Privacy Policy

Last updated: 12 July 2026

Draft notice: this policy accurately describes how the Taupi service currently handles data, but the data-controller details below are placeholders pending company registration. Have this document reviewed by a qualified lawyer before Taupi is publicly launched or submitted to app stores.

1. Who we are

Taupi ("Taupi", "we", "us") is a personal finance management service for residents of Latvia. For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:

Legal entity[Legal entity name — to be registered]
Registration No.[Registration number — pending]
Registered address[Registered address — pending], Latvia
Privacy contactprivacy@taupi.app

2. What data we collect

2.1 Account data

2.2 Financial data you provide

2.3 Data we generate

We do not knowingly collect data from children, and Taupi is not directed at individuals under 16.

3. How we use your data

We do not use your financial data for advertising, and we do not sell your data to third parties.

4. Legal basis for processing

5. AI categorization and data minimization

Before any transaction data is sent to our AI categorization provider (DeepSeek), it passes through a sanitization pipeline that strips IBANs, card numbers, email addresses, phone numbers, and personal ID numbers, and removes legal-entity prefixes from merchant names (e.g. "SIA", "AS"). Only cleaned merchant names and non-identifying transaction metadata are sent for categorization — never your raw bank statement data.

6. Who we share data with

We use the following categories of sub-processors to operate Taupi:

AI provider (DeepSeek)AI-powered transaction categorization, using sanitized data only (see Section 5; international transfer safeguards in Section 7 apply)
Email delivery provider (Brevo)Sending verification, password-reset, and account emails (EU-based, France)
Hosting providerApplication hosting and database storage (EU data center)
File storageTemporary storage of generated export files (PDF/CSV/Excel), automatically deleted after 24 hours

We do not share your data with data brokers, advertisers, or any party for marketing purposes.

7. International data transfers

Our AI categorization provider (DeepSeek) is based outside the European Economic Area, in China. Where data leaves the EEA, we rely on the European Commission's Standard Contractual Clauses (or an equivalent transfer mechanism) to protect it, and only sanitized, non-identifying data is transferred as described in Section 5 — never raw bank statements, names, account numbers, or any other personal identifiers.

8. Data retention

9. Your rights

Under the GDPR, you have the right to:

To exercise any right not available directly in the app, contact us at privacy@taupi.app.

10. Security measures

11. Cookies and local storage

The Taupi web app stores your authentication tokens in your browser's local storage so you stay signed in. We do not use third-party advertising or analytics trackers.

12. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced in the app or by email before they take effect.

13. Contact

Questions about this policy or your data:

privacy@taupi.app