Overview

This Privacy Policy explains how Paycheck to Paycheck, Inc. ("Company," "we," "us," "our") collects, uses, and protects information when you use our Service, including participation in our beta program.

1. Information We Collect

Account and Identity Data

Email address and authentication identifiers
Household/account relationship data
Billing status and subscription metadata
Session and device metadata (for security and fraud prevention)

Planning Data You Enter

Pay schedules, recurring expenses, envelopes, and goals
Manual account balances and transaction-related planning data
User-provided notes and categorization inputs

Connected Financial Data (if enabled)

When enabled, we may receive account and transaction data through Plaid integrations.

Account names, masked identifiers, balances
Transaction date, amount, merchant, and categorization data

We do not receive your bank login credentials.

Billing Data

Payments are processed by Stripe. We store billing metadata, not full card numbers.

2. Beta Program Data Practices

During beta, we may collect additional operational data to improve product quality, including:

Feature usage events and interaction patterns
Error reports, logs, and debugging diagnostics
Feedback submitted through in-app forms, email, or support channels
Program metadata (for example, beta cohort/pricing eligibility flags)

We use this data to fix issues, prioritize roadmap decisions, and validate beta pricing/eligibility rules.

3. How We Use Information

Provide and operate the Service
Calculate budgeting and projection outputs
Manage subscriptions, billing, and beta eligibility
Secure accounts and detect abuse/fraud
Respond to support requests and product feedback
Improve reliability and user experience
Comply with legal obligations

We do not sell personal data.

4. Data Sharing

We share information only as needed to operate the Service, including with providers such as:

Supabase (auth and database infrastructure)
Stripe (billing and subscription management)
Plaid (financial connectivity, where enabled)
Hosting/infrastructure vendors (for example Vercel and Railway)

We may also disclose information when required by law or to protect rights and safety.

5. Data Retention and Deletion

We retain account and service data while your account is active.

After account deletion, data is removed according to our retention schedule and legal obligations.

Operational and audit records may be retained for security/compliance purposes.
Backups may persist temporarily before secure deletion cycles complete.

6. Security

We implement technical and organizational safeguards to protect your data. Key measures include:

Encryption

All data is transmitted over HTTPS/TLS — never over unencrypted connections.
Financial institution access tokens obtained through Plaid are encrypted at rest using AES-256-GCM with a dedicated encryption key before being stored in our database. We never store your bank login credentials.
Database storage is managed through Supabase, which encrypts data at rest by default.

Access Controls

All API requests are authenticated using short-lived JWTs issued by our auth provider. Unauthenticated requests are rejected at the API layer.
Our database enforces Row Level Security (RLS) policies so that each user can only access data belonging to their own household — isolation is enforced at the database level, not just application logic.
Production infrastructure access is restricted to authorized personnel only, following the principle of least privilege.

Financial Data Handling

Bank account connections are established via Plaid Link. We never see or store your banking credentials — authentication occurs entirely within Plaid's secure environment.
We access only the account and transaction data necessary to provide the Service. We do not access payment initiation or fund transfer capabilities.

Incident Response

In the event of a suspected data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law. You can report security concerns to info@paycheckbypaycheck.com.

No method of transmission or storage is completely secure. We continuously review and improve our security practices as the Service evolves.

7. Your Choices and Rights

Depending on your location, you may request to access, correct, export, or delete your data.

You may also opt out of non-essential communications where applicable.

8. Changes to This Policy

We may update this Privacy Policy as the beta program and Service evolve.

Material updates may be communicated by email or in-app notice.

9. Contact

If you have questions about this Privacy Policy, contact:

Email: info@paycheckbypaycheck.com
Mailing Address:
Paycheck to Paycheck, Inc.
Omaha, NE
United States