Legal

Privacy Policy

Last updated: March 15, 2026

1. Overview

NorthTrack ("we", "our", or "us") is a personal finance tracking application available at https://williamhq.com. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

  • Account information: name, email address, and password (stored hashed).
  • Financial data: transactions, budgets, categories, and accounts you create within the app.
  • Telegram chat ID: if you choose to link your Telegram account for expense logging via our bot.
  • Message content: text, voice, and photo messages sent to our Telegram bot are processed to extract expense data. Message IDs are stored for deduplication only.
  • Avatar images: profile photos you upload.

3. How We Use Your Data

  • To provide and operate the NorthTrack service.
  • To process expense and income entries submitted via the Telegram bot.
  • To send confirmation replies via Telegram when a transaction is recorded.
  • To use AI services (Groq) for voice transcription, receipt reading, and category suggestions.
  • We do not sell, share, or rent your data to third parties.
  • We do not use your data for advertising or marketing purposes.

4. Telegram Integration

NorthTrack uses the Telegram Bot API to allow users to log expenses by sending text messages, voice notes, or photos. When you send a message to our bot, the content is received via Telegram's platform and processed solely to create a transaction entry in your workspace. Message IDs are stored to prevent duplicate processing. Voice messages are transcribed using Groq Whisper, and photos are analyzed using Groq Vision. We do not store raw audio or image files after processing.

5. Data Storage and Security

Your data is stored in a secured MySQL database. Passwords are hashed using bcrypt and never stored in plain text. Authentication uses JWT tokens. Access tokens and secrets are stored as environment variables and are never exposed to the client. All workspace data is isolated — members of one workspace cannot access another workspace's data.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us at privacy@williamhq.com.

7. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at privacy@williamhq.com.

8. Third-Party Services

We use the following third-party services that may process your data under their own privacy policies:

  • Telegram Bot API — for receiving and sending messages via the Telegram bot.
  • Groq — for AI-powered voice transcription, image analysis, and expense categorization.

9. Cookies

NorthTrack uses localStorage for authentication tokens and workspace preferences. We do not use tracking cookies or any third-party analytics services.

10. Changes to This Policy

We may update this policy from time to time. Changes will be posted at this URL with an updated date.

11. Contact

For any privacy-related questions, contact us at privacy@williamhq.com.