Privacy & Terms

FRICTN (gotfrictn.com), operated by AltCarBen, is a financial data platform. You are entrusting us with sensitive tax and financial information. We take that responsibility seriously. This policy tells you exactly what we collect, how we protect it, and what rights you have over it.

What We Collect

Account information — your name and email address, used for authentication and service communications only.

Financial records — receipts, expense data, and document images you upload. This data belongs to you.

Tax documents — prior year returns, W-2s, 1099s, and other documents you share with your tax professional through the platform.

Profile data — filing status, active tax schedules, and preferences you configure.

AI processing — receipt images are analyzed by Claude (Anthropic) to extract merchant, amount, and category. Images are transmitted securely and not used for AI training.

Session data — standard authentication cookies. No advertising cookies, tracking pixels, or cross-site trackers.

What We Never Collect

We never store full Social Security Numbers or EINs. If collected during onboarding, only the last 4 digits are retained.

We never store payment card information. All payments are processed by Stripe (PCI DSS Level 1 compliant).

We do not sell, rent, share, or monetize your personal or financial data under any circumstance.

How We Protect Your Data

All data is stored in Supabase (US-hosted PostgreSQL) with row-level security — meaning your data is cryptographically isolated from other users at the database level.

All document storage uses private, encrypted buckets. Document URLs are signed and expire within 1 hour — there are no permanent public links to your files.

All data in transit is encrypted via TLS. All data at rest is encrypted by Supabase's underlying AWS infrastructure.

Access to your data by tax professionals is explicitly scoped — your pro can only see data you are connected to them, and only for the tax year of your engagement.

Third-Party Services

Supabase — US-hosted database, authentication, and file storage. SOC 2 Type II compliant.

Anthropic (Claude) — AI receipt extraction. Data is transmitted per-request and not retained for training.

Stripe — payment processing. We store only a Stripe customer ID.

Vercel — application hosting. Standard server access logs per Vercel policy.

We do not use Google Analytics or any behavioral tracking on this platform.

Tax Professional Access

When you connect with a tax professional on FRICTN, they can view your uploaded receipts, documents, and expense summaries for the engaged tax year. They cannot access data from other years without your explicit connection for that year. All professional access is logged in an append-only audit trail.

Contact

legal@obxtd.com