Privacy Policy
Last updated: May 22, 2026
This Privacy Policy explains what information Unburied Talents collects when you use our spending audit service, how we use it, who we share it with, and the choices you have. Unburied Talents ("we," "us," "our") is a sole-proprietor service operated from the United States. If you have questions, email kole@easyawithabby.com.
1. What we collect
From you, directly
- Bank CSV files you upload. These contain transaction dates, descriptions, and amounts. They may also contain account names or card numbers (we do not parse, store, or transmit card numbers).
- Your email address, which you enter on the checkout step so we can deliver your report.
From Stripe
- Payment confirmation only. Stripe handles your card information end-to-end on their hosted Checkout page. We never see your card number, CVC, or billing address.
Automatically, from your browser
- Standard web-server logs (IP address, user agent, request timestamps) for the limited purpose of operating and securing the service. We do not use analytics, advertising trackers, or third-party cookies.
2. How we use your information
- To generate your report. Your CSV files are parsed, categorized, and rendered into the personalized HTML report you receive.
- To deliver your report. Your email is used solely to send the report. We do not send marketing emails. We do not add you to any mailing list.
- To process payment. Your email is shared with Stripe for receipt purposes.
- To secure and operate the service. Web-server logs help us detect abuse and diagnose errors.
3. Retention — how long we keep it
Your uploaded CSV files and the generated report are deleted from our server immediately after the report is successfully emailed to you. In the rare case that report generation or email delivery fails, files may be retained briefly so we can manually retry delivery; in those cases, the files are deleted within 7 days of upload regardless of outcome. Web-server logs are retained for up to 30 days for security and debugging.
We do not maintain a database of customers or transactions. There is nothing to log into and no account to delete because we do not create one.
4. Who we share it with (subprocessors)
We use the following service providers to operate Unburied Talents. Each receives only the data necessary for its function:
- Stripe — payment processing. Receives your email and the payment amount. Stripe is PCI-DSS Level 1 certified. See stripe.com/privacy.
- SendGrid (Twilio) — email delivery. Receives your email address and the rendered report as an attachment. See twilio.com/legal/privacy.
- Anthropic — optional executive-summary generation. Receives anonymized aggregate findings (top category, totals, transaction counts) — no individual transactions, no merchant-level data, no email. Per Anthropic’s commercial terms, this data is not used to train their models. See anthropic.com/legal/privacy.
- Our hosting provider — the server that runs the application. The provider does not access your data; it stores it transiently per the retention policy above.
We do not sell, rent, or trade your personal information to anyone, for any purpose, ever.
5. How we protect it
- All data travels between your browser and our server over HTTPS with TLS.
- Payment information is handled entirely by Stripe; we hold no card data.
- Server access is restricted to the operator.
- Files are deleted as described in Section 3, minimizing the window during which any data exists on disk.
No system is perfectly secure. If we ever experience a security incident affecting your data, we will notify affected users by email as soon as practicable.
6. Your rights
Depending on where you live, you may have the following rights regarding your personal information:
- Right to know what we have about you.
- Right to delete any data we hold.
- Right to correct inaccurate information.
- Right to opt out of any sale or sharing of personal data (we don’t sell or share — this is moot for our service, but the right exists).
- Right to non-discrimination for exercising any of the above.
To exercise any of these rights, email kole@easyawithabby.com with the subject line "Privacy Request." Because we do not maintain customer accounts, requests will typically be resolved by confirming we hold no data about you. We will respond within 30 days.
7. California residents (CCPA / CPRA)
California residents have the rights described in Section 6, including the right to know what categories of personal information we collect (financial information from CSV uploads, contact information in the form of an email address, internet activity from web logs), the right to delete that information, and the right to non-discrimination. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.
8. EU and UK residents (GDPR)
If you are located in the European Economic Area or the United Kingdom, our legal basis for processing your information is the performance of a contract (delivering the report you purchased) and our legitimate interest in operating and securing the service. You have the right to lodge a complaint with your local data protection authority. We process and store data on servers located in the United States.
9. Children
This service is not directed to children under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be highlighted on the site.
11. Contact
Privacy questions, requests, or concerns: kole@easyawithabby.com