party analytics cookies (like Google Analytics), or cookies that track you across websites. Vercel Analytics operates without any cookies.

Your rights (UK GDPR)

Under UK GDPR, you have the following rights:

  • Right to access: Request a copy of all data we hold about you
  • Right to rectification: Correct any inaccurate data (you can do this directly in-app)
  • Right to erasure: Delete your account and all data
  • Right to data portability: Export your data in a machine-readable format (CSV)
  • Right to object: Object to processing of your data (contact us at support@netsum.app)

To exercise any of these rights, email us at support@netsum.app

International data transfers

Your data is stored on servers located in the European Union. If you access Netsum from outside the EU/UK, your data may be transferred internationally. We ensure all transfers comply with UK GDPR requirements through appropriate safeguards.

Children's privacy

Netsum is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we'll notify you by email at least 30 days before the changes take effect. Continued use of Netsum after changes constitutes acceptance of the updated policy.

Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: support@netsum.app

Privacy-first financial tracking

Try Netsum