Privacy Policy
Who we are
Maaser Tracker (the “Service”) is operated by BizzAssist Inc. (“we”, “us”, “our”). The Service helps you track tithing (ma'aser) on your income and donations.
If you have any questions about this policy or how we handle your information, contact us at [email protected].
Information we collect
We collect the minimum information needed to give you a useful maaser tracker:
- Account information — your email address, your display name, and a hashed (PBKDF2) version of the password you choose. We never store plain-text passwords.
- Financial information you give us — the income and donation transactions you enter manually, upload via CSV, or (in the future) connect through a third-party aggregator such as Plaid. This includes amounts, dates, memos, and account labels.
- Operational data — session tokens (random opaque values stored in our database), one-time codes (hashed) used for email verification and two-factor authentication, and logs that include IP addresses for rate-limiting and abuse prevention.
- Contact messages — if you use the “Contact us” form on our website, the name, email, optional phone number, and message you submit, so we can reply to you.
We do not sell your personal information. We do not show third-party advertising in the Service.
How we use your information
- To provide the Service: storing transactions, computing maaser balances, sending verification and security codes.
- To keep your account secure: rate-limiting sign-in attempts, detecting abuse, and authenticating sensitive actions with one-time codes.
- To communicate with you about your account (verification, password resets, security alerts).
- To comply with legal obligations.
Bank-linking via Plaid (when enabled)
If you choose to connect a bank or financial account using Plaid, you will authorize Plaid to share data from that institution with us on your behalf. We receive only the data Plaid permits and you authorize — typically transactions, account names, and balances. We use that data only to populate your maaser inbox and to compute your maaser totals.
Plaid's own handling of your data is governed by Plaid's end-user privacy policy. You can revoke our access to your bank data at any time from within Maaser Tracker or from Plaid's consumer portal at my.plaid.com.
Service providers we share data with
To run the Service we rely on a small number of subprocessors:
- Cloudflare — hosting (Workers), database (D1), and key-value storage (KV). Data at rest is encrypted by Cloudflare's platform.
- SendGrid (Twilio) — transactional email (verification codes, password resets).
- Plaid — financial-account aggregation, only if you choose to connect a bank.
- Web3Forms — used only to deliver messages submitted through the “Contact us” form on our website to our support inbox. It receives the name, email, optional phone number, and message you type into that form, and nothing else. It is not involved in your account or your financial data.
These providers process your information on our behalf under their own contractual confidentiality and security obligations.
Security
All traffic to the Service is encrypted in transit with TLS 1.2 or higher. Passwords are stored only as PBKDF2 hashes. One-time codes are stored as hashes with expiry and attempt caps. Session tokens are opaque random values, scoped to your account, and revocable from the Service. We rate-limit sensitive endpoints (sign-in, password reset, code resends) at the network layer.
No system is perfect. If you believe your account has been compromised, change your password and email us at [email protected].
Data retention
We keep your account data for as long as your account is active. You can delete your account at any time from Account & Settings → Delete account. When you do, we permanently delete your user record, sessions, one-time codes, accounts, transactions, imports, and recurring series from our primary database. Backup copies are rotated and fully purged within 30 days.
Your rights
Depending on where you live (for example, the EU/UK under GDPR, California under the CCPA/CPRA), you may have rights to:
- access the personal information we hold about you;
- correct it if it is inaccurate;
- delete it (the in-app “Delete account” button does this);
- export it in a portable format;
- object to or restrict certain processing.
To exercise any of these rights, email [email protected] from the address associated with your account.
Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, email us and we will delete it.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via an in-app notice before they take effect. The “Last updated” date at the top of this page always reflects the most recent revision.
Contact
BizzAssist Inc.
Email: [email protected]
Terms of Service
Acceptance of these terms
These Terms of Service (“Terms”) form a binding agreement between you and BizzAssist Inc. (“BizzAssist”, “we”, “us”) governing your use of Maaser Tracker (the “Service”). By creating an account or using the Service, you agree to these Terms and to our Privacy Policy. If you do not agree, do not use the Service.
What the Service does
Maaser Tracker is a personal-finance tool that helps you record income and donations and compute a maaser (tithing) balance based on the percentage you choose. You can enter transactions manually, upload CSV files from your bank, or (where supported) connect a financial account via Plaid. The Service is provided for personal, non-commercial use.
The Service is not financial, tax, legal, or halachic advice. Calculations and totals shown in the Service are estimates based on the data you provide and the settings you choose. You are responsible for verifying the accuracy of all figures before relying on them.
Your account
- You must be at least 13 years old to use the Service.
- You are responsible for keeping your password and any two-factor codes confidential, and for everything that happens under your account. Notify us at [email protected] if you suspect unauthorized access.
- You agree to give us accurate registration information and to keep it up to date.
Acceptable use
You agree not to:
- use the Service for any purpose that violates law or third-party rights;
- attempt to interfere with, disrupt, or gain unauthorized access to the Service, our systems, or other users' data;
- scrape, copy, or harvest data from the Service except for your own account data;
- use the Service to store or process data that does not belong to you;
- resell, sublicense, or commercially redistribute the Service.
Bank-account connections via Plaid
If you choose to connect a financial account using Plaid, you authorize us and Plaid to access information from that institution on your behalf, in accordance with Plaid's end-user terms and our Privacy Policy. You can revoke that authorization at any time inside the Service or via Plaid's consumer portal. We are not your bank and do not hold funds.
Our intellectual property
The Service, including its software, design, and content (other than data you submit), is owned by BizzAssist or its licensors and is protected by intellectual-property laws. We grant you a limited, non-exclusive, non-transferable, revocable license to use the Service for your personal use, subject to these Terms.
Your data
You retain all rights to the transactions and other content you submit (“Your Data”). You grant us a limited license to host, process, transmit, and display Your Data solely to operate and improve the Service for you. You can export or delete Your Data at any time. See our Privacy Policy for details on storage and deletion.
Account termination
You may delete your account at any time from Account & Settings → Delete account. Deletion is permanent. We may suspend or terminate your access if we reasonably believe you have violated these Terms or if required by law.
Disclaimers
The following is required legalese.
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE SERVICE WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE. WE DO NOT WARRANT THE ACCURACY OF ANY CALCULATION, IMPORT, OR PROJECTION MADE BY THE SERVICE.
Limitation of liability
TO THE FULLEST EXTENT PERMITTED BY LAW, BIZZASSIST WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL, ARISING OUT OF OR RELATED TO YOUR USE OF THE SERVICE. OUR TOTAL LIABILITY UNDER THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID US IN THE 12 MONTHS BEFORE THE EVENT GIVING RISE TO THE CLAIM, OR (B) US $50.
Indemnification
You agree to indemnify and hold harmless BizzAssist, its officers, employees, and contractors, from any claim, demand, or expense (including reasonable attorneys' fees) arising out of your misuse of the Service, your violation of these Terms, or your violation of any third-party right.
Changes
We may modify these Terms from time to time. If we make material changes we will notify you via email or via an in-app notice before the changes take effect. Continued use of the Service after changes become effective constitutes acceptance.
Governing law
These Terms are governed by the laws of the State of New York, United States, without regard to conflict-of-laws rules. The exclusive venue for any dispute is the state and federal courts located in New York County, New York, and you consent to personal jurisdiction there.
Contact
BizzAssist Inc.
Email: [email protected]
Built with kavod for the mitzvah of maaser kesafim. Thank you for being part of this.