Privacy Policy
Last updated 2026-04-10
This Privacy Policy explains what personal information Savi Tools collects, how we use and protect it, and the rights available to you. It is the canonical source for our privacy practices — the in-app Privacy page and our translated versions are generated from this file.
1. Introduction
Savi Gurus LLC, doing business as Savi Tools ("Savi Tools," "we," "us," or "our"), operates the Savi Tools web application at getsavitools.com and the Savi Tools mobile application (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use and protect it, and the rights available to you.
By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account and Identity Information
- Email address — collected at the free assessment gate and account registration
- Name — collected at account registration via Microsoft authentication
- Authentication identifiers — user IDs issued by Microsoft Entra External ID
2.2 Financial and Tax Information
- Income figures — gross income entered into the Tax Set-Aside Calculator
- Expense records — amounts, categories, dates, vendors, and notes you enter
- Filing status — tax filing status selected in the Tax Set-Aside Calculator
- Rate calculator inputs — target income, hours, and business cost figures
- Saved estimates — tax and rate estimates you choose to save
2.3 Receipt Images
When you upload a receipt photo, the image is stored in encrypted cloud storage and processed by Microsoft Azure Document Intelligence to extract expense data (vendor, amount, date). The image and extracted data are associated with your account and stored as part of your expense record.
2.4 Business Registration Information
If you use the Business Registration guidance tool, we store the state and business type selections you make to provide personalized guidance.
2.5 Assessment Responses
If you complete the free financial readiness assessment, we store your responses and the resulting readiness score associated with your email address.
2.6 Third-Party Integration Credentials
If you connect a Wave Accounting or QuickBooks Online account (Team plan), we store OAuth access tokens and your business identifier from those services. We do not store your Wave or QuickBooks login credentials.
2.7 Location and Mileage Data
When you use the mileage tracking feature, the Savi Tools mobile app collects your device's GPS location data to calculate trip distance and route. Location is collected while a trip is actively being tracked and, when you grant background location permission, while driving with an active trip. We do not collect location data passively or outside of active mileage tracking sessions. Location data is used solely to calculate trip mileage and is stored as part of your mileage record (origin, destination, distance, and date). We do not share location data with any third party beyond the cloud infrastructure used to store your records.
2.8 Team and Approval Workflow Data
If you use the team approval feature (Growth and Team plans), expense and mileage records you submit for approval are shared with the designated approver(s) in your group. Approvers can view the details of submitted records — including amounts, categories, dates, vendors, notes, and receipt images — for the purpose of reviewing and approving or rejecting submissions. Approvers cannot access records that have not been submitted for their review. Group membership, invitation status, and approval decisions (including any rejection reasons) are stored and associated with the accounts of all relevant group members.
2.9 Payment Information
Payment card information is collected and processed directly by Stripe. Savi Tools never receives, transmits, or stores full card numbers, CVV codes, or raw payment credentials. We retain only subscription plan, status, and Stripe customer identifiers.
2.10 Technical and Usage Data
- Device information — device type, operating system, browser type
- IP address — logged at authentication events
- Session data — login timestamps, feature usage, session duration
- Application logs — errors and diagnostic events for service maintenance
3. How We Use Your Information
We use the information we collect solely for the following purposes:
- Provide, operate, and maintain the Service
- Calculate and display your tax estimates, rate recommendations, and financial guidance
- Process and manage your subscription through Stripe
- Deliver transactional emails — account confirmation, receipts, and service notifications
- Send educational and marketing emails — only with your explicit consent, with an unsubscribe option in every message
- Track and calculate business mileage trips using your device location when you start a trip
- Facilitate team expense and mileage approval workflows between submitters and approvers in your group
- Sync expense data to connected accounting platforms (Wave, QuickBooks) when you initiate a sync
- Identify your financial readiness score from assessment responses
- Diagnose errors and improve the Service
- Comply with applicable legal obligations
- Detect and prevent fraud and unauthorized access
4. How We Share Your Information
We do not sell, rent, or trade your personal information to any third party.
We share data only with the following service providers who act as data processors on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure | Cloud infrastructure, database, and file storage | All platform data |
| Microsoft Entra External ID | Authentication and identity management | Email, name, user ID |
| Microsoft Azure Document Intelligence | Receipt image parsing (OCR) | Receipt images you upload |
| Azure Communication Services | Transactional and marketing email delivery | Email address, first name |
| Stripe | Payment processing and subscription management | Email address, subscription status |
| Wave Accounting (optional) | Accounting sync — only when you connect and initiate sync | Expense records you sync |
| Intuit QuickBooks Online (optional) | Accounting sync — only when you connect and initiate sync | Expense records you sync |
We also share data within your own organization in the following limited circumstance:
| Recipient | Purpose | Data Shared |
|---|---|---|
| Your designated approver(s) | Review and approve expense and mileage submissions | Submitted expense and mileage records, including amounts, categories, dates, vendors, notes, and receipt images |
We may also disclose your information if required by law, court order, or government authority, or to protect the rights, property, or safety of Savi Tools, our users, or the public.
