Privacy Policy

Open Wallet Finance™ — The Open Wallet

Effective: March 2026Last updated: March 11, 2026Contact: support@openwalletfinance.com
← Back to Home

AI financial coaching disclaimer

AI coaching in Open Wallet Finance is for informational and educational purposes only. Nothing in the app constitutes financial, investment, or professional advice. Consult a qualified professional before making financial decisions. We are not a registered investment advisor, broker-dealer, or financial planner.

COPPA — children's privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. Users 13–17 may use the Service only with verifiable parental consent. See Section 7.3 in this policy and our Terms of Service for eligibility details.

1. Introduction

Open Wallet Finance LLC ("we," "our," or "us") operates The Open Wallet (Open Wallet Finance™), a financial wellness and budgeting application. We are committed to protecting your privacy and handling your data in a transparent, secure, and compliant manner.

This Privacy Policy describes how we collect, use, store, and protect your information, and explains your rights under applicable law. By using The Open Wallet, you agree to the practices described in this policy. If you do not agree, please do not use our services.

This policy applies to all users of The Open Wallet, including visitors to our website at openwalletfinance.com.

2. Identity & Authentication

We use Clerk for secure identity management and account authentication. Clerk provides:

  • Secure sign-up and sign-in: Your account credentials are managed through Clerk's infrastructure and are not stored in our application databases.
  • Multi-Factor Authentication (MFA): We enforce Step-Up Multi-Factor Authentication (including email one-time password, or OTP) prior to sensitive actions, such as linking a bank account or generating financial data connections.
  • Session security: Authentication sessions are managed by Clerk using industry-standard security controls. We do not store your passwords. Password complexity, credential-stuffing protection, and account lockout policies are managed centrally by Clerk.

Clerk's privacy practices are governed by their own Privacy Policy at clerk.com/privacy.

3. Financial Data Handling

3.1 Use of Plaid Inc.

We use Plaid Inc. to securely connect your financial accounts and aggregate financial data (such as account balances and transaction history). When you choose to link a bank or financial account:

  • We do not collect or store your online banking username or password. Your bank credentials are entered directly into Plaid's secure Link interface and are handled exclusively by Plaid. We never have access to your raw bank login credentials.
  • Plaid acts as an intermediary between you and your financial institution. Plaid's practices are governed by their own privacy and security policies (see Section 8).
  • We receive only aggregated data that Plaid provides to us pursuant to your authorization (e.g., account identifiers, balances, and transaction data). We use this data to power budgeting, insights, and other features within The Open Wallet.
  • Our access to your financial accounts is read-only. We cannot initiate transactions, move money, or modify your financial accounts in any way.

3.2 What We Store

  • Plaid access tokens: We store secure tokens that allow us to request your financial data from Plaid on your behalf. These tokens are stored server-side only in our encrypted database, strictly bound to your user account. They are never exposed to client-side code, browser storage, or cookies.
  • Financial data: Transaction and account data are fetched from Plaid on demand and may be processed in memory or displayed in the application. We do not replicate raw banking data to long-term storage beyond what is necessary to provide our services.
  • Budget and preference data: Budget categories, goals, and user preferences you configure within the app are stored in our database to power the Service.

4. Artificial Intelligence & Data Processing

The Service uses AI technology to power financial coaching, budget recommendations, and transaction analysis. Understanding how your data interacts with these systems is important:

4.1 Anthropic (Primary AI Provider)

AI coaching and advisory features are primarily powered by Claude, a large language model developed by Anthropic, PBC. When you use AI features:

  • Relevant portions of your financial data (such as transaction summaries and account information) may be sent to Anthropic's API to generate personalized responses.
  • Anthropic operates under a zero-data-retention policy for API usage. This means your conversation content and financial data sent via the API are not stored by Anthropic and are not used to train AI models.
  • Anthropic's privacy practices are governed by their Privacy Policy at anthropic.com/privacy.

