User guide · 7 of 9
Settings & privacy
Settings (top nav) manages your account and is where you exercise your
data rights.
Account
Shows your email, when you joined, and whether your email is Verified. If it isn't, verify it from the banner — password reset depends on your email working.
Change password
Enter your current password and a new one (min 8 characters). For your protection, changing the password signs out every other device immediately; the device you changed it on stays signed in.
If you've forgotten your password entirely, sign out and use Forgot password? on the sign-in page instead.
Danger zone — delete your account
Permanent and immediate. Enter your password and type DELETE to confirm. This removes:
- your user record and sign-in,
- all financial accounts, transactions, tags, and remarks,
- all trades and statement records,
- any statement PDFs still on disk from in-progress imports.
There is no recovery, no grace period, and nothing retained beyond standard database backups, which age out. Export your CSVs first if you want to keep your data (transactions, trades).
What Perfi stores — and what it doesn't
- Stored: your email, a bcrypt hash of your password (never the password), and the financial data parsed from statements you upload.
- Not retained: the statement PDFs themselves. A PDF exists on the server only between upload and confirmed import, then it's deleted; abandoned uploads are removed within 24 hours.
- No third parties see your data. Parsing is deterministic and local to the server — no AI services. The only outbound calls are market price quotes (no personal data) and transactional email (your email address only).
- Cookies: one —
perfi_session, used purely to keep you signed in. No tracking or analytics cookies. - Sessions last up to 30 days but are revocable: any password change or reset instantly invalidates every other device's session.
The full policy is at /privacy; terms at /terms. For data questions or requests, use the Contact link in the footer.