Privacy Policy

1. Information We Collect

Information You Provide Directly

When you create an account or use the Services, we may collect:

• Account and registration information, such as your name and email address.
• Financial information you link or enter, including connected bank accounts, transactions, balances, account holdings, budgets, goals, and other financial data you provide (collectively, “Financial Information”).
• Payment information. Your subscription is processed through the Apple App Store or Google Play Store. We do not receive or store your full payment card details. Please review Apple’s and Google’s respective privacy policies for information on how they handle payment data.
• Communications you send us, such as support requests or feedback.

Information Collected via Financial Data Sources

To sync your financial accounts, we use Plaid, a trusted third-party financial data platform. When you connect a financial institution, Plaid securely retrieves your account balances, transactions, and holdings on our behalf. We do not receive or store your bank login credentials. By connecting a financial account, you also agree to Plaid’s Terms of Use and Privacy Policy, available at plaid.com/legal.

Automatically Collected Information

When you use the Services, we may automatically collect limited technical information, including:

• Device type, operating system, and app version.
• IP address and general location (city/region level).
• App usage data, such as features accessed, crash logs, and error reports, used solely to operate and improve the Services.

2. How We Use Your Information

We use your information only to provide and improve the Services. Specifically, we use it to:

• Create and maintain your account.
• Connect your financial accounts and display your Financial Information within the app.
• Power features such as budgeting, spending analysis, net worth tracking, and financial goals.
• Process your subscription and manage billing through Apple or Google.
• Provide customer support and respond to your inquiries.
• Detect and prevent fraud, security incidents, and abuse.
• Improve the functionality, performance, and reliability of the Services.
• Comply with applicable laws and legal obligations.

We do not use your Financial Information for advertising purposes, and we do not sell it to third parties.

Use of Artificial Intelligence

We use Anthropic, an AI platform, to power certain features within the Services (such as transaction categorization, financial insights, and conversational guidance). When you use these AI-powered features, your financial data—including transaction history—may be included in prompts sent to Anthropic to generate your response. We send only the minimum data needed for the feature you are using; we do not transmit your complete financial history with every prompt.

When your data is processed by Anthropic:

• Anthropic does not use your data to train its AI models.
• Anthropic retains your data for no more than 30 days for operational purposes, after which it is deleted.
• Anthropic processes your data solely to provide the feature you are using, under contractual confidentiality obligations.

Aggregate and De-Identified Data

We may create anonymized or de-identified data from information we collect. Because this data cannot reasonably be linked back to you, it is not subject to this Policy, and we may use or disclose it for any lawful business purpose, including analytics and product improvement.

3. How We Disclose Your Information

We do not sell your Financial Information. We may share your information only in the following limited circumstances:

Service Providers

We share information with trusted third-party vendors who help us operate the Services, including:

• Plaid (financial account connectivity)
• Supabase (database hosting and infrastructure)
• Anthropic (AI-powered features)
• Apple / Google (subscription and payment processing)

These vendors are permitted to use your information only to perform services on our behalf and are bound by confidentiality obligations.

Legal Requirements

We may disclose your information if required to do so by law, regulation, court order, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of Loftd, our users, or the public.

Business Transfers

If Loftd is involved in a merger, acquisition, financing, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice in the Services before your information becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you have given us your explicit consent to do so.

4. Third-Party Services

The Services integrate with third-party platforms whose privacy practices are governed by their own policies. We encourage you to review the privacy policies of:

• Plaid: plaid.com/legal/privacy-statement
• Anthropic: anthropic.com/privacy
• Apple: apple.com/legal/privacy
• Google: policies.google.com/privacy
• Supabase: supabase.com/privacy

Loftd is not responsible for the privacy practices of these third parties.

5. How We Protect Your Information

We implement industry-standard security measures to protect your information, including:

• AES-256 encryption for all data stored at rest.
• Transport Layer Security (TLS) for all data transmitted between your device and our servers.
• Row-level security at the database level, ensuring your data is only accessible to you.
• Biometric authentication (Face ID / Touch ID) support, with all biometric processing occurring on your device only.
• Strict internal access controls — your Financial Information is accessed by Loftd personnel only when necessary to provide support you have requested, or as required by law.

No method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable security measures, we cannot guarantee absolute security. If you have reason to believe your account has been compromised, please contact us immediately at support@loftd.app.

6. Data Retention

We retain your information for as long as your account is active or as necessary to provide the Services. When you delete your account, we will delete your Financial Information and associated account data from our systems within 30 days, except where we are required by law to retain certain records.

Anonymized or aggregated data that cannot be linked back to you may be retained indefinitely for analytics and product improvement purposes.

7. Your Rights and Choices

Access and Correction

You may access and update your account information at any time from within the app Settings.

Data Export

You may request a copy of your Financial Information and account data by contacting us at privacy@loftd.app.

Account Deletion

You may delete your account at any time by navigating to Settings > Account > Delete Account. Deleting your account will permanently remove all your data — including transactions, budgets, goals, and linked accounts — from our systems within 30 days. This action is irreversible. If you subscribed through Apple or Google, you must also cancel your subscription separately through the respective app store.

Disconnect Financial Accounts

You may disconnect any linked financial institution at any time from within the app. You may also revoke Plaid’s access to your accounts directly at my.plaid.com.

Communications

We send you transactional and service-related communications necessary to operate your account. You may not opt out of these communications while your account is active. We do not send marketing emails at this time.

8. Children’s Privacy

The Services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a minor, we will delete that information promptly. If you believe we may have collected information from a minor, please contact us at privacy@loftd.app.

9. U.S. State Privacy Rights

Depending on your state of residence, you may have certain rights regarding your personal information under applicable state privacy laws, including laws in California, Colorado, Connecticut, Virginia, Texas, and other states with comprehensive privacy legislation (collectively, “U.S. State Privacy Laws”).

These rights may include:

• The right to know what personal information we collect, use, and disclose about you.
• The right to access a copy of the personal information we hold about you.
• The right to correct inaccurate personal information.
• The right to request deletion of your personal information, subject to certain exceptions.
• The right to opt out of the sale or sharing of your personal information for targeted advertising. Note: Loftd does not sell or share Financial Information for targeted advertising purposes.
• The right not to be discriminated against for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@loftd.app. We will respond within the time period required by applicable law. We may need to verify your identity before processing certain requests.

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not sell your personal information. We do not share your Financial Information for cross-context behavioral advertising. To submit a request or learn more about your California privacy rights, contact us at privacy@loftd.app.

Appealing a Denied Request

If we deny your privacy rights request, you may appeal by contacting us at privacy@loftd.app with the subject line “Privacy Rights Appeal.” We will respond within the time period required by your state’s applicable law. If your appeal is denied, you may contact your state’s Attorney General.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Effective Date” at the top of this Policy and, where appropriate, by sending you an in-app notification or email. Your continued use of the Services after any such changes constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

• Privacy requests and data rights: privacy@loftd.app
• General support: support@loftd.app

We will respond to all inquiries within a reasonable time and within any period required by applicable law.