Privacy Policy

Last updated: 2026-04-26.

What data we collect

The only data Actually, LLC stores on its servers is a Stripe-issued customer ID and which donation tier you chose, if you donated. Your debt balances, rates, payments, and projections never reach us. They live in a private folder in your own Google Drive (signed in via Google), with a working copy in your browser for speed.

Storage in your Google Drive

If you choose to connect Google Drive, Actually. saves your data to a private folder in your own account (the app-data folder, which other Google apps cannot see). We request the minimum permission scope needed. You can disconnect at any time from Settings.

Encryption

You can set a password on first launch. Your data is then encrypted with AES-256 (PBKDF2 key derivation, 1,000,000 iterations) before it ever leaves your device. With encryption on, the file in your Google Drive is zero-knowledge from Google — they store the encrypted file but cannot read it.

Donations

Voluntary donations are processed by Stripe. We do not store payment card details. Stripe's privacy policy applies to payment data: stripe.com/privacy.

App: no analytics, no tracking

The app at app.tryactually.app runs no analytics SDKs, no telemetry. No advertising pixels, no behavioral tracking, no third-party scripts on your device. All app activity stays on your device and your Google Drive.

Marketing site: privacy-friendly Plausible analytics

The marketing site at tryactually.app uses Plausible privacy-friendly analytics via a same-origin Netlify proxy (per D-103). Aggregate stats only — page views, referrer, country-level geography. No cookies. No personal data. No IP addresses stored. No cross-site tracking. No fingerprinting. The script and event endpoints resolve same-origin via the proxy, so there are no third-party network requests from your browser. No opt-in required (Plausible is consent-free per ICO/GDPR/PECR).

Cookies

The marketing site does not use cookies. The app uses your browser's local storage to keep a working copy of your data on your device.

Children's privacy

Actually. is not directed at children under 13. We don't knowingly collect data from children under 13 — and given we don't collect financial data at all, the surface area is narrow. If you believe a child under 13 has used Actually., contact support@tryactually.app and we'll work with you to address it.

What we don't do

• We do not sell your data.
• We do not share your financial data with any third party.
• We do not run advertising.
• We do not build profiles for marketing.
• We do not use your data to train AI models.

Data breach

We hold no financial data on our servers, so a breach of our infrastructure can't expose it. If anything ever does happen — for example, a Stripe security incident affecting donor records — we'll notify affected users by email and post an update at tryactually.app, in line with GDPR Article 33 (within 72 hours of confirming the issue).

Data deletion

Your data is saved to your own Google Drive, with a working copy in your browser for speed. You can delete it at any time from inside the app, or by clearing your browser's local storage. If you connected Google Drive, you can also revoke access and remove the file by going to Google Account → Permissions → Apps with access.

Your rights

GDPR (EU) and CCPA (California) give you rights over your personal data: to access it, delete it, correct it, take it elsewhere, and refuse its sale. Because Actually. doesn't have your financial data on its servers, you can exercise most of these rights yourself — your data is in your own Google Drive (with a working copy in your browser). Specifically: open the app to access it. Follow /delete-account to delete it. Use the app's export feature for portability. Edit any debt directly to correct it. And we don't sell your data — we have nothing to sell.

Contact

Questions about privacy: support@tryactually.app.

Actually, LLC · A Utah limited liability company.