Short version: your data lives in your browser. We see nothing. Below is the long version.
What we collect
When you sign in with Google, we store your name, email address, and profile photo — only to identify you across sessions and within shared workspaces. The financial data you enter is stored in your private workspace database, isolated from all other users.
Encryption
Your financial data is encrypted with AES-256 before it reaches our database. The encryption key is derived from your session and is never stored alongside your data. Even if the database were compromised, the stored ciphertext is unreadable without your key.
Who can see your data
Only you — and people you explicitly invite to your workspace. Nobody else can read your workspace data, including us. We cannot look up or decrypt your financial records even if we wanted to.
What we don't do
We don't sell your data. We don't share it with third parties for any commercial purpose. We don't run ads. We don't use your financial data to train AI models. We don't send marketing emails without your opt-in.
Third-party services
Three services are involved in running Stand:
- Google OAuth — handles sign-in. We receive only the identity token; we never see your Google password.
- Upstash Redis — stores your encrypted workspace data.
- Vercel Analytics — anonymous page view counts only. No cookies, no personal data, no individual-level tracking.
Data deletion
You can request full deletion of your account and workspace data at any time by emailing us. We will permanently delete all records within 7 days of the request.
If anything changes
If we ever change how your data is handled, this page will be updated and all registered users will be emailed before anything takes effect. No silent changes, ever.