At Envelup ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our budgeting application and services.

Information You Provide to Us:

• Account Information: Email address, password (encrypted), and name
• Financial Data: Budget information, transactions, debt details, net worth data, and subscription information you manually enter
• Communication Data: Messages you send us through contact forms or email

Information from Third Parties:

• Plaid: When you connect your bank accounts through Plaid, we receive transaction data, account balances, and account information. We do not receive or store your bank login credentials.

Automatically Collected Information:

• Usage Data: Log data, session information, and how you interact with our services
• Device Information: Browser type, operating system, and IP address

We use the information we collect to:

• Provide, maintain, and improve our budgeting services
• Process and display your financial transactions and budgets
• Send you account verification emails and password reset links
• Respond to your inquiries and provide customer support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our Terms of Service
• Send important service announcements and updates (not marketing)

We do not sell your personal information.

We may share your information only in the following circumstances:

• Service Providers: We use trusted third-party services like Plaid (banking connections), Resend (email delivery), and AWS (hosting)
• Legal Requirements: If required by law, court order, or governmental authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
• With Your Consent: When you explicitly authorize us to share specific information

We implement industry-standard security measures to protect your information:

• All passwords are encrypted using bcrypt hashing
• Data transmission is encrypted using HTTPS/TLS
• Bank connections are secured through Plaid's encrypted APIs
• We never store your bank login credentials
• Database access is strictly controlled and monitored
• Email verification is required for new accounts

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

You have the following rights regarding your personal information:

• Access: You can access and review your personal information at any time through your account
• Update: You can update your account information in your profile settings
• Delete: You can request deletion of your account from your user profile page
• Export: You can request a copy of your data by contacting us
• Disconnect Banks: You can disconnect bank accounts at any time

We retain your personal information for as long as your account is active or as needed to provide you services. When you delete your account, we retain your data for 30 days in case you change your mind. After 30 days, your data is permanently and irreversibly deleted from our servers.

We may retain certain information for longer periods if required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

Plaid: We use Plaid to connect to your bank accounts. Plaid's privacy policy governs their collection and use of information. Learn more at plaid.com/legal.

Resend: We use Resend to send transactional emails (verification, password resets). Resend's privacy policy governs their handling of email data.

AWS: Our infrastructure is hosted on Amazon Web Services. AWS's privacy policy governs their data handling practices.

We use session cookies to maintain your login state and provide core functionality. These cookies are essential for the service to work properly. We do not use third-party advertising cookies or tracking pixels.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

Our services are operated in the United States. If you are accessing our services from outside the U.S., please be aware that your information will be transferred to, stored, and processed in the United States where our servers are located.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of our services after changes constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: info@envelup.com
• Contact Form: envelup.com/contact