Arlo

Privacy Policy

Last updated: June 2025

What We Collect

  • Account information — your name and email address when you create an account
  • Transaction data — merchant names, amounts, and dates from CSV files you choose to import
  • Financial profile — optional figures you enter manually (salary, balances, net worth) to improve analysis
  • Usage data — basic logs to keep the service running and secure

What We Do Not Collect

  • • Bank account numbers or routing numbers
  • • Credit or debit card numbers
  • • Banking login credentials of any kind
  • • Social Security numbers
  • • Raw bank statement PDFs or unprocessed bank exports

Arlo never connects to your bank accounts. You export data yourself from your bank and choose what to share.

How We Use Your Data

Your data is used solely to provide Arlo's service to you:

  • • Categorizing transactions using keyword matching and AI analysis
  • • Displaying spending summaries, charts, and trends in your dashboard
  • • Answering your financial questions through the AI chat
  • • Storing your financial profile to improve analysis accuracy

We do not use your data for advertising, do not sell it to third parties, and do not use it to train AI models.

AI Processing — What Goes to Anthropic

Arlo uses Claude, developed by Anthropic, to categorize transactions and power the chat assistant. When you import transactions or ask Arlo a question, scrubbed transaction data is sent to Anthropic's API:

  • Sent: Cleaned merchant names, amounts, dates, and transaction categories
  • Not sent: Raw bank descriptions, account numbers, card numbers, or personal identifiers

Anthropic processes this data under their own Privacy Policy. Anthropic does not use API data to train their models.

We apply data minimization — for general financial education questions that don't require your personal data, we do not send your transaction history to Anthropic.

Data Storage and Security

Your data is stored in Supabase, a cloud database provider with SOC 2 Type II certification. All data is encrypted in transit (TLS) and at rest. Row-level security policies ensure that each user can only access their own data — even at the database level, cross-user data access is technically prevented.

Arlo is hosted on Vercel, which provides automatic HTTPS and DDoS protection.

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to know — what personal data we collect and how we use it (described in this policy)
  • Right to delete — request deletion of your personal data (available in Settings)
  • Right to opt out of sale — we do not sell your personal information to third parties
  • Right to non-discrimination — we will not discriminate against you for exercising these rights

We do not sell or share your personal information. To exercise any of these rights, contact us at hello@heyarlo.ai.

Third-Party Services

  • Supabase — authentication and database storage
  • Anthropic — AI processing for categorization and chat
  • Vercel — application hosting

These are the only third parties with access to any portion of your data, and only to the extent necessary to provide the service.

Your Rights

  • Access — your data is visible to you in the dashboard at all times
  • Export — download a complete copy of all your data from Settings → Download my data
  • Delete — delete all your data instantly from Settings → Delete all my data

Data Retention

Your data is retained as long as your account is active. When you delete your account or use the "Delete all my data" feature, your data is permanently removed from our systems within 30 days.

Children's Privacy

Arlo is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us immediately.

Contact

Privacy questions or requests: hello@heyarlo.ai

Terms of ServiceSign in