Privacy Policy

Last updated: February 18, 2026

The short version: We collect only what's necessary to run PlutoPixie. We never sell your data. Your financial information is encrypted and belongs to you. You can export or delete it at any time.

1. Who We Are

PlutoPixie is operated by CNG Studios LLC, based in Miami, Florida, United States. We provide AI-powered expense tracking tools as part of The Pixie Suite. For privacy inquiries, contact us at [email protected].

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and organization name. Passwords are stored as salted bcrypt hashes — we never store or have access to your plain-text password.

Expense Data: When you use PlutoPixie, you provide expense details including dates, amounts, vendors, categories, brands, and notes. This data is stored in our secure database and associated with your organization.

Receipt Images & PDFs: When you upload receipts, the files are stored on our servers for OCR processing and your future reference. Receipt images are processed by AI models to extract text data.

Usage Data: We collect basic usage information including login timestamps and feature usage patterns to improve the Service. We do not track individual page views or use third-party analytics trackers.

3. How We Use Your Information

To provide the Service — processing receipts, categorizing expenses, generating reports and dashboards
To send notifications — expense confirmations, tax deadline reminders, and account alerts via Telegram or email
To improve PlutoPixie — understanding usage patterns to build better features (always in aggregate, never individually identifying)
To communicate with you — responding to support requests, sending important account updates

4. What We Never Do

    We never sell your personal or financial data to anyone
We never share your data with advertisers
We never use your financial data to train AI models
We never access your data for any purpose other than providing the Service
We never store full credit card or bank account numbers — only last 4 digits for payment method identification

  

5. AI Processing

PlutoPixie uses artificial intelligence to extract text from receipt images and PDFs. This processing occurs on our private infrastructure — receipt images are sent to our self-hosted AI models (not third-party cloud AI services) for OCR extraction. The extracted data is stored in your account; the AI model does not retain your data after processing.

6. Data Storage & Security

Your data is stored in PostgreSQL databases on our secured infrastructure. We employ the following security measures:

Encrypted connections (HTTPS/TLS) for all data in transit
Bcrypt password hashing with salt
JWT authentication with expiring tokens
Organization-level data isolation (multi-tenant architecture)
Role-based access controls (owner, admin, member)

7. Data Isolation

PlutoPixie uses a multi-tenant architecture where each organization's data is strictly isolated. Users in Organization A cannot see, access, or query data belonging to Organization B. All database queries are scoped to the authenticated user's organization ID.

8. Third-Party Services

We use the following third-party services:

Cloudflare — DNS, CDN, and SSL/TLS termination
Telegram Bot API — optional expense notifications and admin alerts
Listmonk (self-hosted) — email newsletter management for product updates

None of these services have access to your expense data or receipt images.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Expense data may be retained in encrypted backups for up to 90 days after deletion for disaster recovery purposes, after which it is permanently purged.

10. Your Rights

You have the right to:

Access — view all data we have about you at any time via the app
Export — download your complete expense data as CSV
Correct — edit or update any of your information
Delete — request complete deletion of your account and data
Portability — receive your data in a standard, machine-readable format

To exercise any of these rights, contact us at [email protected].

11. Children's Privacy

PlutoPixie is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

13. Contact Us

For questions, concerns, or requests related to this Privacy Policy, contact us at:

CNG Studios LLC
Email: [email protected]
Website: cngstudios.com