4.2 Google (Secondary AI Provider — Fallback Only)

In the event of a service interruption with Anthropic, the Service may route AI requests to Google's Gemini model as a fallback to maintain service availability. When this occurs:

  • The same types of financial data that would be sent to Anthropic may be sent to Google's API instead.
  • Google's data handling practices for API usage are governed by their Privacy Policy at policies.google.com/privacy.
  • We will not knowingly route requests to Google if you have explicitly opted out of third-party AI processing. Contact us at support@openwalletfinance.com to discuss your options.

NOTE ON AI FALLBACK: Our primary commitment is zero-retention AI processing through Anthropic. Google Gemini is used only as a technical fallback during outages. The vast majority of AI interactions will be processed exclusively through Anthropic.

5. Data Security

We implement technical and organizational measures to protect your data:

  • Encryption in transit: All data transmitted between your device, our servers, and third-party services is encrypted using TLS 1.2 or higher. Unencrypted connections are not accepted.
  • Encryption at rest: All persistent data is encrypted using AES-256 encryption, enforced at the infrastructure layer by Supabase (PostgreSQL). Encryption key management is handled by our infrastructure providers.
  • Access control: Access to production systems and user data is restricted on a need-to-know basis. Plaid access tokens and sensitive records are strictly mapped to your authenticated identity (Clerk user ID) and are never shared across accounts.
  • Row-level security: Our database enforces row-level security policies ensuring each user can only access their own data.
  • No sensitive data in client storage: We do not store sensitive financial data, access tokens, or authentication credentials in browser storage, cookies, or client-side code.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security.

6. Data Retention & Deletion

6.1 Retention

We retain your data only as long as necessary to provide our services, comply with legal obligations, and resolve disputes. Transaction and account data are requested from Plaid when you use the application and processed according to the practices described in this policy.

6.2 Deletion Policy & 24-Hour Commitment

Account deletion must be initiated through the application while you are signed in. We do not accept account deletion requests by email or any other unauthenticated channel.

How to request deletion: Navigate to Settings > Close Account and type "delete my account" to confirm.

Upon your confirmed request:

  1. Revocation of financial access: We immediately call Plaid's /item/remove endpoint to permanently revoke the connection between The Open Wallet and your linked financial accounts.
  2. Permanent purge of stored data: We permanently delete all associated records from our database within twenty-four (24) hours of your request.
  3. Client-side data: All locally stored preferences are cleared from your device as part of the deletion flow.
  4. Confirmation: Upon completion, you will receive confirmation and will be signed out.

We commit to completing the above steps within twenty-four (24) hours of your confirmed in-app deletion request. No residual user data from deleted accounts is retained beyond this window, except where required by law.

6.3 Legal Holds

Notwithstanding the above, we may retain certain information where required by applicable law, court order, or regulatory requirement, or where necessary to resolve disputes or enforce our agreements.

7. Your Rights & Compliance

We support your privacy rights under applicable law, including:

7.1 California (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete your personal information, subject to certain exceptions
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell your personal information)
  • Non-discrimination for exercising your privacy rights

To exercise your rights, use the in-app deletion workflow or contact us at support@openwalletfinance.com.

7.2 European Economic Area / UK (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to:

  • Access your personal data
  • Rectification of inaccurate data
  • Erasure ("Right to be Forgotten"): Our 24-hour deletion policy is designed to honor this right
  • Restrict or object to certain processing
  • Data portability where technically feasible
  • Lodge a complaint with a supervisory authority

Our legal basis for processing includes your consent, performance of our contract with you, and our legitimate interests where appropriate.

7.3 Children's Privacy (COPPA)

The Service is not directed at children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent. If we discover that we have inadvertently collected information from a child under 13, we will delete it immediately and terminate the associated account. If you believe a child under 13 has provided us with personal information, contact us at support@openwalletfinance.com.

Users between 13 and 17 years of age may use the Service only with verifiable parental or guardian consent, as described in our Terms of Service.

7.4 How to Exercise Your Rights

  • Account deletion: Settings > Close Account > type "delete my account" to confirm. We do not process deletion requests by email.
  • Other requests: Contact us at support@openwalletfinance.com with the subject line "Privacy Request."
  • Response time: We will respond to verifiable requests within 45 days, or as otherwise required by applicable law.

8. Data We Collect & How We Use It

8.1 Account & Identity Data

Managed by Clerk (e.g., email address, name, profile information). Used to create and secure your account, enforce MFA, and communicate with you about the Service.

8.2 Financial Data

Obtained via Plaid with your explicit consent. Used to provide budgeting, transaction history, financial age scoring, rewards optimization, and related features. Not sold to third parties.

8.3 Usage & Technical Data

We may collect usage and technical data (e.g., device type, browser type, IP address, pages visited, features used) to operate, secure, improve, and analyze our services. This data is collected through standard server logs and may be processed by our hosting provider, Vercel.

8.4 Payment Data

Payment information (credit card numbers, billing addresses) is collected and processed exclusively by Stripe, Inc. We do not store your full payment card information on our servers. We receive only limited transaction metadata from Stripe (e.g., subscription status, last four digits of card, billing email).

8.5 Communications

If you contact us by email, we retain the content of your communications to respond to your inquiry and improve our support.

8.6 What We Do Not Do

  • We do not sell your personal information to third parties
  • We do not rent your personal information for marketing purposes
  • We do not use your financial data for advertising purposes
  • We do not share your data with third parties except as necessary to operate the Service or as required by law

9. Cookies & Tracking Technologies

We use essential cookies and similar technologies necessary to operate the Service, including authentication session cookies managed by Clerk. We do not use third-party advertising cookies or behavioral tracking cookies.

You may configure your browser to refuse cookies, but doing so may impair your ability to use certain features of the Service, including staying signed in.

California residents: We do not engage in "cross-context behavioral advertising" as defined under the CCPA. We do not sell or share your personal information for targeted advertising.

10. Third-Party Services

Our application relies on the following third-party services. Their privacy practices govern the data they independently collect and process. We encourage you to review their policies.

| Service | Purpose | Privacy Policy | | --- | --- | --- | | Clerk | Identity, authentication, and MFA | clerk.com/privacy | | Plaid Inc. | Financial account linking and data aggregation | plaid.com/privacy | | Anthropic, PBC | Primary AI provider — powers AI financial advisor and coaching features | anthropic.com/privacy | | Google (Gemini) | Secondary AI provider — used as fallback if Anthropic is unavailable | policies.google.com/privacy | | Supabase | Database and backend infrastructure | supabase.com/privacy | | Vercel | Application hosting and deployment | vercel.com/legal/privacy-policy | | Stripe, Inc. | Payment processing and subscription billing | stripe.com/privacy |

We are not responsible for the privacy practices of these third-party services beyond our contractual obligations with them.

11. International Data Transfers

Open Wallet Finance LLC is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. Data protection laws in these countries may differ from those in your country of residence.

For users in the European Economic Area or United Kingdom, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to the extent required by applicable law.

12. Security Incident Response

In the event of a data breach or security incident that affects your personal information, we will:

  • Investigate and contain the incident promptly
  • Notify affected users as required by applicable law, including within 72 hours where required by GDPR
  • Notify relevant regulatory authorities as required by applicable law
  • Take reasonable steps to mitigate harm and prevent recurrence

To report a security concern or potential vulnerability, contact us at support@openwalletfinance.com with the subject line "Security Report."

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy with an updated "Last Updated" date. For material changes, we will provide additional notice by email or prominent in-app notification where required by law. Your continued use of The Open Wallet after the effective date of changes constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related questions, requests, or complaints, contact us at:

Open Wallet Finance LLC
1209 Mountain Road Pl NE Ste N, Albuquerque, NM 87110
Email: support@openwalletfinance.com
Subject line for privacy matters: "Privacy Request"

For account deletion requests, use the in-app process at Settings > Close Account. We do not process deletion requests by email.

We will respond to all verifiable privacy requests within 45 days, or as otherwise required by applicable law.

© 2026 Open Wallet Finance LLC. All rights reserved.

This Privacy Policy is maintained by Open Wallet Finance™ and is designed to align with our technical architecture and applicable privacy law including CCPA, GDPR, and COPPA.

← Back to Home