Privacy Policy

A legal disclaimer

1. Introduction

RealBalance ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("RealBalance" or "the App") and related services (collectively, "the Service").

RealBalance is a product of Obenrader Innovations LLC, a company organized under the laws of the State of New York.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

We collect several types of information from and about users of our Service:

2.1 Financial Information

We collect financial information from your connected bank accounts and credit cards through Plaid, a third-party financial data aggregator. This includes:

Account Information: Account balances (checking, savings, credit cards), account numbers (last 4 digits for display purposes), account types and names, financial institution names, and account routing numbers (for identification purposes only).

Transaction Information: Transaction history and details, transaction amounts, transaction dates, transaction descriptions and merchant names, transaction categories (as provided by Plaid), and transaction status (pending vs. settled).

Credit Card Information: Credit card balances, credit limits, available credit, payment due dates, statement balances, last statement dates, and utilization percentages.

Account Metadata: Account connection status, last sync timestamps, and account verification status.

Important: We never collect or store your bank account passwords, PINs, or login credentials. All authentication is handled securely through Plaid.

2.2 Personal Information

We collect personal information that you provide to us or that is necessary to provide the Service:

Account Information: Email address (used for account creation and authentication), user ID (generated by our authentication system), account creation date, and last login timestamp.

Authentication Credentials: Authentication tokens (managed securely through Supabase Auth), session information. Authentication is handled securely through Supabase Auth - we do not store passwords in plain text.

User-Generated Content: Income sources (amounts, frequencies, payment dates), fixed expenses (names, amounts, frequencies, due dates, categories), allocation profiles (time windows, funding sources, expense priorities), and custom notes or labels you may add to transactions or accounts.

2.3 Usage Information

We automatically collect certain information about how you interact with the Service:

App Usage Data: Features accessed and used, time spent in the app, navigation patterns, and settings and preferences.

Technical Information: Device information (device type, operating system version, device identifiers), app version, IP address (for security and fraud prevention), and error logs and diagnostic information.

Performance Data: App crash reports, performance metrics, and error messages and stack traces.

2.4 Information from Third-Party Services

Plaid: Financial account data as described above. Supabase: Authentication and data storage services.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

We use your information to connect and display your bank accounts and credit cards, sync and display account balances and transactions, calculate available spending based on your income, expenses, and obligations, generate allocation profiles and spending breakdowns, match transactions to fixed expenses, distinguish between pending and settled transactions, provide budgeting and expense tracking features, calculate spending patterns and budget allocations, and display time-window spending analysis.

3.2 To Improve the Service

We analyze usage patterns to improve app functionality, identify and fix bugs and technical issues, develop new features and enhancements, optimize app performance, and conduct security audits and monitoring.

3.3 To Communicate With You

We send you service-related notifications, respond to your inquiries and provide customer support, send important updates about the Service, notify you of changes to this Privacy Policy or our Terms of Service, send security alerts if we detect suspicious activity, and send marketing communications about new features, tips, and promotions (you can opt-out at any time).

3.4 To Ensure Security and Prevent Fraud

We use your information to authenticate your identity, detect and prevent fraud, abuse, or illegal activity, protect the security and integrity of the Service, and enforce our Terms of Service.

3.5 To Comply With Legal Obligations

We comply with applicable laws, regulations, and legal processes, respond to lawful requests from government authorities, and protect our rights, privacy, safety, or property.

4. How We Protect Your Information

We implement industry-standard security measures to protect your information:

4.1 Encryption

Data at Rest: All financial data stored in our databases is encrypted using industry-standard encryption (AES-256). Data in Transit: All data transmission between your device and our servers uses HTTPS/TLS encryption (TLS 1.2 or higher). Access Tokens: All Plaid access tokens are encrypted before storage using strong encryption algorithms. Authentication: User authentication credentials are hashed and never stored in plain text.

4.2 Access Controls

Row Level Security (RLS): Our database uses Row Level Security policies to ensure users can only access their own data. User Authentication: Multi-factor authentication is available and recommended for enhanced security. Administrative Access: Administrative access to user data requires multi-factor authentication and is logged and monitored. Principle of Least Privilege: Employees and contractors only have access to data necessary for their job functions.

