Privacy Policy

1. Who this applies to

The Service is intended for individuals 18 years or older who use Stork Money to track their finances and plan for financial independence. The Service is an informational tool and is not a bank, broker, or financial advisor.

2. Information we collect

Account information.When you create an account, we collect your name and email address, and a password. Your password is never stored in readable form — it is stored only as a secure bcrypt hash.

Financial account data (via Plaid).If you connect a bank or financial institution, we use Plaid Inc. (“Plaid”) to retrieve information on your behalf. This includes account names and types, balances, and transactions (date, description, amount, and category). We never see or store your bank login credentials— you enter those directly with Plaid through its secure interface. We receive only a scoped access token to retrieve your data, and that token is stored in encrypted form.

Financial planning inputs. Information you enter to use the planning features, such as your expected retirement expenses, savings rate, expected investment return, budget categories, and related settings. We also generate derived figures from your data, such as your savings rate, net worth snapshots, FIRE number and projected date, and personalized insights.

Subscription and payment information.Subscriptions are processed by Stripe, Inc. (“Stripe”). We do not collect or store your full payment card number — Stripe handles that directly. We store your subscription status and plan, and the identifiers Stripe uses to associate your subscription with your account.

Technical and log data. Our servers generate operational and error logs for debugging and monitoring. These logs do not contain financial data, passwords, or banking tokens, and are retained for a maximum of 90 days. We may also process basic device and app information needed to deliver the Service.

3. How we use your information

We use your information to:

• provide, maintain, and operate the Service, including syncing and categorizing transactions and producing budgeting and financial-independence projections;
• create and authenticate your account and keep it secure;
• process your subscription and payments through Stripe;
• send you service-related emails, such as email verification, free-trial reminders, billing notices, and security notifications;
• respond to your support requests;
• detect, prevent, and address fraud, abuse, and security issues; and
• comply with legal obligations.

Where the EU/UK General Data Protection Regulation (GDPR) applies, we process your data to perform our contract with you (providing the Service), for our legitimate interests (such as security and improving the Service), to comply with legal obligations, and with your consent where required.

4. How we share your information

We do not sell your personal or financial data, and we do not share it for advertising or marketing purposes. We share information only in these limited circumstances:

Service providers (sub-processors). We use trusted providers to operate the Service, each handling only the data needed for their function:

• Plaid — secure connection to your financial institutions (Plaid is a SOC 2 Type II–certified financial data aggregator).
• Stripe — subscription billing and payment processing.
• Supabase — database hosting (PostgreSQL, encrypted at rest).
• Amazon Web Services (AWS Amplify) — application hosting.
• Resend — sending transactional emails.

Legal and safety. We may disclose information if required by law, subpoena, or legal process, or where necessary to protect the rights, safety, or property of our users, the public, or Stork Money.

Business transfers. If Stork Money is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

At your direction. When you connect a financial institution, you direct us (through Plaid) to retrieve your data.

Plaid’s handling of your information is also governed by Plaid’s End User Privacy Policy, available at plaid.com/legal.

5. Data retention

• Account and financial data is retained for as long as your account is active and is deleted when you delete your account.
• Plaid access tokens are retained only while a banking connection is active. When you disconnect a linked account, the token is revoked through Plaid and permanently deleted.
• Server and error logs are retained for a maximum of 90 days and then automatically purged.
• Session tokens are short-lived and expire automatically; they are not stored persistently on our servers.

When you request account deletion, deletion is completed within 30 days; in practice, the automated process runs immediately upon your confirmation. See Section 7.

6. How we protect your information

We apply industry-standard safeguards, including:

• Encryption in transit: all traffic between the app and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: our database is encrypted using AES-256. Banking access tokens receive an additional layer of application-level AES-256-GCM encryption before storage.
• Password protection: passwords are hashed with bcrypt and never stored in readable form.
• Access controls: API access requires a valid authenticated session and enforces user-level isolation, so you can only access your own data. Administrative access to our infrastructure is protected by multi-factor authentication.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your data, we will notify affected users by email within 72 hours of confirming unauthorized access.

7. Your rights and choices

Regardless of where you live, you can:

• Access your data — your data is visible within the app across the dashboard, budget, transactions, and account screens.
• Export your data — export your transaction and account data from Account Settings.
• Delete your account and data — from Account Settings → Delete Account. This permanently removes your transactions, accounts, FIRE profile, budget categories, net worth snapshots, connected institutions, and account record. It cannot be undone.
• Disconnect a bank — from Account Settings → Connected accounts, which revokes Plaid’s access and stops further syncing.

California residents (CCPA/CPRA). You have the right to know what personal information we collect and how we use and disclose it, to request deletion or correction, and to not be discriminated against for exercising your rights. We do not sell or share your personal information as those terms are defined under California law.

EEA, UK, and Swiss residents (GDPR). You have the right to access, correct, delete, restrict, or object to our processing of your personal data, and the right to data portability. You may also lodge a complaint with your local supervisory authority.

To exercise any of these rights, use the in-app tools above or email us at support@storkmoney.com. We may need to verify your identity before acting on a request.

8. Children’s privacy

The Service is not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us at support@storkmoney.com and we will delete it.

9. International users

Stork Money is operated from the United States, and your information is stored and processed in the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date, and for material changes we will provide additional notice (such as by email or in-app). Your continued use of the Service after an update means you accept the revised policy.

11. Contact us

If you have questions about this Privacy Policy or your data, email us at support@storkmoney.com.