5. Your Privacy Rights
Depending on where you reside, you may have specific rights regarding your personal data. Regardless of your location, we extend the following rights to all users:
| Right | Description |
|---|---|
| Right to Know / Access | Request a complete export of all personal data we hold about you, delivered as a machine-readable JSON file within 45 days. Self-service from the Account page is immediate. |
| Right to Delete | Request deletion of your account. Sign-in is blocked at the end of your current billing period and your data is hidden from the app immediately. Most data is permanently removed one year later. Invoices and billed expenses are pseudonymized and retained for 7 years to satisfy IRS tax record requirements. See the full Data Retention Policy for detail. |
| Right to Correct | Request correction of inaccurate personal data we hold about you. |
| Right to Portability | Receive your data in a structured, machine-readable format. |
| Right to Opt Out of Sale | We do not sell personal data. No action required. |
| Right to Non-Discrimination | We will not deny service or treat you differently for exercising any of these rights. |
| Right to Opt Out of Marketing | Unsubscribe from marketing emails at any time using the link in any email or by contacting us. |
5.1 California Residents (CCPA / CPRA)
California residents have all rights listed above under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not sell or share personal information for cross-context behavioral advertising. We do not use sensitive personal information for purposes beyond providing the Service.
5.2 Virginia, Colorado, Connecticut, Texas, and Utah Residents
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and Utah (UCPA) have rights to access, correct, delete, and port their personal data, and to opt out of the sale of personal data and targeted advertising. We do not sell personal data or engage in targeted advertising. To exercise any right, contact us using the information in Section 11. We will respond within 45 days, with one 45-day extension if necessary.
5.3 How to Submit a Request
Email anthony.plaster@savigurus.com with the subject line "Privacy Request." Include your name, email address, and the specific right you wish to exercise. We may ask you to verify your identity before processing the request. You may designate an authorized agent to submit requests on your behalf.
6. Data Retention
We keep your data only as long as we need it to provide the Service, comply with the law, and enforce our agreements. The summary below explains the headline rules. Our full Data Retention & Account Deletion Policy is the canonical source — it covers every data type and the exact lifecycle.
| Data Type | Retention | Basis |
|---|---|---|
| Account, profile, and personal records (non-invoiced expenses, mileage, clients, assessments, receipts) | For the life of your account. Hidden immediately on deletion, permanently deleted one year later. | Service provision |
| Invoices and expenses or mileage that were billed on a sent invoice | Pseudonymized at the one-year mark and retained for 7 years to satisfy IRS recordkeeping. After 7 years the pseudonym mapping is destroyed and the records become anonymous. | IRS tax compliance |
| Stripe billing records | Held by Stripe under their retention policy as the system of record for payments. | Legal / payment processor |
| Email capture records (pre-account) | 24 months from capture, then deleted. | Consent record |
| Receipt image files | For the life of your account. Deleted immediately on account deletion (the extracted data on the expense record follows the rules above). | Service provision |
| Audit log of deletion, restoration, and pseudonymization actions | Retained indefinitely. | Security and compliance forensics |
| Diagnostic and application logs | 90 days. | Service maintenance |
You can request account deletion at any time from the Account page in the app. You have one year from the deletion date to restore your account by contacting support. After one year, the data we are allowed to delete is gone permanently and cannot be recovered.
7. Data Security
We implement the following security controls:
- Encryption at rest: AES-256 on all stored data
- Encryption in transit: TLS 1.2 or higher for all data transmission
- Authentication: Microsoft Entra External ID with PKCE OAuth 2.0
- Access control: Role-based, least-privilege access to all data stores
- Mobile credential storage: iOS Secure Enclave / Android Keystore via device-encrypted storage
- Infrastructure: Microsoft Azure — ISO 27001, SOC 2 Type II certified
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to industry-standard protections and prompt notification in the event of a breach affecting your personal data.
8. Cookies and Tracking
The Savi Tools web application uses the following cookies:
- Session cookies — required for authentication and maintaining your logged-in state. These expire when you close your browser or sign out.
- Security cookies — used to prevent cross-site request forgery (CSRF) attacks.
We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral targeting technologies. The Savi Tools mobile app does not use cookies.
9. Children's Privacy
The Service is intended for individuals aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have inadvertently collected information from a child under 18, we will delete it promptly. If you believe we have collected such information, contact us at anthony.plaster@savigurus.com.
10. Changes to This Policy
We will notify you of material changes to this Privacy Policy by email at least 30 days before the updated policy takes effect. The updated date at the top of this page will always reflect the most recent revision. Continued use of the Service after the effective date of any change constitutes your acceptance of the revised policy.
11. Contact
For privacy-related questions, requests, or concerns:
- Savi Gurus LLC
- Attn: Privacy Officer
- 101 W Argonne Dr. #56
- Kirkwood, MO 63122
- anthony.plaster@savigurus.com