Privacy Policy

Last updated: April 27, 2026

Curravo ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

Account information (if you register): email address, first and last name, and a hashed password. We never store passwords in plain text.

Usage data: When you use Curravo, we may log your IP address, browser type, and pages visited for security and analytics purposes. This data is aggregated and not linked to individual identities.

Rate alerts: If you set a rate alert, we store your email address and the alert configuration to send you notifications.

Pro features (if subscribed): Expense records, portfolio entries, savings goals, and favorites that you explicitly create and store.

Payment information: Payments are processed by Stripe. We do not store credit card numbers or full payment details. We receive a Stripe customer ID and subscription status only.

2. How We Use Your Information

  • To provide and operate the Curravo service
  • To send rate alert emails you have explicitly requested
  • To process subscription payments via Stripe
  • To send transactional emails (account verification, password reset)
  • To improve the service through aggregated analytics
  • To prevent fraud, abuse, and unauthorized access

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

3. Cookies & Local Storage

We use the following browser storage mechanisms:

  • Session cookie (ctn_sess): A secure, HttpOnly cookie used to keep you logged in. Expires after 30 days of inactivity.
  • Theme preference: Stored in localStorage to remember your light/dark mode choice. No personal data.
  • Converter state: Stored in localStorage to remember your last-used currencies. No personal data.

We do not use advertising cookies or third-party tracking cookies.

4. Third-Party Services

Curravo uses the following third-party services, each with their own privacy policies:

  • Open Exchange Rates — rate data provider
  • CoinGecko — cryptocurrency data provider
  • Stripe — payment processing (stripe.com/privacy)
  • Google Fonts — font delivery (Inter, JetBrains Mono)
  • FlagCDN — country flag images

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

Rate alert emails are retained until you unsubscribe or delete your account. Aggregated, anonymized analytics data may be retained indefinitely.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data via your account settings
  • Request deletion of your account and associated data
  • Unsubscribe from rate alerts at any time via the unsubscribe link in any alert email
  • Export your data (expenses, portfolio, goals) as CSV from your account dashboard

To exercise any of these rights, contact us at privacy@curravo.com.

7. Security

We use industry-standard security practices including HTTPS encryption, bcrypt password hashing (cost 12), AES-256-GCM encryption for sensitive configuration data, and IP-based rate limiting to protect against brute-force attacks.

Despite these measures, no internet service is 100% secure. We encourage you to use a strong, unique password for your Curravo account.

8. Children's Privacy

Curravo is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of Curravo after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or requests: