Privacy Policy

Last updated: April 4, 2026

1. What We Collect

Sorted BAS processes your bank transaction data locally in your browser. We collect:

• Transaction data: Date, description, and amount from your bank's website — processed entirely in your browser
• Usage statistics: Number of AI categorisations used (stored locally in your browser only)
• No personal information: No names, emails, addresses, or account numbers

2. How We Use Your Data

Transaction data is used solely to:

• Match against our local merchant database (runs in your browser)
• Apply keyword and amount-based rules (runs in your browser)
• Future: Send uncategorised transactions to our AI service for classification (stateless API call)

3. Data Storage

• Local storage only: Your categorised transactions, user corrections, and usage counters are stored in chrome.storage.local on your device
• No server storage: We do not store transaction data on any server, database, or cloud service
• AI calls are stateless: When AI categorisation is implemented, descriptions are sent to our API but not logged or stored

4. Third-Party Services

Sorted BAS will use these services (when AI categorisation is enabled):

• Cloudflare Workers: Hosts our API (stateless, no logging)
• Anthropic Claude Haiku: AI categorisation service (GDPR-compliant, no training on user data)

We use Google Analytics on our website (sortedbas.skillpacks.dev) to understand page visits. The Chrome extension itself contains no analytics or tracking. No third-party cookies are used in the extension.

5. What We DON'T Do

• ❌ Store your transaction data on our servers
• ❌ Track your browsing activity
• ❌ Sell or share your data with advertisers
• ❌ Require you to create an account
• ❌ Use your data to train AI models (Anthropic's policy)

6. Bank Access

This extension reads transaction data from your bank's website DOM (Document Object Model) — the same HTML you see in your browser. It does NOT:

• Access your bank login credentials
• Make API calls to your bank
• Modify any bank data
• Send data to anyone except our categorisation API (for unknowns only)

7. Data Retention

• Local data persists until you clear your browser's extension storage or uninstall
• No server-side data retention (we don't store anything)

8. Your Rights

You can:

• Clear all extension data at any time (Chrome → Extensions → Sorted BAS → Remove extension data)
• Export your categorised data as CSV (all processing happens locally)
• Use the extension offline (merchant rules engine works without internet)

9. Security

• All data processing happens in your browser
• Future API calls use HTTPS encryption
• No passwords or credentials are stored

10. Disclaimer

Sorted BAS is a categorisation tool only. It does not provide tax agent services within the meaning of the Tax Agent Services Act 2009 (Cth).

All categorisations are suggestions, not tax advice. We are not registered tax agents, accountants, or financial professionals. You are solely responsible for verifying all categorisations before using them for BAS lodgement. Sorted BAS makes no representations about the accuracy or completeness of its categorisations. When in doubt, consult a registered tax agent or accountant.

11. Chrome Web Store Compliance

This extension complies with Chrome Web Store's Developer Program Policies:

• Limited Use disclosure: Transaction data is used solely for categorisation, not collected or shared
• Prominent disclosure: Privacy policy linked in extension popup
• Single purpose: BAS transaction categorisation only

12. Changes to This Policy

We may update this policy as features are added. Changes will be posted here with a new "Last updated" date.

13. Contact

Questions? Email: hello@skillpacks.dev

Sorted BAS v0.1.0 | GitHub