The Kippu Promises
Kippu is a tool for tracking your money. That means we hold data that matters — data that, in the wrong hands or with the wrong incentives, could be used in ways that don’t serve you.
We built Kippu because the most popular tools in this space are structured to extract value from users rather than return it to them. Free apps sell data. Paid apps add dark patterns to keep you. Both tend to see users as assets to monetize rather than people to serve. We don’t want to be that.
So we’ve written down what we promise. These aren’t suggestions or aspirations — they’re commitments we intend to hold ourselves to. The Terms of Service and Privacy Policy are the binding legal documents; the promises below are the ethos those documents serve.
1. Don’t be evil
Yes, we borrowed it. Google engineers coined the phrase around 2000; Google quietly moved it to the bottom of their code of conduct in 2018, which tells you something about how easy it is to say and how hard it is to keep. We’re taking it back as our first promise — the one every other promise on this page is meant to serve. When we have to choose between what’s convenient for us and what’s right by you, this is what we abide.
2. No trackers, no pixels, no ads, no third parties
Kippu ships with zero analytics trackers, zero advertising pixels, and zero third-party tags. Not on the site, not in the app. We’ve also disabled the open- and click-tracking that transactional email providers add by default.
Whatever we learn about how Kippu is being used, we learn on our own servers, with our own software. We don’t send your activity to Google, Meta, Mixpanel, or any other analytics or advertising company — not now, not ever. No profile of you gets built somewhere else because you used Kippu.
We may keep aggregate records of which features get used and where errors happen, so we know what to fix and build next. We don’t record individual sessions or replay your interactions.
3. We don’t sell your data
Not to brokers. Not to marketers. Not to “partners.” Not as “aggregated insights.” Not in any form. This isn’t a current policy we reserve the right to change — it’s a standing promise.
4. Your data is yours
You can export everything — transactions, categories, attachments — as CSV and JSON, any day, from your account. No hoops. No support tickets. A click and an email.
5. Delete means delete
Close your account and your live data is permanently deleted within 30 days. Encrypted backups rotate out within 90 days. The only records we keep longer are billing entries we’re legally required to retain for tax purposes.
6. No dark patterns
Changing plans is one click. Cancelling is one click. We don’t require you to email, call, schedule a retention session, or explain yourself. If you want your money back within a week of being charged, you get your money back — the full amount, no questions.
7. Transparency about who we work with
Every company that helps us run Kippu is named publicly in our Privacy Policy — not hidden behind “we may share with trusted partners” language. If we add a new one, we tell you 30 days in advance by email.
8. Notice before things change
Material changes to our Terms, Privacy Policy, subprocessors, or ownership get at least 30 days’ email notice. If we ever shut Kippu down, you get 60 days and an exit plan.
9. Security we’d want for ourselves
Passwords hashed with bcrypt. Traffic over HTTPS. Backups encrypted at rest. Production access limited to the people who need it. No perfection, but no shortcuts either.
10. If we break one of these, tell us
We’ll try to hold to this. If you ever think we’re drifting, let us know at hello@kippu.co. We’ll fix it, explain ourselves, or both.
These are promises, and we treat them as binding. If anything in the Terms of Service or Privacy Policy appears to conflict with the intent of the promises above, the promises are the tiebreaker.
— Luis, for Sigitur