Legal

Privacy policy

Last updated: July 3, 2026

The short version: we collect what’s needed to run Headroom and Serai, we protect it, and we never sell it. The sections below spell that out.

1. Who we are & how to contact us

Cairnby LLC, a Colorado limited liability company, is the consumer-software studio that makes Headroom and Serai — and the data controller for the personal data described here. This policy explains what data we collect across cairnby.com and our apps, why we collect it, and the choices you have. For anything this page doesn’t answer, write to hello@cairnby.com.

2. The data we collect

We collect the information you give us — your account details (name, email), the financial information you connect to Headroom, and the documents, photos, and item details you store in Serai. We also collect limited usage data, such as device type and app version, to keep the service working well.

3. How your data is collected

Most data arrives because you add it: creating an account, connecting an account to Headroom, or capturing a receipt or document in Serai. When you capture something, AI processing extracts details like amounts, dates, and serial numbers so you don’t have to type them. Usage data is collected automatically as you use the service.

4. Why we use your data

We use your data to provide the service you signed up for — calculating your safe-to-spend number, keeping your records organized, and keeping your account secure. We also use limited, aggregated data to improve the product. We don’t use your data for advertising, and we never sell it.

5. Third parties & sub-processors

We share data only with the service providers needed to run Cairnby — hosting, secure bank-data connections, AI processing, and email delivery. Each provider is bound by contract to protect your data and use it only to provide their service to us. A current list of sub-processors is available on request at hello@cairnby.com.

6. How long we keep your data

We keep your data for as long as your account is active. If you delete your account, we delete your personal data from our systems within 30 days, except where a longer period is required by law — for example, tax and accounting records.

7. How we protect your data

Your data is encrypted in transit and at rest, access to production systems is limited and logged, and we review our safeguards regularly. Our security page describes this in more detail.

8. Your rights

You can access, correct, export, or delete your data at any time — most of it directly in the apps, and all of it by contacting us. Depending on where you live, you may also have rights under GDPR, UK GDPR, or CCPA/CPRA, including the right to opt out of the sale of personal data. We make that one easy: we don’t sell it.

9. Cookies

cairnby.com uses a small number of cookies for essential functionality, preferences, and simple analytics. The cookie policy at /cookies lists each one, what it does, and how to opt out.

10. Children

Cairnby is not directed at children under 13 — or under 16 where that is the applicable age — and we don’t knowingly collect their data. If you believe a child has created an account, contact us and we’ll delete it.

11. International transfers

Our services are operated from the United States. If you use Cairnby from elsewhere, your data is transferred to and processed in the US, protected by appropriate safeguards such as standard contractual clauses where required.

12. Changes to this policy

When we change this policy, we’ll update the date at the top and, for material changes, tell you in the app or by email before they take effect. We won’t quietly weaken your protections.

13. Effective date

This policy is effective as of July 3, 2026. Earlier versions are available on request.