Privacy Policy

Casper ("we," "us," or "our") operates the website at casperapp.us and related services (collectively, the "Service"). Casper is a personal finance intelligence platform that helps consumers detect subscriptions, monitor pricing changes, and recover overcharges.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and handling your data transparently.

2.1 Account Information

When you create an account, we collect your email address, name (if provided), and authentication credentials. If you sign in with Google or Apple, we receive your basic profile information (name, email, profile picture) from those providers.

2.2 Financial Data (via Plaid)

With your explicit consent, we connect to your bank accounts through Plaid, Inc., a third-party financial data aggregator. Through Plaid, we access:

Transaction history (merchant names, amounts, dates, and categories), account balances, and account metadata (institution name, account type).

We use this data solely to detect recurring subscriptions, identify pricing patterns, and power our financial optimization features. We never store your bank login credentials — Plaid handles authentication directly.

2.3 Email Data (via Gmail API)

With your explicit consent, we access your Gmail account in read-only mode to scan for receipts, subscription confirmation emails, and billing notifications. Specifically, we access:

Email headers (sender, subject, date) and email body content for messages matching receipt and subscription-related search queries.

We do not read, store, or process any emails unrelated to financial transactions or subscriptions. We do not access your contacts, drafts, sent mail, or any other Gmail data beyond what is described above.

2.4 Usage Data

We collect standard usage information including IP address, browser type, device information, pages visited, and timestamps. This data helps us improve the Service and diagnose technical issues.

We use the information we collect to:

Detect and track your recurring subscriptions and memberships. Monitor prices on products you've purchased and alert you to price drops. Generate and send price-match claims and dispute letters on your behalf. Calculate your spending patterns and provide financial insights. Authenticate your identity and maintain your account security. Communicate with you about your account, alerts, and Service updates. Improve, personalize, and optimize the Service.

We do not sell your personal information. We do not use your financial data for advertising. We do not share your data with advertisers or data brokers.

Casper's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we only request the gmail.readonly scope. We use this access exclusively to search for and parse receipt emails and subscription billing notifications. We do not use Gmail data for advertising, and we do not allow humans to read your emails unless you explicitly ask us to debug an issue and grant permission.

We implement industry-standard security measures to protect your data:

All OAuth tokens (Google, Plaid) are encrypted at rest using AES-256-GCM with unique initialization vectors. Authentication uses RS256 JSON Web Tokens with rotating refresh tokens and reuse detection. Passwords are hashed using bcrypt with a cost factor of 12. All data is transmitted over HTTPS/TLS. Our database is hosted on Neon PostgreSQL with encrypted connections. We follow the principle of least privilege for all data access.

While no method of transmission or storage is 100% secure, we strive to use commercially acceptable means to protect your personal information.

We retain your personal data for as long as your account is active or as needed to provide you with the Service. Transaction data is retained to power ongoing subscription detection and price monitoring. You can request deletion of your account and all associated data at any time (see Section 9).

We use the following third-party services to operate Casper:

Plaid, Inc. — Bank account connection and transaction data. Plaid's privacy policy: plaid.com/legal.
Google LLC — OAuth authentication and Gmail API access. Google's privacy policy: policies.google.com/privacy.
Stripe, Inc. — Payment processing for subscriptions. Stripe's privacy policy: stripe.com/privacy.
Vercel, Inc. — Web application hosting.
Railway — Backend infrastructure hosting.
Sentry — Error monitoring (no PII is included in error reports).

We do not share your financial data with any third parties beyond what is necessary to operate the Service as described above.

We use browser local storage to store your authentication tokens for session management. We do not use tracking cookies, third-party analytics cookies, or advertising pixels.

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate personal data.
Deletion: Request deletion of your account and all associated data.
Portability: Request your data in a machine-readable format.
Revocation: Disconnect your bank or email integrations at any time through your account settings. You can also revoke Gmail access directly at myaccount.google.com/permissions.

To exercise any of these rights, contact us at privacy@casperapp.us. We will respond to all requests within 30 days.

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of your personal information. As stated above, we do not sell personal information.

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@casperapp.us
Website: casperapp.us