Privacy Policy
Effective: April 14, 2026 · Last updated: April 14, 2026
FinContext LLC ("FinContext," "we," "us," or "our") takes privacy seriously. This Privacy Policy describes the information we collect, how we use it, and the choices you have. By using FinContext, you agree to the terms of this policy.
1. Information We Collect
Account Information
Email address, display name, and a hashed password. We never store your password in plaintext.
Financial Data (via Plaid)
When you link a bank account, Plaid provides us with read-only access to account names, types, balances, and transaction history. We never see or store your bank username or password. Plaid provides an encrypted access token that we use to refresh data on your behalf.
Payment Data (via Stripe)
Subscription payments are processed by Stripe. Stripe holds
your card data; we receive only a Stripe customer ID, a
subscription ID, and the subscription status (for example,
trialing,
active,
past_due,
canceled).
We do not collect or receive card numbers, last-4 digits,
card brand, expiry dates, or any other card metadata from
Stripe.
Usage Data
Server logs hosted on Google Cloud Platform record requests to the service, including IP addresses, user agents, and timestamps. Logs are used for security monitoring and debugging.
Cookies
We use two first-party functional cookies: a session cookie for authentication and a CSRF token cookie for security. We do not use analytics, advertising, or third-party tracking cookies. See our Cookie Notice for details.
Waitlist Email
If you attempt to sign up from outside the United States, we offer an optional waitlist form. If you submit your email, we store only that email address and the submission timestamp. We use it solely to notify you if FinContext becomes available in your region. We retain waitlist emails until you request deletion or until FinContext launches in your region, whichever comes first; emails from regions where FinContext does not launch are purged within 30 days of that decision. You can request deletion at any time by emailing [email protected].
2. How We Use Information
- Provide the service, including displaying your finances to you and to AI assistants you authorize
- Process subscription payments through Stripe
- Send transactional email (account verification, password reset, subscription changes, security alerts)
- Monitor for abuse, fraud, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not share it with third parties for advertising. We do not train AI models on your financial data.
3. Third-Party Services
Plaid
Plaid, Inc. provides the bank linking and data access layer. Plaid receives the credentials you provide when linking a bank, and returns an encrypted access token to FinContext. See Plaid's privacy policy for their data handling practices.
Stripe
Stripe, Inc. processes payments and manages subscriptions. Stripe holds your full card data; FinContext receives only a Stripe customer ID, a subscription ID, and subscription status. See Stripe's privacy policy.
Google Cloud Platform
FinContext runs on Google Cloud Run and uses Google-managed infrastructure services for hosting, logging, and secret management. See Google Cloud's privacy page.
Neon (Database Hosting)
Our PostgreSQL database is hosted by Neon, Inc. Neon stores your account information, encrypted Plaid access tokens, and financial data (balances, transactions, categories). All data is encrypted at rest by Neon's infrastructure. See Neon's privacy policy.
Resend (Email Delivery)
Transactional emails (account verification, password reset, subscription changes, security alerts) are delivered by Resend, Inc. Resend receives your email address and the content of transactional messages. See Resend's privacy policy.
AI Assistants (via MCP)
You may authorize AI assistants (such as Claude or ChatGPT) to access your FinContext data via the Model Context Protocol. Access to your bank data is read-only: AI assistants cannot move money, initiate transfers, or modify your bank accounts in any way. Agents you authorize may update transaction labels (merchant name and category overrides) that FinContext stores separately from bank data, and which do not propagate back to your bank. When you authorize an assistant, your queries and the data returned are processed according to that assistant's privacy policy. You control which assistants have access and can revoke access at any time from your account settings.
4. Plaid End User Privacy Policy
FinContext uses Plaid to securely connect to your financial institutions. Plaid is a data access network. When you use Plaid to link an account, Plaid collects the credentials you provide, account and transaction data from your financial institution, and device information. Plaid does not sell your personal data.
For full details on how Plaid collects, uses, and protects your information, see Plaid's End User Privacy Policy.
5. Data Retention & Deletion
We retain your financial data for as long as your account is active. When you unlink a bank account, the associated access token is deleted and we stop fetching new data for that account.
When you delete your account from account settings, we delete your account information, Plaid access tokens, and financial data. Stripe retains payment records as required by financial regulations. Server logs are retained for up to 30 days for security and debugging purposes, after which they are automatically purged by our cloud provider.
6. Security
We protect your data with multiple layers of security:
- Sensitive credentials (such as Plaid access tokens) are encrypted at the application level before storage
- All data is encrypted at rest by our cloud infrastructure provider
- All data in transit is encrypted with TLS
- Bank data access is read-only; the service cannot initiate transfers or payments
- Database access is restricted by role and scoped per user
- We never store your bank password or full credit card number
For more details on our security practices, see the Security page. No system is completely secure; we will notify you if we become aware of a breach affecting your data.
7. Your Privacy Rights (CCPA/CPRA)
California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Residents of other states may have similar rights under their state's privacy laws.
Right to Know
You can request a copy of the personal information we have about you, including what we collect, where it came from, and who we share it with.
Right to Delete
You can request deletion of your personal information. Most deletion can be performed directly from your account settings; you can also request deletion via email.
Right to Opt Out of Sale
We do not sell personal information, so there is nothing to opt out of.
Right to Correct
You can request correction of inaccurate personal information we hold about you, such as your email address or display name. Financial data (balances and transactions) is sourced from your bank via Plaid and cannot be corrected by FinContext; contact your financial institution for corrections to that data.
Right to Non-Discrimination
We will not deny service, charge different prices, or provide a different quality of service because you exercised your privacy rights.
How to Exercise Your Rights
Email [email protected] with the subject line "Privacy Request" and describe what you are requesting. We will verify your identity through the email address on your account and respond within 45 days. If we need more time, we will notify you in writing.
8. Do Not Track
We do not use tracking cookies, advertising cookies, or cross-site tracking of any kind. Because we do not track users across websites, we do not respond to browser "Do Not Track" signals.
9. International Users
FinContext accounts are available only to residents of the United States (see our Terms of Service). If you attempt to sign up from outside the United States, we offer an optional waitlist form. If you choose to submit your email address through that form, we store it solely to notify you if and when FinContext becomes available in your region, and we will delete it on request (see Section 7). We do not otherwise solicit personal data from individuals outside the United States, and our servers and data storage are located in the United States. By submitting your email from outside the United States, you consent to it being transferred to and processed in the United States.
10. Children's Privacy
FinContext is intended for users 18 years or older. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, contact us at [email protected] and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy as the service evolves. We will notify you by email at least 30 days in advance of material changes. The "Last updated" date at the top of this page always reflects the most recent revision.
12. Contact
Privacy questions or concerns? Email [email protected].
Ready to get started? Sign Up Free