4.3 Data Storage

Secure Infrastructure: Your data is stored securely in Supabase, a SOC 2 Type II certified cloud database provider. Data Isolation: Each user's data is isolated and cannot be accessed by other users. Backup and Recovery: Regular encrypted backups are performed to ensure data availability. No Password Storage: We never store your bank account passwords, PINs, or login credentials. Token Security: Access tokens are encrypted and stored securely, and are never exposed in client-side code.

4.4 Security Monitoring

We conduct regular security audits and vulnerability assessments, continuously monitor for suspicious activity, maintain incident response procedures, and provide regular security training for employees with data access.

5. Third-Party Services

We use third-party services to provide the Service. These services have their own privacy policies:

5.1 Plaid

We use Plaid Inc. ("Plaid") to securely connect your financial accounts. Plaid acts as an intermediary between RealBalance and your financial institutions, never shares your bank account credentials with us, uses bank-level encryption and security measures, is compliant with SOC 2, PCI-DSS Level 1, and other security standards, and is regulated as a financial institution and subject to federal oversight.

Plaid's Role: Plaid accesses your financial account information on our behalf, provides us with account balances, transactions, and account metadata. You authorize Plaid to access your accounts when you connect them through our app. You can review Plaid's privacy policy and terms at: https://plaid.com/legal/

Your Rights with Plaid: You can disconnect your accounts at any time through the app, you can revoke Plaid's access through your financial institution, and Plaid does not share your credentials with us.

5.2 Supabase

We use Supabase ("Supabase") for secure cloud database storage, user authentication and session management, backend infrastructure and API services, and data encryption and security. Supabase is SOC 2 Type II certified and complies with industry security standards. You can review Supabase's privacy policy at: https://supabase.com/privacy

5.3 Other Service Providers

We may use other service providers to host our infrastructure, provide customer support tools, and monitor app performance and errors. All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

6.1 With Your Consent

When you explicitly authorize us to share your information, or when you choose to connect accounts or use features that require data sharing.

6.2 With Service Providers

We may share your information with service providers who perform services on our behalf: Plaid (to connect and sync your financial accounts), Supabase (to store and manage your data securely), Customer Support Tools (to provide customer support services), and Analytics and Monitoring (to monitor app performance - no personal financial data is shared). All service providers are contractually obligated to use your information only for the purposes we specify, protect your information with appropriate security measures, and not disclose your information to other parties.

6.3 For Legal Compliance

We may disclose your information if required by law or in response to valid legal process (subpoenas, court orders, search warrants), government requests or investigations, legal obligations to protect our rights or property, or emergency situations to protect user safety.

6.4 In Case of Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your information.

6.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that does not identify you personally for analytics and research purposes, to improve our Service, and for business purposes. This data cannot be used to identify you.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access

You have the right to access the personal information we hold about you. You can view your account information in the app, or request a copy of your data by contacting us at support@myrealbalance.com.

7.2 Correction

You have the right to correct inaccurate or incomplete information. You can update your account information directly in the app, or contact us to correct any information we hold about you.

7.3 Deletion

You have the right to request deletion of your account and personal information. You can delete your account directly in the app settings, or contact us at support@myrealbalance.com to request account deletion.

What Gets Deleted: Your account and authentication information, all financial account connections, all stored transaction data, and all user-generated content (income sources, fixed expenses, allocation profiles).

What May Be Retained: Information we are required to retain by law, information necessary for legal compliance or dispute resolution, and aggregated or anonymized data that cannot identify you.

We will delete or anonymize your personal information within 30 days of your deletion request, except where we are required to retain it by law.

7.4 Data Portability

You have the right to receive a copy of your data in a structured, machine-readable format. Contact us at support@myrealbalance.com to request your data export. We will provide your data within 30 days of your request. The export will include: account information, transaction history, income sources, fixed expenses, allocation profiles, and other user-generated content. Data will be provided in a commonly used format (JSON, CSV, or similar).

7.5 Account Disconnection

You can disconnect your financial accounts at any time. Disconnect accounts directly in the app. Disconnecting an account will stop new data collection from that account. Historical data may be retained until you delete your account.

7.6 Opt-Out Rights

Service Communications: You cannot opt-out of essential service communications (security alerts, important updates, account-related notifications). Marketing Communications: You can opt-out of marketing emails at any time. The option to manage your email preferences, including opting out of marketing communications, will be available in the app settings. Opt-Out Effect: If you opt-out of marketing communications, you will still receive essential service communications.

