Privacy Policy

Last updated: January 2026

Introduction

Less Panic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our bill tracking service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely using bcrypt hashing)
  • Name (optional)
  • Timezone preference

Financial Information

When you use Less Panic, you may provide:

  • Account names and balances
  • Recurring bill and income routines
  • Category selections

Important: We never store your bank login credentials. If you connect banks through LunchMoney or Plaid (coming soon), authentication happens directly with your bank, and we only receive secure access tokens.

Integration Data

If you connect third-party services:

  • LunchMoney: We receive account balances and transaction data via your API key
  • Plaid (coming soon): We will receive account balances and transaction data (used for lineup matching)

Email Forwarding

If you use email forwarding for bill extraction:

  • Emails are received via Cloudflare Email Workers and forwarded to our secure servers
  • We extract: sender address, subject line, and email body (HTML and text)
  • Attachments are discarded and never stored
  • Emails are stored for 14 days then permanently deleted
  • Your unique forwarding address cannot be changed once you receive your first email

Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns (features used, time spent)
  • Analytics data via Google Analytics (pages visited, time on site, referral sources) - marketing site only

How We Use Your Information

We use your information to:

  • Provide and maintain the Less Panic service
  • Process your recurring bills and transfers
  • Sync with connected financial accounts
  • Send service-related notifications
  • Improve our service and develop new features
  • Respond to your requests and support inquiries
  • Protect against fraud and unauthorized access

Information Sharing

We do not sell your personal information. We may share information with:

  • Service providers: Companies that help us operate (e.g., Stripe for payments, Plaid for bank connections)
  • Analytics: Google Analytics for marketing site usage analysis
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

Data Security

We implement industry-standard security measures:

  • Passwords are hashed using bcrypt
  • Integration credentials are encrypted at rest
  • All data transmitted over HTTPS
  • CSRF protection on all forms
  • Rate limiting on sensitive operations
  • Two-factor authentication available

Data Retention

We retain your data for as long as your account is active. If you delete your account, your data is permanently removed after a 7-day recovery period.

Your Rights

You have the right to:

  • Access your personal data
  • Request an export of your data (contact [email protected])
  • Correct inaccurate data
  • Delete your account and data
  • Disconnect third-party integrations at any time

Cookies

We use essential cookies for authentication and session management. Our marketing site uses Google Analytics cookies to understand how visitors find and use our website. We do not share data with advertising networks.

You can opt out of Google Analytics by using our cookie preferences banner or by installing the Google Analytics Opt-out Browser Add-on.

Children's Privacy

Less Panic is not intended for users under 18 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the service.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

[email protected]