Expense Planner Privacy Policy
Effective date: May 2, 2026 Last updated: May 2, 2026
Introduction
Expense Planner is a personal finance application available on iOS that helps users aggregate and review spending across the financial accounts they choose to link. This Privacy Policy describes the information we collect, how we use and share it, and the rights you have with respect to your data.
This policy applies to information collected by Expense Planner (also referred to as “we,” “our,” or “us”) through the iOS application and any related services (the “Service”). It applies whether you reside in the United States, the European Economic Area, the United Kingdom, Switzerland, or elsewhere; data is transferred to and stored in the United States as described below.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
Definitions
Personal Information — any information or set of information that identifies, or could reasonably be used to identify, an individual. Information that has been encoded, anonymized, or aggregated such that it can no longer be associated with an individual is not Personal Information.
Service Provider — any third party that processes Personal Information on our behalf and under our instructions, such as our backend infrastructure provider and our financial data aggregator.
Linked Account — a financial institution account (e.g., bank account or credit card) that you have authorized us to access via Plaid.
You — an individual end user of the Service.
Information We Collect
Information you provide directly
- Account credentials. Your email address and either your password (stored only as a salted bcrypt hash by our authentication provider, never in plaintext) or a Sign in with Apple identifier. If you elect Apple’s “Hide My Email” option, we receive only Apple’s anonymous private-relay address.
- User-generated content. Notes, category assignments, and any custom labels you apply to your transactions.
- Communications. The contents of any message you send to us for support.
Information we collect from Plaid
To deliver the Service’s core spending-aggregation functionality, we use Plaid Inc. (“Plaid”) as our financial data aggregator. When you link a financial account, you are taken to Plaid’s interface, where you provide your financial institution credentials directly to Plaid. We do not see, receive, or store your bank login credentials.
After Plaid authenticates with your financial institution on your behalf, we receive from Plaid:
- Account metadata: institution name, account name (e.g., “Checking”), account type, account mask (typically last four digits).
- Account balances: current and available balances for Linked Accounts.
- Transaction history: transaction date, description, amount, currency, and Plaid’s suggested category for each transaction.
- A Plaid item identifier and access token, which allow us to retrieve subsequent updates from Plaid for your Linked Accounts.
Your use of the Service is also subject to Plaid’s End User Privacy Policy.
Information collected automatically
- Device information. Device type, operating system version, and Service version, used solely for compatibility and diagnostic purposes.
- Diagnostic data. Crash reports and error logs delivered through Apple’s standard reporting framework. These do not contain Plaid access tokens, transaction descriptions, or account numbers.
- Aggregate usage metrics. Counts of feature use (e.g., daily sign-in counts) used to understand how the Service is performing. These metrics are not associated with individual identities or specific transactions.
How We Use Personal Information
We use Personal Information only for the following purposes:
- To provide, maintain, and improve the Service, including aggregating and displaying transactions and balances from your Linked Accounts.
- To authenticate you and protect your account from unauthorized access.
- To respond to your support requests and other inquiries.
- To detect, investigate, and prevent fraudulent or unauthorized activity.
- To comply with legal obligations and enforce our terms.
- To send you Service-related notices (e.g., security alerts, material policy changes).
We do not use your financial data for advertising, marketing profiles, or sale to third parties.
How We Share Personal Information
We share Personal Information only as described below:
| Recipient | Role | Information shared |
|---|---|---|
| Plaid | Financial data aggregator | Plaid item identifiers and access tokens required to maintain your Linked Accounts |
| Supabase | Backend infrastructure (database, authentication, server-side functions) | All Service data is stored in our Supabase project |
| Apple | App distribution and Sign in with Apple authentication | Your Apple ID (or anonymous relay address if you elect “Hide My Email”) |
Each Service Provider is contractually obligated to protect your information and to use it only for the purposes for which we engaged them.
We may also disclose Personal Information where required to do so by law, valid legal process, or to protect the rights, property, or safety of Expense Planner, our users, or others.
If Expense Planner is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; we will notify you in advance where reasonably practical.
We do not sell your Personal Information. We do not rent or trade Personal Information to third parties for their marketing or advertising purposes. This includes the categories of Personal Information defined under the California Consumer Privacy Act.
Data Retention and Deletion
- We retain your account information and transaction history for as long as your account remains active.
- You may delete your account at any time from within the Service (Settings → Delete Account). Upon deletion we permanently remove your account information, Plaid access tokens, and transaction history from our active production database within seven (7) days. Plaid access tokens are revoked with Plaid as part of the deletion.
- Backups containing the deleted data age out per our backup retention schedule (currently up to seven days for daily database snapshots).
- We may retain a minimal record of your account having existed (e.g., a hashed user identifier) where required to comply with legal, tax, or fraud-prevention obligations.
Data Security
We implement physical, administrative, and technical safeguards designed to protect Personal Information, including:
- Encryption in transit: TLS 1.2 or higher on all connections between the iOS application, our backend, and Plaid.
- Encryption at rest: AES-256 on all data stored in our managed backend database.
- Access isolation: User data is isolated at the database level via Postgres row-level security policies.
- Administrative access: Production access is limited to the operator and protected by multi-factor authentication on all administrative consoles.
- On-device protection: Session tokens are stored in the iOS Keychain (encrypted using device-specific hardware keys); cached transaction data is protected by iOS data-protection.
You are responsible for protecting your account credentials and for the security of the device on which the Service is installed. No security measure is perfect; while we strive to protect your information, we cannot guarantee absolute security.
For additional detail on our internal security program, see our Information Security Policy.
Your Rights and Choices
All users
- Access the information associated with your account by viewing it within the Service.
- Correct inaccurate information by editing transactions, categories, and notes within the Service, or by contacting us.
- Delete your account and all associated data via Settings → Delete Account.
- Unlink financial accounts at any time via Settings → Accounts.
- Withdraw consent to ongoing data collection by deleting the Service and your account.
California residents
If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act grant you rights to:
- Know what Personal Information we have collected about you.
- Delete your Personal Information.
- Correct inaccurate Personal Information.
- Opt out of the sale or sharing of Personal Information. We do not sell or share Personal Information for cross-context behavioral advertising.
- Non-discrimination for exercising these rights.
To exercise these rights, contact us at the email address in the “Contact Us” section. We will verify your identity (typically by confirming control of the email address associated with your account) before responding.
European Economic Area, United Kingdom, and Switzerland
If you are located in the EEA, UK, or Switzerland, you have rights under the General Data Protection Regulation or equivalent law, including the rights to access, rectify, erase, restrict processing, object to processing, and data portability. The lawful bases on which we rely are your consent, the performance of our contract with you, and our legitimate interests in operating the Service. You also have the right to lodge a complaint with your local data protection supervisory authority.
Children’s Privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect Personal Information from children under 13. If we learn that we have collected Personal Information from a child under 13, we will delete it. Where the relevant minimum age in your jurisdiction is higher (for example, 16 in some EU member states), the equivalent restriction applies.
International Data Transfers
Expense Planner is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide an in-Service notice or send you an email. Your continued use of the Service after a change indicates your acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of the rights described above:
Email: wtang6@gmail.com (subject line: “Privacy”)
This Privacy Policy is provided in English. Any translation provided for convenience is non-binding; the English version controls in case of conflict.