Privacy Policy

1. Introduction

Wise Steward (“we,” “our,” or “us”) operates the website and application at wisesteward.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your personal and financial information. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. We use Clerk, Inc. as our authentication provider to securely manage your login credentials.

2.2 Financial Data

When you connect your financial accounts through our Service, we use Plaid, Inc. (“Plaid”) to securely access your financial data. This may include:

• Bank account information (account names, balances, and types)
• Transaction history (dates, amounts, merchants, and categories)
• Investment holdings and balances (brokerage accounts, IRAs, 401(k)s)
• Income information
• Account and routing numbers (for account verification only)

Your financial institution login credentials are never stored on our servers. Plaid handles all connections to your financial institutions using bank-level AES-256 encryption. For more information about how Plaid handles your data, please visit Plaid's Privacy Policy.

2.3 Payment Information

We use Stripe, Inc. (“Stripe”) to process subscription payments. We do not store your credit card numbers, bank account numbers, or other payment method details on our servers. Stripe's collection and use of your data is governed by Stripe's Privacy Policy.

2.4 Receipt and Document Data

If you use our receipt scanning feature, we process images of receipts you upload using AI-powered optical character recognition (OCR). The extracted data (merchant, date, items, amounts) is stored in your account. Receipt images are stored securely using Amazon Web Services (AWS) S3 with encryption at rest.

2.5 Usage Data

We automatically collect certain information when you use the Service, including your IP address, browser type, device information, pages visited, and the dates/times of your visits.

2.6 AI Interactions

When you use our AI-powered features (chat assistant, transaction categorization, financial insights), your queries and relevant financial context are processed by Anthropic, PBC's AI models. We send only the minimum data necessary to provide the requested functionality. Anthropic does not use your data to train their models.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Sync and display your financial account data
• Categorize transactions and generate budgets
• Provide AI-powered financial insights and recommendations
• Process receipt scans and organize expense data
• Process subscription payments
• Send you service-related communications
• Detect, prevent, and address technical issues or fraud
• Comply with legal obligations

We will never sell your personal or financial data to third parties.

4. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption
• Financial institution credentials are handled exclusively by Plaid and are never transmitted to or stored on our servers
• Plaid access tokens are encrypted using AES-256-GCM before storage
• Payment processing is handled by PCI-DSS compliant Stripe
• We conduct regular security reviews of our infrastructure and code

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Third-Party Service Providers

We share your information with the following third-party providers who assist in operating our Service:

• Plaid, Inc. — Financial account connectivity and data aggregation
• Stripe, Inc. — Payment processing and subscription management
• Clerk, Inc. — User authentication and account management
• Anthropic, PBC — AI-powered features (categorization, insights, chat)
• Amazon Web Services (AWS) — Cloud infrastructure and secure file storage
• Vercel, Inc. — Website hosting and delivery
• Railway Corp. — Application server and database hosting

Each provider is contractually obligated to protect your data and may only use it to perform services on our behalf.

6. Data Retention

We retain your personal and financial data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes.

You may request deletion of your account and associated data at any time by contacting us at privacy@wisesteward.app.

7. Your Rights

7.1 All Users

Regardless of your location, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Disconnect your financial accounts at any time

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

7.3 European Economic Area Residents (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to restrict processing, and the right to object to processing. Our legal basis for processing your data is the performance of our contract with you (providing the Service) and your consent.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

9. Cookies and Tracking

We use essential cookies required for the Service to function (authentication, session management). We do not use third-party advertising cookies or tracking pixels.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

• Email: privacy@wisesteward.app
• Address: Wise Steward, Post Falls, Idaho, United States