Privacy Policy

1. Information We Collect

We collect information you provide directly:

• Account Information: Email, name, password (hashed)
• Financial Data: Account balances, transactions, investment holdings (via Plaid)
• Manual Entries: Assets, liabilities, notes you add
• Usage Data: How you use the app (anonymized analytics)

2. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Calculate your net worth and financial analytics
• Send you notifications and updates
• Improve our Service through anonymized analytics
• Prevent fraud and ensure security
• Comply with legal obligations

We never: Sell your data to third parties, use your data for advertising, or share your financial details without your consent.

3. Data Sharing and Third Parties

We share your data only with trusted service providers:

• Plaid: Financial account aggregation (bank-level security, SOC 2 certified)
• Stripe: Payment processing (PCI DSS Level 1 certified)
• Resend: Transactional email delivery (e.g., password resets, notifications)
• Supabase: Authentication services (SOC 2 Type II certified)
• Sentry: Error monitoring (anonymized error logs only)
• Vercel: Hosting and infrastructure (SOC 2 certified)

All service providers are bound by strict confidentiality agreements and comply with GDPR, CCPA, and other privacy regulations.

4. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of all your data (export as CSV/PDF)
• Correction: Update or correct your information anytime
• Deletion: Delete your account and all data (permanent, 30-day retention for backups)
• Portability: Export your data in machine-readable format
• Objection: Opt out of analytics tracking
• Withdraw Consent: Revoke permissions at any time

To exercise any rights: privacy@novanetworth.com

5. Security Measures

We protect your data with:

• AES-256 Encryption: Industry-standard encryption for all stored data
• TLS/SSL: Encrypted connections for all data in transit
• No Credential Storage: We never store your bank login credentials
• Encrypted Tokens: Plaid access tokens encrypted with AES-256-GCM
• Regular Security Audits: Third-party penetration testing
• Access Controls: Strict internal access policies

6. Data Retention

We retain your data as follows:

• Active accounts: As long as your account is active
• Deleted accounts: Permanently deleted within 30 days (backup retention)
• Logs and analytics: Aggregated, anonymized data for 90 days

7. Cookies and Tracking

We use minimal cookies:

• Essential cookies: Authentication and session management (required)
• Preference cookies: Remember your theme and settings
• Analytics cookies: Google Analytics for usage patterns (optional)

You can disable analytics cookies in your browser settings or through our cookie consent banner. Essential cookies are required for the app to function.

8. International Users

Nova complies with GDPR (EU), CCPA (California), and other privacy regulations. Your data is stored on servers in the United States. By using Nova, you consent to this data transfer and storage.

9. Children's Privacy

Nova is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us immediately at privacy@novanetworth.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice in the app. Continued use of Nova after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns: