Privacy Policy

Last updated: 6/23/2025

1. Introduction

This Privacy Policy describes how we collect, use, and protect your personal information when you use our financial management application ("Service"). We are committed to protecting your privacy and ensuring the security of your personal and financial data.

2. Information We Collect

2.1 Personal Information

  • Email address and name for account creation
  • Authentication credentials
  • Profile information you choose to provide

2.2 Financial Information

  • Bank account information accessed through Plaid
  • Transaction data from connected accounts
  • Income and expense records you create
  • Financial goals and budgets you set

2.3 Usage Information

  • Log data including IP addresses and browser information
  • Device information and operating system
  • Usage patterns and feature interactions
  • Error reports and performance data

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process and categorize your financial transactions
  • Generate financial insights and reports
  • Improve and optimize the Service
  • Communicate with you about your account
  • Ensure the security of your account and data
  • Comply with legal obligations

4. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

  • Plaid for bank account integration and transaction data
  • Supabase for authentication and database services
  • Cloud hosting providers for infrastructure

4.2 Legal Requirements

  • When required by law or legal process
  • To protect our rights or the rights of others
  • To prevent fraud or illegal activities

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit and at rest
  • Secure authentication protocols
  • Regular security audits and monitoring
  • Access controls and authorization mechanisms
  • Secure third-party integrations (Plaid, Supabase)

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion Policy

6.1 Retention Periods

We maintain a comprehensive data retention policy that complies with applicable data privacy laws including GDPR, CCPA, and financial regulations. We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Account Information: Retained until you delete your account, then permanently deleted within 30 days
  • Financial Transaction Data: Retained for the duration of your account plus 7 years as required by financial record-keeping regulations, then automatically purged
  • Authentication Data: Retained until account deletion, then immediately purged
  • Usage Logs and Analytics: Retained for up to 2 years for security monitoring and service improvement, then automatically deleted
  • Support Communications: Retained for 3 years after the last interaction, then deleted
  • Marketing Consent Records: Retained until consent is withdrawn plus 1 year for compliance purposes

6.2 Automated Deletion

We have implemented automated systems to ensure data is deleted according to our retention schedule:

  • Automated purge processes run monthly to delete data past retention periods
  • Secure deletion methods ensure data cannot be recovered
  • Backups are also purged according to the same retention schedule
  • Third-party service providers are contractually required to delete data per our retention policy

6.3 Data Deletion Rights

You have the right to request deletion of your personal data at any time, subject to legal retention requirements:

  • Immediate Deletion: Account information, preferences, and non-financial data
  • Scheduled Deletion: Financial data subject to 7-year retention requirements will be flagged for deletion and purged when legally permissible
  • Verification Process: We verify deletion requests to prevent unauthorized data removal
  • Confirmation: You will receive confirmation when deletion is complete

6.4 Legal Holds and Exceptions

Data deletion may be suspended in the following circumstances:

  • Active legal proceedings or investigations
  • Regulatory compliance requirements
  • Fraud prevention and security investigations
  • Tax and financial reporting obligations

6.5 Policy Review and Updates

This data retention and deletion policy is reviewed and updated annually or when:

  • Data privacy laws change
  • Business requirements evolve
  • New data types are collected
  • Third-party integrations are added or removed

Last Policy Review: June 2025

7. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Withdraw consent for data processing
  • Export your data in a portable format
  • Disconnect bank accounts and revoke Plaid access

To exercise these rights, please contact us through the application's support channels.

8. Third-Party Services

8.1 Plaid

We use Plaid to connect to your bank accounts. Plaid's privacy policy governs their collection and use of your information. By connecting your bank accounts, you agree to Plaid's privacy policy and terms of service.

8.2 Supabase

We use Supabase for authentication and database services. Supabase's privacy policy governs their handling of your data.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze usage patterns
  • Improve Service performance

You can control cookies through your browser settings, but disabling cookies may limit Service functionality.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through the application's support channels. We will respond to your inquiry within a reasonable timeframe.

14. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (note: we do not sell personal information).