Privacy Policy

We collect information you provide directly when you create an account or use our services:

• ▸ Account information: name, email address, and password
• ▸ Financial data you enter: debts, assets, income sources, expenses, account balances, tax profiles, and investment plans
• ▸ Connected bank data: account names, balances, and transaction history obtained via Plaid when you choose to link financial institutions
• ▸ AI Advisor conversations: messages exchanged with the AI financial advisor feature
• ▸ Uploaded documents: financial documents processed via Smart Upload (pay stubs, statements, etc.)
• ▸ Usage data: log data, browser type, IP address, and pages visited

We use the information we collect to:

• ▸ Provide, maintain, and improve your financial dashboard and planning tools
• ▸ Calculate and display net worth, debt payoff projections, cash flow analysis, and investment tracking
• ▸ Synchronize account balances and transactions from linked financial institutions
• ▸ Power AI-driven financial advice and document analysis based on your data
• ▸ Send you technical notices, security alerts, and support messages
• ▸ Respond to your requests and inquiries

MoneyFly integrates with the following third-party services:

You can disconnect linked bank accounts at any time from your Settings page, which revokes Plaid's access to those accounts.

We may share your information only in the following limited circumstances:

• ▸ With Plaid to retrieve your financial data at your direction
• ▸ With Anthropic to process AI Advisor requests you initiate
• ▸ With infrastructure and payment providers who assist in operating our service (AWS, Stripe)
• ▸ To comply with legal obligations, court orders, or protect our rights
• ▸ With your consent or at your explicit direction

We take the security of your financial data seriously and implement multiple layers of protection:

• ▸ Encryption in transit: All data is transmitted over TLS (HTTPS)
• ▸ Encryption at rest: Sensitive fields — including account names, institution names, account numbers, employer names, transaction details, AI conversations, and personal notes — are encrypted at the application level before being stored in the database
• ▸ Two-factor authentication: Optional TOTP-based 2FA is available for all accounts
• ▸ Password requirements: Minimum 12 characters with mixed case, numbers, and breach database screening
• ▸ No credential storage: Bank login credentials are handled entirely by Plaid and never pass through our servers

No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

srvAudit LLC maintains a formal data retention and deletion policy that is reviewed annually and updated as needed to comply with applicable data privacy laws including CCPA and relevant state regulations.

6.1 Retention Periods

• ▸ Active account data: All financial data (debts, assets, income, expenses, accounts, tax profiles, investment plans) is retained for the lifetime of the active account to provide ongoing services
• ▸ Historical snapshots: Net worth snapshots and trend data are retained for the lifetime of the active account to power analytics dashboards and financial tracking
• ▸ AI Advisor conversations: Chat history is retained until the user manually clears it via Settings, or until account deletion
• ▸ Plaid bank connection data: Account balances and transaction history are retained while the bank connection is active. Users may disconnect institutions at any time, which revokes access and stops further data collection
• ▸ Payment records: Stripe subscription and billing records are retained for the duration required by tax and accounting obligations (typically 7 years) or until account deletion, whichever is longer
• ▸ Server logs: Application logs containing IP addresses and usage data are retained for up to 90 days for security and debugging purposes, then automatically purged

6.2 Account Deletion

You may request deletion of your account and all associated data at any time by contacting us at [email protected]. Deletion requests are processed within 30 days. Upon account deletion:

• ▸ All financial data, snapshots, AI chat history, tax profiles, and uploaded documents are permanently and irreversibly deleted from our database
• ▸ All connected bank account links are revoked via Plaid's API
• ▸ Stripe customer profile, subscription, and stored payment methods are deleted
• ▸ Encrypted data in database backups is rendered inaccessible as backups rotate out (maximum 30-day retention for automated backups)

6.3 Inactive Accounts

Accounts with no login activity for 24 consecutive months may be flagged for deletion. We will attempt to notify the account holder via email at least 30 days before any data is removed. Users may reactivate their account by logging in during this notice period.

6.4 Policy Review

This data retention and deletion policy is reviewed at least annually by srvAudit LLC leadership to ensure continued compliance with applicable data privacy laws and industry best practices. The effective date at the top of this page reflects the most recent review.

Depending on your location, you may have rights regarding your personal information, including:

• ▸ Access to your personal data
• ▸ Correction of inaccurate data
• ▸ Deletion of your data
• ▸ Data portability
• ▸ Objection to processing

To exercise any of these rights, please contact us at the email address below.

We obtain explicit consent for the collection, processing, and storage of your data at the following points:

You may withdraw consent at any time by deleting your account, disconnecting linked institutions, or ceasing use of specific features. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal.

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use our service. These are essential for the operation of the application and are not used for advertising or tracking purposes.

MoneyFly is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of MoneyFly after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: