Privacy Policy

1. Scope

This Privacy Policy explains how DueBop collects, uses, stores, protects, and deletes personal and financial data when you use the app.

2. Data we collect

We collect account profile data (such as name and email), authentication data (hashed password and login/session metadata), workspace and plan details, billing metadata, and user-entered financial records including bills, budgets, goals, income sources, and transactions.

3. Financial and imported data

If you link accounts through an account-link provider, we store normalized account and transaction data and institution linkage metadata required for syncing. Provider access tokens are handled through the app's account-link helpers and must remain encrypted. If you upload statement files, we process them to extract normalized, redacted financial facts for review instead of keeping full statements as the permanent product record.

4. Advisor and AI-related data

DueBop includes deterministic insights and may include AI-assisted advisor features. We do not claim live AI analysis when an insight is generated from rules or calculations. Sensitive financial data such as full account numbers, routing numbers, card numbers, names, addresses, or raw statement files should not be sent to AI services.

5. Support and communications

We store support-related messages and account-security communications (such as verification or password-reset events) needed to operate and secure your account.

6. How we use data

We use data to provide core budgeting and cash flow features, authenticate users, maintain security, process subscriptions, support synchronization, generate insights, and improve reliability and product performance.

7. Data sharing

We share data with service providers that help operate DueBop, such as infrastructure, authentication, payments, email delivery, and account-link providers. We do not sell your personal information for money.

8. Security practices

We use safeguards intended to protect personal data, including access controls, encryption in transit where supported, and encrypted handling for linked-account tokens. No system can guarantee absolute security, and you are responsible for maintaining account credential security.

9. Data retention and deletion

We retain data as needed to provide the service, meet legal obligations, resolve disputes, and enforce agreements. You may request account deletion in app settings. Deletion requests are processed according to operational and legal retention requirements, which may require retaining limited records for security, compliance, billing, or fraud prevention.

10. Your choices

You can update profile information, manage linked accounts, and close your account from settings. Depending on your location, you may have additional privacy rights under applicable law.

11. Changes to this policy

We may update this Privacy Policy over time. If we make material changes, we will update the version and date on this page and may provide additional notice in the app.

Third-party providers

DueBop uses third-party services for account linking and payment processing, including Plaid, Teller, and Stripe. If you use those features, your information may also be handled under those providers' terms and privacy notices.

• Plaid legal and privacy information: https://plaid.com/legal/
• Teller end user terms: https://teller.io/legal/user/terms
• Teller end user privacy policy: https://teller.io/legal/user/privacy
• Stripe legal and privacy information: https://stripe.com/legal