Legal
Privacy Policy
Effective date: April 29, 2026
Grounded is built on a simple privacy principle: your financial data lives in your Google Sheet, not on our servers. We never see it, store it, or have access to it beyond what's needed to run the app.
1. Who we are
Grounded is an independent personal net worth tracker built to help you understand and grow your financial picture over time.
2. What data we collect
When you sign in with Google, we receive:
- Your name
- Your email address
- Your Google profile photo URL
- A unique Google user ID
We do not collect your financial data, passwords, bank credentials, or any payment information.
3. How your financial data is stored
This is the most important part of our privacy model.
When you use Grounded, your financial data — account names, balances, net worth history — is stored in a Google Sheet created inside your personal Google Drive. Not on our servers. Not in our database. In your Google Drive.
This means:
- Only you can access your financial data
- You can view, edit, export, or delete it at any time directly from Google Sheets
- Grounded's access is limited to that specific file using Google's OAuth permission system
- Revoking Grounded's access in your Google Account settings immediately cuts off all access
4. Google OAuth and permissions
Grounded uses Google Sign-In and requests the following permissions:
- openid, email, profile — to identify you and display your name
- drive.file — to create the Google Sheet that Grounded uses, and to read and write data within that specific sheet
The drive.file scope is intentionally limited. Grounded can only access the specific Google Sheet it created on your behalf — it cannot read, modify, or even see any other files in your Google Drive. This is the most restrictive Drive permission available and represents the principle of least privilege in practice.
5. Limited Use of Workspace data
The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements. Specifically, Grounded:
- Will not transfer this data to third parties except as necessary to provide or improve user-facing features that are prominent in the application's user interface
- Will not use this data to serve advertisements
- Will not allow humans to read this data unless we have obtained your affirmative agreement to view specific messages, or doing so is necessary for security purposes, to comply with applicable law, or to provide an internal operation for which the data has been aggregated and anonymized
- Will not use this data to train AI/ML models
6. Data protection
Grounded applies the following protections for your sensitive financial data:
- Encryption in transit — all communication between your browser, Google's APIs, and our Cloudflare Worker proxy is encrypted via HTTPS/TLS
- No server-side storage — Grounded does not store, log, or cache your financial data on any Grounded-controlled server. All data is written directly to your Google Sheet via Google's API
- Token handling — your Google OAuth access token is stored only in your browser's localStorage and is never transmitted to Grounded's servers
- Minimal data sharing for AI insights — when AI-powered insights are generated, only anonymized aggregate totals (net worth value, category summaries) are sent to the Cloudflare Worker. No account names, balances, or personally identifiable financial details are transmitted
- Principle of least privilege — Grounded requests only the Google API scopes necessary to operate. No other files in your Google Drive are accessible
- Revocable access — you can revoke Grounded's access at any time via Google Account → Security → Third-party apps, immediately ending all API access
- Rate limiting — our Cloudflare Worker enforces rate limits on AI insight and feedback endpoints to prevent abuse
- Input sanitization — all inputs submitted through Grounded's Cloudflare Worker are sanitized before processing
7. How we use your information
We use your Google account information to:
- Identify your account when you sign in
- Associate your Google Sheet with your user ID so it can be found on future logins
- Display your name and profile photo inside the app
We do not sell your information. We do not use your information for advertising. We do not share your information with third parties.
8. Cookies and local storage
Grounded uses your browser's localStorage to store:
- Your authentication token (so you stay signed in)
- Your app preferences (theme, profile settings)
- Cached data to improve performance
This data never leaves your device. It is not transmitted to any server. You can clear it at any time by clearing your browser's site data.
9. Third-party services
Grounded uses the following third-party services:
- Google OAuth — for authentication
- Google Drive API — to create and access only the Google Sheet that Grounded itself creates (via the
drive.file scope)
- CoinGecko API — to fetch live cryptocurrency prices (no personal data is sent)
- Anthropic API — to generate AI-powered financial insights. Only your net worth totals and account category summaries are sent — never account names or specific balances.
- Google Analytics — for aggregate, anonymized pageview tracking on marketing pages only (homepage before sign-in, privacy policy, and terms of service). Google Analytics does not run on the dashboard or any authenticated app surface. No financial data, account information, or personally identifiable financial details are ever sent to Google Analytics.
10. Data retention and deletion
Because your financial data lives in your own Google Sheet, you are in full control of it:
- To delete your data, simply delete the Google Sheet from your Google Drive
- To revoke Grounded's access, go to your Google Account → Security → Third-party apps and remove Grounded
- To clear your local preferences and sign out, use the Sign out option in the app
We do not retain copies of your financial data. Once you delete your Google Sheet and revoke access, no record of your financial information remains.
11. Children's privacy
Grounded is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of Grounded after changes constitutes acceptance of the new policy.
13. Contact
If you have questions or concerns about this Privacy Policy, please contact us at hello@usegrounded.app.
Grounded is not a financial advisor. This app is for informational purposes only and does not constitute financial, legal, or investment advice.