Privacy Policy
Savi Tools · Effective January 1, 2026 · Last updated March 31, 2026
1. Introduction
Savi Gurus LLC, doing business as Savi Tools ("Savi Tools," "we," "us," or "our"), operates the Savi Tools web application at getsavitools.com and the Savi Tools mobile application (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use and protect it, and the rights available to you.
By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account and Identity Information
- Email address — collected at the free assessment gate and account registration
- Name — collected at account registration via Microsoft authentication
- Authentication identifiers — user IDs issued by Microsoft Entra External ID
2.2 Financial and Tax Information
- Income figures — gross income entered into the Tax Estimator
- Expense records — amounts, categories, dates, vendors, and notes you enter
- Filing status — tax filing status selected in the Tax Estimator
- Rate calculator inputs — target income, hours, and business cost figures
- Saved estimates — tax and rate estimates you choose to save
2.3 Receipt Images
When you upload a receipt photo, the image is stored in encrypted cloud storage and processed by Microsoft Azure Document Intelligence to extract expense data (vendor, amount, date). The image and extracted data are associated with your account and stored as part of your expense record.
2.4 Business Registration Information
If you use the Business Registration guidance tool, we store the state and business type selections you make to provide personalized guidance.
2.5 Assessment Responses
If you complete the free financial readiness assessment, we store your responses and the resulting readiness score associated with your email address.
2.6 Third-Party Integration Credentials
If you connect a Wave Accounting or QuickBooks Online account (Team plan), we store OAuth access tokens and your business identifier from those services. We do not store your Wave or QuickBooks login credentials.
2.7 Payment Information
Payment card information is collected and processed directly by Stripe. Savi Tools never receives, transmits, or stores full card numbers, CVV codes, or raw payment credentials. We retain only subscription plan, status, and Stripe customer identifiers.
2.8 Technical and Usage Data
- Device information — device type, operating system, browser type
- IP address — logged at authentication events
- Session data — login timestamps, feature usage, session duration
- Application logs — errors and diagnostic events for service maintenance
3. How We Use Your Information
We use the information we collect solely for the following purposes:
- Provide, operate, and maintain the Service
- Calculate and display your tax estimates, rate recommendations, and financial guidance
- Process and manage your subscription through Stripe
- Deliver transactional emails — account confirmation, receipts, and service notifications
- Send educational and marketing emails — only with your explicit consent, with an unsubscribe option in every message
- Sync expense data to connected accounting platforms (Wave, QuickBooks) when you initiate a sync
- Identify your financial readiness score from assessment responses
- Diagnose errors and improve the Service
- Comply with applicable legal obligations
- Detect and prevent fraud and unauthorized access
4. How We Share Your Information
We do not sell, rent, or trade your personal information to any third party.
We share data only with the following service providers who act as data processors on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure | Cloud infrastructure, database, and file storage | All platform data |
| Microsoft Entra External ID | Authentication and identity management | Email, name, user ID |
| Microsoft Azure Document Intelligence | Receipt image parsing (OCR) | Receipt images you upload |
| Azure Communication Services | Transactional and marketing email delivery | Email address, first name |
| Stripe | Payment processing and subscription management | Email address, subscription status |
| Wave Accounting (optional) | Accounting sync — only when you connect and initiate sync | Expense records you sync |
| Intuit QuickBooks Online (optional) | Accounting sync — only when you connect and initiate sync | Expense records you sync |
We may also disclose your information if required by law, court order, or government authority, or to protect the rights, property, or safety of Savi Tools, our users, or the public.
5. Your Privacy Rights
Depending on where you reside, you may have specific rights regarding your personal data. Regardless of your location, we extend the following rights to all users:
| Right | Description |
|---|---|
| Right to Know / Access | Request a complete export of all personal data we hold about you, delivered in JSON or CSV within 45 days. |
| Right to Delete | Request deletion of your account and associated personal data within 45 days. Billing and transaction records are retained for 7 years as required by law. |
| Right to Correct | Request correction of inaccurate personal data we hold about you. |
| Right to Portability | Receive your data in a structured, machine-readable format. |
| Right to Opt Out of Sale | We do not sell personal data. No action required. |
| Right to Non-Discrimination | We will not deny service or treat you differently for exercising any of these rights. |
| Right to Opt Out of Marketing | Unsubscribe from marketing emails at any time using the link in any email or by contacting us. |
5.1 California Residents (CCPA / CPRA)
California residents have all rights listed above under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not sell or share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes beyond providing the Service.
5.2 Virginia, Colorado, Connecticut, Texas, and Utah Residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and Utah (UCPA) have rights to access, correct, delete, and port their personal data, and to opt out of the sale of personal data and targeted advertising. We do not sell personal data or engage in targeted advertising. To exercise any right, contact us using the information in Section 10. We will respond within 45 days, with one 45-day extension if necessary.
5.3 How to Submit a Request
Email anthony.plaster@savigurus.com with the subject line "Privacy Request." Include your name, email address, and the specific right you wish to exercise. We may ask you to verify your identity before processing the request. You may designate an authorized agent to submit requests on your behalf.
6. Data Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Account and profile data | Duration of active account + 90 days after closure | Service provision |
| Expense records and receipt images | Duration of active account + 90 days after closure | Service provision |
| Tax estimate data | Duration of active account + 90 days after closure | Service provision |
| Assessment responses and scores | 24 months from date of completion | Service improvement |
| Email capture records (pre-account) | 24 months from date of capture | Consent record |
| Billing and transaction records | 7 years from transaction date | Legal / tax compliance |
| Application audit and security logs | 12 months | Security and fraud prevention |
| Diagnostic logs | 90 days | Service maintenance |
7. Data Security
We implement the following security controls:
- Encryption at rest: AES-256 on all stored data
- Encryption in transit: TLS 1.2 or higher for all data transmission
- Authentication: Microsoft Entra External ID with PKCE OAuth 2.0
- Access control: Role-based, least-privilege access to all data stores
- Mobile credential storage: iOS Secure Enclave / Android Keystore via device-encrypted storage
- Infrastructure: Microsoft Azure — ISO 27001, SOC 2 Type II certified
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to industry-standard protections and prompt notification in the event of a breach affecting your personal data.
8. Cookies and Tracking
The Savi Tools web application uses the following cookies:
- Session cookies — required for authentication and maintaining your logged-in state. These expire when you close your browser or sign out.
- Security cookies — used to prevent cross-site request forgery (CSRF) attacks.
We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral targeting technologies. The Savi Tools mobile app does not use cookies.
9. Children's Privacy
The Service is intended for individuals aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have inadvertently collected information from a child under 18, we will delete it promptly. If you believe we have collected such information, contact us at anthony.plaster@savigurus.com.
10. Changes to This Policy
We will notify you of material changes to this Privacy Policy by email at least 30 days before the updated policy takes effect. The updated date at the top of this page will always reflect the most recent revision. Continued use of the Service after the effective date of any change constitutes your acceptance of the revised policy.
11. Contact
For privacy-related questions, requests, or concerns:
Attn: Privacy Officer
101 W Argonne Dr #56
Kirkwood, MO 63122
anthony.plaster@savigurus.com