Privacy Policy
Last updated: 2026-06-03
Stewr is a money app that helps you pause before impulse purchases. This policy explains what we collect, why, where it lives, and how you stay in control. We keep it short on purpose.
Who we are
Stewr is operated by Deliberate Labs, based in the Netherlands.
Contact: hello@stewr.app
Our principles
- We don't sell your data.
- We don't train AI on your financial data.
- Your data is hosted in the EU.
- You can export or delete everything any time, inside the app.
What we collect
Account and app data you create
- The items you add (title, optional link, optional price and currency, source website).
- Your decisions (kept or bought) and the money-kept totals derived from them.
- Account identifier from sign in.
Legal basis: performance of our contract with you (GDPR Article 6(1)(b)).
Anonymous device identifier
A random device ID we generate. It is not your name, email, or an advertising ID.
Legal basis: legitimate interest in running the service (Article 6(1)(f)).
Usage analytics
Anonymous product interaction events (for example, screens viewed, features used) via PostHog, hosted in the EU. Not linked to your identity. Not used for advertising or cross-app tracking.
Legal basis: legitimate interest in improving the app (Article 6(1)(f)).
Crash and performance data
Crash reports and performance diagnostics via Sentry, hosted in the EU.
Legal basis: legitimate interest in keeping the app stable (Article 6(1)(f)).
What we never do
- We never send your transactions or financial details to any AI training service. When we use automated text inference (for example to read a product link or a CSV column header), only non-personal data such as a URL or a column label is processed.
Where your data lives
Your data is stored and processed in the European Union (Frankfurt, Germany). We use the following sub-processors:
| Sub-processor | Purpose | Region | Data terms |
|---|---|---|---|
| Supabase | Database, authentication, storage | EU (Frankfurt) | supabase.com/legal/dpa |
| Cloudflare | App hosting and request handling | EU edge | cloudflare.com/cloudflare-customer-dpa |
| Sentry | Crash and performance reporting | EU (de.sentry.io) | sentry.io/legal/dpa |
| PostHog | Anonymous product analytics | EU | posthog.com/dpa |
| OpenRouter | URL and CSV header text inference (no personal or financial data) | See provider | openrouter.ai/privacy |
| Resend | Transactional email | EU | resend.com/legal/dpa |
How long we keep it
We keep your data while your account is active. When you delete your account, we delete your personal data. Anonymous analytics and crash events are retained for a limited period by our analytics and error services and are not linked to you.
Your rights
Under the GDPR you can access, correct, export, delete, restrict, or object to the processing of your data, and you can lodge a complaint with a supervisory authority (in the Netherlands, the Autoriteit Persoonsgegevens).
You don't have to email us for the two most important ones. Inside the app, go to Settings then Data to export a full copy of your data, or to delete your account and everything in it. For anything else, email hello@stewr.app and we'll respond within 30 days.
Children
Stewr is not intended for anyone under 13.
Changes
If we change this policy we'll update the date above and, for material changes, tell you in the app.