Aimplifi

Privacy Policy

Last updated

Aimplifi is a personal-finance app that helps you see exactly how much money you need, and by when, to pay every card in full. This policy explains what the app stores, what it never stores, who it shares data with, and how you can export or permanently delete everything. It is written to be GDPR/CCPA-minded. In demo mode the app runs entirely on a seeded, fictional dataset — no real financial data is involved until you create an account and connect a bank.

What we store

When you connect a financial institution, the app stores only the data its features need:

  • Account metadata: institution name, account name, account type, and the mask — the last 4 digits only. Full account numbers are never requested, stored, or displayed.
  • Transactions, statements, balances, and scheduled/recurring items — the data the cash-needed, budgeting, and forecasting engines run on.
  • Provider access tokens (Plaid or SimpleFIN), AES-256-GCM encrypted at rest. Tokens are never logged and never sent to your browser.
  • Your settings: email, a salted password hash (for email sign-in), and your planning assumptions (wage, return and withdrawal rates, money dials).
  • An audit log of sensitive actions — sign-in, data exports, goal/budget/rule changes, sync runs, bank link/unlink, and account deletion — so account activity is accountable.

All money is stored as integer cents, and all balances are stored as positive numbers; the account type determines whether a balance counts as an asset or a liability.

What we never collect or store

Some data simply never enters the system:

  • Your bank username or password. Credentials go directly to Plaid Link (or SimpleFIN) and never touch our servers.
  • Full card or account numbers — only the last-4 mask is ever kept.
  • Social Security numbers or other government identifiers.
  • Plaid public tokens — these are exchanged for an encrypted access token immediately and discarded.

How your data is protected

  • Encryption at rest: provider access tokens (and the SimpleFIN access URL, which carries credentials) are AES-256-GCM encrypted with a key held only in the server environment.
  • Encryption in transit: when deployed (e.g., on Vercel), all traffic is served over HTTPS/TLS.
  • Access control: the app sits behind session middleware, and every server action re-verifies your session and scopes every database query to your own user id — you can only ever read or change your own data.
  • Hardened headers: a strict Content-Security-Policy (no third-party analytics or advertising scripts), X-Frame-Options DENY, nosniff, and a strict referrer policy.
  • Rate limiting on authentication and data-export endpoints to blunt abuse.
  • Secrets (encryption key, provider credentials) are supplied only through environment variables, never committed to the codebase.

Who we share data with

We do not sell your data, and the app shows no ads and loads no third-party tracking scripts. Data is shared only with the service providers that make features work:

  • Plaid or SimpleFIN — to securely connect your accounts and retrieve balances, transactions, and liabilities. You authorize the connection yourself, and you can revoke it at any time.
  • Optional AI categorization (off unless an AI key is configured): to label an unrecognized transaction, only that transaction’s descriptor and amount are sent to the configured model provider — never your name, email, account numbers, or balances. For typed questions, only your question text is sent, to route it to a feature. With no AI key, nothing leaves the app and a deterministic fallback is used instead.
  • Hosting (e.g., Vercel) — the infrastructure the app runs on.

How long we keep it

Your data is kept only while your account exists. There is no resale and no fixed expiry timer: data persists so the product works, and is removed when you delete your account. Deleting your account erases everything and revokes any linked bank access token at the provider (see below). In demo mode the sample dataset can be recreated at any time by reseeding.

Your rights — export and deletion

Your data is yours. From Settings you can:

  • Export your transactions (CSV) and net worth (CSV or PDF) at any time.
  • Permanently delete everything via Settings → “Delete my data”. The destructive action is gated behind a typed confirmation and shows exactly what will be removed.

Deletion runs in three steps: (1) you confirm by typing the exact phrase; (2) any linked Plaid item has its access token revoked at Plaid; (3) your user record is deleted, which cascades to every related row — accounts, transactions, statements, payments, scheduled items, balance snapshots, rules, corrections, recurring series, goals, budgets, linked items, and the audit log itself. Nothing about you is retained, and the action is irreversible.

Contact and changes

Questions about this policy, or a request related to your data, can be sent to michael.lee.p@gmail.com.

This policy is reviewed whenever the app’s data handling changes, and at least annually. The “last updated” date at the top of this page reflects the most recent review.