What we collect, why, and for how long.

Softmax Finance is a non-custodial AI finance team for crypto-native businesses. We're an SaaS application — not a bank, not an exchange, not a money transmitter. Your wallet keys live on your device; we never see them and can't move your funds. This document explains the data we do handle: what gets stored, where, why, and for how long. Plain English, no dark patterns.

Account data

When you sign up, Supabase Auth (our identity provider) stores your email address, a hashed password (or your OAuth provider id if you sign in with Google), and any TOTP MFA secret you set up. We store your display name and an avatar URL if you provide one. We do not ask for or store your real name, address, or any government identifier.

Workspace + business data

Once you create a workspace, we store the data the AI agents need to do their jobs:

• Workspace name + (optional) legal entity name. Used as the “From” on invoices and reminders.
• Wallet addresses you connect to the workspace. We never store private keys — only the public address. Wallet keys live on your device via Thirdweb's embedded wallet, your hardware wallet, or your Safe multisig.
• Counterparties — the customers + vendors your agents learn about. Name, optional email, optional notes, and the alias map your AP agent builds as you correct vendor extractions.
• Invoices and bills. Line items, amounts, due dates, status, and (for AP) the raw text the AI extracted bills from.
• Attachments — files you upload alongside invoices or bills. PDF contracts, receipts, statements. Stored privately in Supabase Storage; only signed URLs (1-hour TTL) are issued to anyone.
• The action ledger — an append-only audit log of every money-touching action: extracted, proposed, approved, paid, marked, voided. Sacred and immutable per our build principles; accountants and auditors live here.

On-chain reads

We read public on-chain data from your connected wallets to surface balances + transaction history. This is the same data anyone with your address can read from a block explorer; we just aggregate it across chains (Base / Ethereum / Arbitrum / Optimism / Polygon). We do not sign or broadcast transactions on your behalf — every money-moving action is constructed unsigned and handed to your wallet for signature.

AI processing

Bill extraction, invoice prefill, reminder drafting, and (later) transaction classification all use Anthropic Claude as the primary model. The text you paste — invoice descriptions, bill bodies — is sent to Anthropic for processing. Per Anthropic's API policy, prompts and outputs are not used to train their models. We retain the AI input + output in our database for the audit trail and so the model's learning improves per-workspace over time.

If you set LLM_PROVIDER=openai OpenAI handles the same calls under their equivalent no-training API policy. The architecture supports any compliant provider; we default to Anthropic.

Payments + billing

Customer-side invoice payments are processed by Thirdweb's Bridge CheckoutWidget. Thirdweb is the merchant of record for the card leg; the USDC settles directly to your workspace wallet. We receive a webhook (payment id, amount, receiver address) but never the customer's card details.

Softmax's own subscription billing uses the same Thirdweb primitive (one-time prepaid period; renewal is explicit, never auto-charged). When Polar.sh merchant onboarding completes, Polar will be the recurring rail.

Email + integrations

AR reminders and transactional emails (welcome, password reset, billing-expiry) are sent via Resend. The recipient email + the body of the message are visible to Resend's infrastructure for delivery. Gmail OAuth, Stripe Connect read-only, Coinbase Commerce read-only, and the QuickBooks/Xero sync are opt-in; we only request the scopes the spec lists, and you can revoke at any time from your provider's settings.

Where this is stored

• Postgres (Supabase, eu-west-1) — all application data. Tenant isolation enforced by per-row workspace_id checks at the application layer + RLS policies at the database layer.
• Supabase Storage (eu-west-1) — file attachments. Bucket is private; signed URLs only.
• Vercel — application + serverless functions (US + EU edge).
• Anthropic (US) — AI processing (per-call; nothing stored at Anthropic per their no-training API policy).
• Sentry, PostHog, Resend — observability and email. Standard hosted tooling.

How long

Account data persists while your account exists. Workspace + ledger data persist while the workspace exists; if you delete a workspace, every row is hard-deleted (cascade) within 30 days. Auth-system logs (sign-ins, password changes) are kept 90 days for security review and then deleted.

Your rights

You can export everything we hold about you and your workspaces from the dashboard (Settings → Export — coming with the first paying customer). You can delete your account and your workspaces from the same place; deletion is permanent and the action ledger gets purged with the rest.

If you're in the EU/EEA, the UK, or California, you have statutory rights under GDPR / UK GDPR / CCPA: access, rectify, erase, restrict, port, object. Email privacy@softmax.finance and we'll respond within 30 days.

Changes

We'll update the “Last updated” date when this document changes and call out material shifts via email at least 14 days before they take effect.