7.7 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, and disclose. Right to Delete: You can request deletion of your personal information (subject to certain exceptions). Right to Opt-Out: You have the right to opt-out of the sale of personal information (we do not sell your information). Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, contact us at support@myrealbalance.com.

7.8 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right of Access: You can request access to your personal data. Right to Rectification: You can request correction of inaccurate data. Right to Erasure: You can request deletion of your personal data. Right to Restrict Processing: You can request restriction of how we process your data. Right to Data Portability: You can request a copy of your data in a portable format. Right to Object: You can object to certain types of processing. Right to Withdraw Consent: You can withdraw consent where processing is based on consent.

To exercise your European privacy rights, contact us at support@myrealbalance.com.

8. Data Retention

We retain your information for the following periods:

8.1 Active Accounts

We retain your information for as long as your account is active, necessary to provide the Service to you, or required to comply with legal obligations.

8.2 Deleted Accounts

When you delete your account: We will delete or anonymize your personal information within 30 days of your deletion request. Financial account connections will be immediately disconnected. Transaction data and user-generated content will be deleted within 30 days. Some information may be retained longer if required by law or for legitimate business purposes: Legal Requirements (information required to be retained by law, typically 7 years for financial records), Fraud Prevention (information necessary to prevent fraud or abuse, typically 1-2 years), Dispute Resolution (information related to ongoing disputes or legal proceedings), and Security (logs and records necessary for security investigations, typically 90 days to 1 year).

8.3 Financial Data

Account Connections: Disconnected when you disconnect accounts or delete your account. Transaction Data: Deleted when you delete your account, unless required to be retained by law. Access Tokens: Revoked and deleted when you disconnect accounts or delete your account.

8.4 Legal Requirements

We may retain certain information longer if required by applicable law or regulation, necessary for legal proceedings or dispute resolution, or required for fraud prevention or security purposes.

9. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@myrealbalance.com. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence:

Data Storage: Your data is stored in secure data centers, which may be located outside your country of residence. Service Providers: Our service providers (Plaid, Supabase) may process your data in various locations. Safeguards: We ensure appropriate safeguards are in place to protect your data, including standard contractual clauses, adequacy decisions by relevant authorities, and industry-standard security measures.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, changes in applicable laws or regulations, or changes in the Service or our business.

How We Notify You of Changes: We will post the updated Privacy Policy in the app, update the "Last Updated" date at the top of this policy, send you an email notification to the email address associated with your account for material changes, and may also display a prominent notice in the app.

Your Continued Use: Your continued use of the Service after changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and delete your account.

Review Regularly: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: support@myrealbalance.com

Mail:

RealBalance

Obenrader Innovations LLC

850 Amsterdam Ave

New York City, New York 10025

United States

Response Time: We will respond to your inquiries within 30 days. For urgent privacy concerns, please indicate "URGENT" in your subject line.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of New York, United States, without regard to its conflict of law principles.

Any disputes arising from or relating to this Privacy Policy or our privacy practices will be subject to the exclusive jurisdiction of the courts located in New York, New York.

14. Additional Information for Specific Jurisdictions

14.1 United States

RealBalance complies with applicable U.S. federal and state privacy laws, including the Gramm-Leach-Bliley Act (GLBA) requirements for financial information and state privacy laws where applicable.

14.2 European Economic Area (EEA)

Note: RealBalance is currently only available to users in the United States. If you are located outside the United States, please be aware that we may not be able to provide the Service to you, and your use of the Service may be subject to different privacy laws.

If you are located in the EEA and are able to access the Service: Our legal basis for processing your data includes contract performance, legitimate interests, and consent where applicable. You have the rights described in Section 7.8. You can lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

14.3 California (CCPA Compliance)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

California-Specific Disclosures: Categories of Personal Information Collected (see Section 2 for detailed information), Categories of Sources (directly from you, from Plaid with your authorization, and automatically from your use of the Service), Business or Commercial Purpose (see Section 3 for how we use your information), and Categories of Third Parties (see Section 5 and 6 for information about third-party sharing).

To exercise your California privacy rights, contact us at support@myrealbalance.com.

Effective Date: This Privacy Policy is effective as of January 2025.

Last Updated: January 2025