How your data is handled

Account information. When you create an account we store your email address and an authentication identifier from Supabase Auth (or Google, if you sign in with Google). No passwords are stored on our servers — Supabase handles credential hashing.

Budget data. Production budgets you upload are parsed server-side to extract line items. The original PDF or Excel file itself is not retained. If you click "Save to Dashboard," the extracted budget text and the resulting analysis are saved to your private account so you can return to them later. If you don't save, nothing is retained after the session ends.

Usage data. We record counts of analyses run, subscription status, and plan limits, so we can enforce monthly caps and bill correctly.

Anonymous trial attempts. The free anonymous trial uses a SHA-256 hash of your IP address to limit one trial per IP per 24 hours. The raw IP is never stored — only the hash.

Your data is used to (1) generate your tax-incentive analysis, (2) save results to your dashboard if you opt in, (3) enforce your plan's monthly limits, and (4) process payments through Stripe. That's it.

We do not sell, share, or rent personal data. We do not use it for advertising. We do not use it to train AI models — and neither does our AI provider (Anthropic's API terms prohibit training on customer inputs).

Budgets are stored in Supabase with row-level security policies that prevent any other user from reading your data.

As the operator of this service, the founder has database admin access — the same as any SaaS founder. We do not review or extract user budget data as a matter of policy; only the automated analysis pipeline reads it to generate your results. If this is a concern for a sensitive production, contact us and we can discuss additional handling (e.g., not saving the analysis to your account).

The service runs on a small, intentional stack:

• Supabase — database and authentication. Encrypted at rest, TLS in transit.
• Anthropic (Claude API) — analyzes the parsed budget text. Per Anthropic's API terms, inputs are not used to train models and are retained only as long as needed to provide the service.
• Stripe — payment processing. We never see or store your card details; Stripe handles billing directly.
• Google Analytics 4 — aggregated traffic measurement (page views, sessions). No personally identifiable information is sent.
• Cloudflare Turnstile — bot/abuse protection for the anonymous trial. Sees a token from your browser, not your budget.
• Railway — application hosting.

We use essential cookies for authentication and session management (set by Supabase Auth) and analytics cookies set by Google Analytics 4 to measure aggregate traffic. We do not use advertising or cross-site tracking cookies. You can clear or block these via your browser settings.

You can, at any time:

• View and edit your saved budgets and results from your dashboard
• Delete any saved budget or result individually
• Cancel your subscription from the Stripe billing portal (Account → Manage Billing)
• Request full account deletion — we will remove your account and all associated data from the database. Email us to start that process.
• Export your data — contact us and we'll send you a copy

Account data and saved budgets are retained as long as your account is active. When you delete your account, all associated records are permanently removed from the database within 30 days. Stripe retains billing records as required by tax and accounting regulations.

We may update this policy as the service evolves. Material changes will be announced inside the application. The "last updated" date at the top reflects the most recent revision.

Questions about privacy, data handling, or deletion requests: filmincentivescalculator@gmail.com