Back to Home

Your Security is Our Priority

We use bank-level security to protect your data. Here's exactly how we keep your information safe.

Data Encryption

256-bit AES Encryption

All your data is encrypted using the same standard used by banks and government agencies. This means your information is scrambled into an unreadable format that only authorized systems can decode.

TLS 1.3 in Transit

Every piece of data moving between your device and our servers is protected with the latest Transport Layer Security protocol. This creates a secure tunnel that prevents anyone from intercepting your information.

Encrypted at Rest

When your data is stored on our servers, it remains encrypted. Even if someone gained physical access to our servers, they couldn't read your information without the encryption keys.

Plaid Integration

We partner with Plaid, the industry leader in secure financial data connections. Plaid is trusted by millions of users and powers apps like Venmo, Coinbase, and Robinhood.

We Never See Your Credentials

Your bank username and password are entered directly into Plaid's secure interface. We never have access to your login credentials—not even for a moment.

Read-Only Access

Spendalyst can only view your transaction data. We cannot move money, make payments, or change anything in your bank account. It's like looking through a window—we can see, but we can't touch.

Bank-Level Security

Plaid undergoes regular security audits and is SOC 2 Type II certified. This means their security practices are independently verified to meet the highest industry standards.

Disconnect Anytime

You can disconnect your bank account from Spendalyst at any time, directly from your dashboard. When you disconnect, we stop receiving new data immediately.

About Plaid: Plaid connects your bank account to apps you use. They work with over 11,000 financial institutions and power financial connections for millions of people. Learn more at plaid.com

Privacy Policies

What We Collect

  • Transaction data (merchant name, amount, date, category)
  • Account balances (to provide accurate insights)
  • Email address (for account access and notifications)

What We Never Collect

  • Your bank login credentials
  • Your Social Security number
  • Your account or routing numbers

How We Use Your Data

  • To analyze your spending patterns and provide insights
  • To detect subscriptions and recurring charges
  • To generate personalized recommendations
  • To send you weekly insights (if opted in)

What We Never Do

  • Sell your data to third parties
  • Share your data with advertisers
  • Use your data for anything other than helping you

Your Rights

Access Your Data

Request a copy of all the data we have about you at any time.

Delete Your Data

Request complete deletion of your account and all associated data.

Disconnect Anytime

Unlink your bank accounts instantly from your dashboard settings.

Cancel Anytime

No contracts, no hidden fees. Cancel your subscription whenever you want.

Common questions about your data

Can Spendalyst move money out of my bank account?

No. Plaid gives us read-only access. We can see your transactions but we cannot initiate any transfer, payment, or withdrawal. This is enforced at the Plaid layer — even if we wanted to, the technical capability does not exist.

What happens to my data if I delete my account?

Everything is permanently removed within 24 hours. Your transactions, insights, profile, and Plaid connection are all deleted. We keep only the minimum required for legal and tax records, which is your billing history for seven years.

Does Spendalyst sell my financial data?

Never. Our business model is the $10.99 subscription. We do not sell, rent, or share your financial data with advertisers, data brokers, or anyone else.

Where is my data stored?

On Supabase infrastructure in the United States, encrypted at rest and in transit. Payment data is held by Stripe, which is SOC 2 Type II certified. We do not store credit card numbers on our own servers.

What if there's a data breach?

We follow industry-standard incident response practices. If a breach affects your data, we will notify you by email within 72 hours of discovery, as required by applicable law.

Have Questions?

We're happy to answer any questions about how we protect your data.

Contact Our Security Team