1. Who we are, what we handle
Pluso is an automated bank-statement audit service. This policy describes what we collect, how we use it, and how we store it. It is written to align with U.S. consumer-privacy norms (CCPA / CPRA principles).
2. What we collect
When you use the Service we receive:
- From Telegram at sign-in: your Telegram ID, first and last name (if you set them on Telegram), username (if any), and your avatar URL. This happens after you explicitly authorize through the Telegram Login widget.
- Your bank statement: a file you upload yourself. We see dates, amounts, and transaction descriptions. We do not see card numbers, account balance, payment credentials, or any personal info not embedded in a transaction description.
- Technical signals: request IP, device and browser type, timestamp — standard web-server data we use for security and rate limiting.
3. How we use the data
Only to deliver the audit service:
- Transaction descriptions and amounts are used to classify spend and surface anomalies (duplicates, zombie subscriptions, spikes)
- Audit results are stored in our database, linked to your Telegram ID
- We do not use your data for advertising. We do not sell it. We do not share it with banks, ad networks, credit bureaus, or data brokers.
4. Retention and deletion
- Your statement file is deleted automatically 24 hours after the audit
- Aggregated results (categories, anomalies, suggestions) stay in the database until you delete them
- Database backups are kept for 7 days, then erased
- Technical logs (IP, time, status) — 30 days
5. Where the service runs
Our databases and analysis servers are hosted in a data center we operate. We do not forward your raw statement, transaction descriptions, or audit results to any third-party service for purposes unrelated to delivering this service.
6. Your rights
Under CCPA / CPRA principles you have the right to:
- Receive a copy of the data we hold about you
- Correct or supplement your data
- Delete all your data with one command —
/deletein our Telegram bot, or by emailing support@pluso.com - Opt out of further processing
- Not be discriminated against for exercising any of these rights
7. How to delete everything
Fastest way — send the /delete command to our Telegram bot. All your data will be gone within an hour, backups within 7 days.
Alternatively — email support@pluso.com with the subject "Delete my data".
8. Cookies and analytics
We use technical cookies for sign-in (an httpOnly JWT session token). These cookies are necessary for the service to function and are not used for advertising or tracking.
As of this version we do not run analytics tools (Google Analytics, Mixpanel, etc.). If we add one in the future, we will update this section to describe what is collected and how to opt out.
9. Changes to this policy
If we make material changes to this policy, we will publish the updated version here with a new date. Critical changes will also be announced via the Telegram bot.
10. Contact
For anything related to data handling: support@pluso.com