The obvious question
Savyy uses AI across the app. The chat assistant that helps you understand your finances, automatic transaction categorization, and other features we're building. All of them send some of your financial data to large language models.
So what happens to that data?
We get asked this regularly. The answer isn't "trust us." It's a set of technical decisions you can verify. This article walks through them.
Nothing gets stored by AI providers
The most important protection is zero data retention (ZDR).
When Savyy sends a request to an AI model — say, when you ask the chat assistant about your spending this month — that request passes through an AI gateway before reaching the model provider. The gateway is a routing layer between Savyy and the providers.
The gateway applies a strict ZDR policy: prompts, outputs, and any data included in requests are deleted immediately after the request completes. Nothing lingers on their servers.
The AI providers on the other side also need to follow the same rules. Every request Savyy makes includes a zeroDataRetention: true flag. This tells the gateway: only route this request to providers that have contractual zero data retention agreements in place.
If no ZDR-compliant provider is available, the request fails rather than falling back to a provider that might store your data. The system prefers failure over privacy compromise.
Your data never touches the client
Model selection happens entirely on the backend. The Savyy app on your phone or browser doesn't know which AI model it's talking to, doesn't choose it, and doesn't have access to the API keys that authenticate with providers.
All AI calls originate from our backend servers. The client sends your message to our API, the API calls the AI model through the gateway, and the response streams back. No sensitive configuration ever reaches the frontend.
If model selection happened client-side, an attacker who compromised the app could redirect requests to a non-ZDR provider, or intercept the API keys. Keeping everything server-side eliminates that entire class of attack.
What data actually gets sent to the AI
Not everything. It depends on the feature.
Chat assistant: When you ask a question, the AI receives your message along with context about your accounts — balances, recent transactions, spending categories, budget status. This is scoped to your user ID. The AI cannot access other users' data, and the queries that fetch your financial context enforce user-level isolation at the database layer.
Transaction categorization: More minimal. We send transaction descriptions and amounts — no account numbers, no names, no identifying information beyond what's needed to match a transaction to a spending category. The AI returns a category assignment, and we validate it before applying.
In all cases, the system prompt explicitly instructs the AI not to provide investment advice, and the tools available to the model are limited to read-only operations on your own data. Other AI-powered features follow the same principles: send only what's needed, isolate per user, restrict to read-only.
Automatic context management
AI models have a limited context window — the amount of text they can process in a single conversation. For long conversations, you want the AI to remember what you discussed, but you don't want to keep re-sending your entire history with every message.
Savyy handles this with automatic summarization. When a conversation reaches 70% of the model's context capacity, older messages get compressed into a summary. Only the last 10 messages are kept in full. The summary captures the gist without retaining raw financial details verbatim.
There's a privacy side effect: older messages aren't repeatedly sent to the AI. Once summarized, the original messages only exist in our database (which you control through your account), not in ongoing AI requests.
Provider failover without privacy trade-offs
Savyy configures multiple AI providers with a preference order. If the primary provider is down or slow, the system falls back to the next one. The ZDR flag applies to all of them — the fallback never bypasses the data retention policy.
If no provider can serve the request with ZDR compliance, you get an error rather than a response routed through an unchecked provider. We'd rather show you a temporary error than quietly send your financial data to a provider without a data retention agreement.
What we don't do
A few things we deliberately avoid:
- We don't train models on your data. ZDR means your prompts and responses aren't used for model training by the providers. Savyy itself doesn't fine-tune or train any models on user data either.
- We don't log full AI conversations in our error tracker. If something goes wrong, we log the error with your user ID and conversation ID for debugging — not the actual content of your messages.
- We don't let the AI make decisions. The assistant provides information and analysis. It can't move money, change settings, or execute transactions. All tool calls are read-only.
The short version
Your financial data passes through AI models, but it doesn't stay there. Every request enforces zero data retention at the gateway and provider level. Model selection is server-side only. User data is isolated per account. And the system is built to fail safely, preferring errors over privacy shortcuts.
Questions about how your data is handled? Reach out at contact@savyy.net.