Privacy Policy

Right Money (“Right Money,” “we,” “us,” or “our”), operated by Columbia Advisory Group, provides a personal finance management application and related services (collectively, the “Service”) available at https://app.rightmoney.com.

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service. It also describes your rights and choices regarding your information.

By accessing or using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy is incorporated into and made part of our Terms of Service.

2.1 Information You Provide Directly

When you create an account and use the Service, you provide us with the following information:

• Account Information: Your email address and password, which are used to create and secure your account. Authentication is managed through Supabase.
• Payment Information: When you subscribe, your payment details (credit or debit card information) are collected and processed by Stripe, Inc. We do not store your full payment card numbers on our servers. Stripe manages this information in accordance with PCI DSS standards.
• Uploaded Documents: If you use the manual import feature, you may upload bank or credit card statements in CSV or PDF format. These documents are processed to extract transaction data and are not retained after processing is complete.
• User Preferences: Settings and preferences you configure within the Service, such as account nicknames, bucket assignments (Bills, Lifestyle, Freedom), and transaction categorizations.

2.2 Financial Information Collected Through Plaid

When you connect a financial institution account through our Service, we use Plaid Inc. (“Plaid”) to access and retrieve your financial data. By connecting your accounts, you authorize Plaid to access the following information on your behalf:

• Account Information: Account name, account type (checking, savings, credit card, etc.), and current balance.
• Transaction Data: Transaction date, amount, merchant or payee name, and transaction category.
• Institution Information: The name and routing identifiers of your financial institution.

Your use of Plaid is subject to Plaid's End User Privacy Policy, available at plaid.com/legal. We encourage you to read Plaid's privacy policy carefully.

We do not access your financial institution login credentials. These credentials are transmitted directly to Plaid and are not shared with or stored by Right Money. Plaid uses secure, tokenized access to retrieve your financial data on an ongoing basis.

2.3 Information Collected Automatically

When you access the Service, we automatically collect certain technical information:

• Usage Data: Pages viewed, features used, time spent in the application, and interaction patterns.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, and referring website addresses.
• Cookies and Similar Technologies: We use essential cookies to maintain your session and authenticate your identity. We do not use advertising or tracking cookies.

We process uploaded CSV and PDF bank statements using automated tools, including artificial intelligence services, solely for the purpose of extracting and categorizing transaction data. The content of uploaded files is processed in memory and is not permanently stored after the transaction data has been extracted.

We do not sell your personal information or financial data to third parties. We share your information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data:

4.2 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, court order, or legal process; protect and defend our rights or property; prevent or investigate possible wrongdoing in connection with the Service; protect the personal safety of users of the Service or the public; or protect against legal liability.

4.3 Business Transfers

If Right Money is involved in a merger, acquisition, reorganization, sale of assets, or similar business transaction, your personal information and financial data may be transferred as part of that transaction. The acquiring entity will be bound by the terms of this Privacy Policy with respect to your personal information.

In the event of such a transfer, we will notify you via email and/or a prominent notice within the Service prior to your personal information being transferred and becoming subject to a different privacy policy. You will have the opportunity to cancel your subscription before any material changes take effect.

4.4 With Your Consent

We may share your information with other parties when you have given us your explicit consent to do so.

• Active Accounts: Your data is retained and updated through ongoing synchronization with your connected financial institutions via Plaid.
• Canceled Subscriptions: After subscription cancellation, we retain your account data for thirty (30) days to allow for reactivation. After thirty (30) days, your data may be permanently deleted.
• Deleted Accounts: Upon account deletion, we will delete your personal and financial data within thirty (30) days, except where retention is required by law or necessary for legitimate business purposes (such as fraud prevention or resolving disputes).
• Payment Records: Stripe retains payment transaction records in accordance with its own data retention policies and applicable financial regulations.
• Uploaded Statements: CSV and PDF files uploaded for manual import are processed in memory and are not permanently stored. Only the extracted transaction data is retained as part of your account.

We take the security of your personal and financial information seriously and implement commercially reasonable safeguards, including:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols.
• Encryption at Rest: Data stored in our database systems (Supabase) is encrypted at rest.
• Secure Authentication: User authentication is managed through Supabase with email verification. Passwords are hashed and never stored in plaintext.
• PCI Compliance: Payment card data is handled exclusively by Stripe in accordance with PCI DSS. We never store full card numbers on our servers.
• Tokenized Bank Access: Financial institution credentials are never stored by Right Money. Plaid uses secure, tokenized connections to access your financial data.
• Access Controls: Access to user data is restricted to authorized personnel and systems on a need-to-know basis.
• Monitoring and Logging: We use Vercel and Supabase logging to monitor access to our systems and detect potential security incidents.

Despite these measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law, including the Washington State data breach notification law (RCW 19.255.010).

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request access to the personal information we hold about you. You may also request a copy of your data in a structured, commonly used, and machine-readable format.

7.2 Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you. You may update certain information directly within the Service through your account settings.

7.3 Deletion

You have the right to request deletion of your personal information. You may request account deletion by contacting us at otto@rightmoney.com. Upon deletion, we will remove your data in accordance with Section 5 of this Privacy Policy. Please note that we may retain certain information as required by law or for legitimate business purposes.

7.4 Disconnect Financial Accounts

You may disconnect any linked financial institution account at any time through the Service. When you disconnect an account, we will stop retrieving new data from that institution. Previously retrieved transaction data will remain in your account unless you request its deletion.

7.5 Opt Out of Communications

You may opt out of promotional emails by using the unsubscribe link included in each email. You may not opt out of transactional communications related to your account, billing, or legal notices while you maintain an active account.

7.6 Washington State Residents

If you are a resident of Washington State, you may have additional rights under the Washington My Health My Data Act (if applicable to the data we collect) and other state privacy laws. To exercise any of your rights, please contact us at otto@rightmoney.com.

7.7 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise your rights, contact us at otto@rightmoney.com.

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us at otto@rightmoney.com.

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Service.

Key third-party privacy policies relevant to your use of Right Money:

• Plaid: plaid.com/legal
• Stripe: stripe.com/privacy
• Supabase: supabase.com/privacy
• Vercel: vercel.com/legal/privacy-policy

The Service is operated in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers and service providers are located. By using the Service, you consent to the transfer of your information to the United States.

Some web browsers transmit “Do Not Track” signals to websites. Because there is no uniform standard for interpreting these signals, we do not currently respond to “Do Not Track” signals. We will continue to monitor developments in Do Not Track technology and update our practices as standards evolve.

We use only essential cookies that are necessary for the operation of the Service. These cookies are used to maintain your authenticated session, remember your login status, and ensure the security of your account.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that track you across other websites. We do not participate in cross-site tracking or targeted advertising.

Because we use only essential cookies, cookie consent banners are not required. However, you may configure your browser to reject cookies, though doing so may impair your ability to use the Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on the Service with a revised “Last Updated” date, sending you an email notification at least thirty (30) days before the changes take effect, and providing a prominent notice within the Service.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you should discontinue your use of the Service and request account deletion.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Right Money
Email: otto@rightmoney.com
Website: rightmoney.com

For questions about how Plaid handles your financial data, please contact Plaid directly at plaid.com/legal or privacy@plaid.com.