Privacy Policy

Last updated: April 2026 — draft, not yet in effect.

Data we collect

  • Identity & profile — name, email address, Google account ID, and profile image from Google OAuth sign-in.
  • Financial data — account balances, transactions, and liabilities fetched via Plaid once you connect an institution. Access tokens are encrypted at rest (AES-256-GCM) and never sent to your browser.
  • AI conversations — messages you send to the built-in AI assistant and the assistant's responses are stored to maintain conversation context.
  • Technical — session tokens, server-side logs needed for operation. We do not log raw financial payloads or personal data in application logs.

How we use your data

Solely to operate the service: displaying your financial picture, running projections, and powering the AI assistant. We do not sell your data.

Subprocessors

Third-party services that process data on our behalf are listed at /subprocessors.

Retention & deletion

You can delete your account and all associated data at any time from Settings. Financial data is retained for your account lifetime or 7 years maximum, whichever is shorter.

A complete Privacy Policy will be published before public launch. For questions, contact the operator directly.