Privacy Policy

• Provide and operate our dashboards, reports, and analytics features
• Display cash flow summaries, transaction categorization, and reconciliation tools
• Generate financial insights and recurring transaction analysis
• Send transactional emails (receipts, alerts, account notices)
• Improve our products through aggregated, anonymized usage analysis
• Comply with legal obligations

We do not sell, rent, or trade your financial data to third parties for advertising or marketing purposes.

We share data only with:

• Plaid — financial data connection and retrieval (see above)
• Supabase — our database and backend infrastructure provider (data stored in the US)
• Vercel — our hosting and deployment platform
• Resend / email provider — transactional email delivery
• Law enforcement or regulators — when required by law or valid legal process

All service providers are contractually required to protect your data and may only use it to provide services to us.

• All data transmitted over TLS (HTTPS)
• Data encrypted at rest in Supabase (AES-256)
• Access to production systems restricted to authorized personnel only
• Multi-factor authentication (MFA) required for all admin access to production systems
• API keys and secrets stored in environment variables, never in source code
• Row-level security (RLS) policies enforce data isolation between customers

No system is 100% secure. If you discover a vulnerability, please report it to security@nustack.digital.

We retain your data for as long as your account is active or as needed to provide services. When you close your account or request deletion:

• Your account and personal data are deleted within 30 days
• Financial data retrieved via Plaid is deleted from our systems
• Anonymized, aggregated analytics data may be retained
• We may retain records required by law for up to 7 years

To request deletion, email support@nustack.digital with the subject line “Data Deletion Request.”

You have the right to:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data (see Section 5)
• Portability — request your data in a portable format
• Withdraw consent — disconnect your bank account at any time via the app

California residents may have additional rights under CCPA. We do not sell personal information. To exercise any right, contact support@nustack.digital.

We use essential cookies for authentication and session management. We may use analytics tools that set cookies to help us understand how the product is used. We do not use third-party advertising cookies.

Our services are not directed to individuals under 18. We do not knowingly collect data from minors.

We may update this policy. We will notify you via email or in-app notice at least 30 days before material changes take effect. Continued use after the effective date constitutes acceptance.

NuStack Digital Ventures LLC
General inquiries: support@nustack.digital
Security issues: security@nustack.digital