Introduction
Atlas Finance ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance management application and related services (the "Service").
By using Atlas Finance, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.
Information We Collect
Account Information
- ●Name and email address when you create an account
- ●Password (stored securely using bcrypt hashing with salt)
- ●Two-factor authentication credentials and backup codes (encrypted)
- ●Account status and registration information
- ●Dashboard layout preferences
Financial Information (via Plaid)
- ●Bank account balances, names, types, and last 4 digits of account numbers
- ●Transaction history including amounts, descriptions, merchant names, dates, and categories
- ●Credit card limits, APR rates, and reward rates
- ●Investment holdings and balances
- ●Institution names and metadata
Cryptocurrency Data
- ●Cryptocurrency account balances and holdings via Coinbase (optional)
- ●Cryptocurrency portfolio valuations via CoinGecko public API
Rewards & Loyalty Data
- ●Credit card reward rates, earning rules, and reward balances
- ●Card benefit tracking (annual credits, usage amounts, expiration dates)
- ●Loyalty program memberships, points balances, and activity history
- ●Merchant-matched transaction data for points estimation
Budgets, Goals & Financial Planning
- ●Budget categories, spending limits, and actual spending
- ●Financial goals with target amounts, dates, and contribution history
- ●Bill and subscription detection and tracking preferences
- ●Tax profile data including filing status, income, deductions, and contributions
Assets
- ●Vehicle information including VIN, make, model, year, and estimated value (via NHTSA API)
- ●Cryptocurrency asset quantities and valuation history
- ●Custom asset entries and depreciation tracking
Expense Splitting
- ●Split groups, members, and shared expense details
- ●Receipt images uploaded for expense documentation (JPG, PNG, GIF, WebP, PDF up to 5MB)
- ●Settlement records between users
AI Chat & Conversations
- ●Questions and messages you send to the Atlas AI assistant
- ●Conversation history and auto-generated conversation titles
- ●Financial context provided to the AI for personalized responses
Technical & Usage Data
- ●Device information and browser type
- ●IP address (for rate limiting and security)
- ●Performance metrics (page load times, web vitals)
- ●Error reports and diagnostic data
- ●Last active timestamp (updated periodically while using the app)
- ●Feature usage patterns
How We Use Your Information
- ●To provide and maintain our financial management services
- ●To sync your bank accounts and display transaction data
- ●To calculate credit card rewards, track loyalty points, and monitor card benefits
- ●To provide AI-powered financial insights and answer your questions
- ●To detect recurring bills, subscriptions, and spending patterns
- ●To generate budget alerts, low balance warnings, and goal progress updates
- ●To estimate tax deductions and provide tax-related insights
- ●To send important notifications about your account and finances
- ●To facilitate expense splitting with other users
- ●To improve our services, fix bugs, and develop new features
- ●To detect and prevent fraud, abuse, or unauthorized access
- ●To generate anonymized, aggregated analytics about service usage
Third-Party Services
We use the following third-party services to provide our functionality. Each service has its own privacy policy governing their use of your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Plaid | Bank account connection | Account credentials (via Plaid Link), transaction sync |
| Coinbase | Cryptocurrency holdings | OAuth tokens for read-only wallet access |
| Anthropic (Claude) | AI financial assistant | Your questions and relevant financial context |
| Sentry | Error monitoring | Error reports, stack traces, user ID for debugging |
| AWS SES | Transactional email | Email address, notification content |
| CoinGecko | Crypto price data | Cryptocurrency symbols (no personal data) |
| NHTSA | Vehicle identification | VIN numbers for vehicle specs lookup |
Important
We do not sell, rent, or trade your personal information to third parties. Data shared with third-party services is limited to what is necessary to provide the Service.
AI & Automated Processing
Atlas Finance uses artificial intelligence to provide financial insights and answer your questions. When you use the AI assistant:
- ●Your messages are sent to Anthropic's Claude API for processing
- ●Relevant financial context (account balances, spending categories, budget data) may be included to provide personalized responses
- ●Conversation history is stored in our database to maintain context across sessions
- ●AI responses are generated in real-time and are not reviewed by Atlas Finance staff
- ●We do not use your conversations to train AI models. Anthropic's data processing is governed by their privacy policy and API terms.
Automated Features
- ●Transaction categorization and merchant identification
- ●Reward and loyalty points estimation based on card earning rules
- ●Bill and subscription detection from transaction patterns
- ●Tax deduction identification from spending categories
- ●Budget and spending alerts based on thresholds you set
- ●Blog content generation (does not use your personal data)
Cookies & Local Storage
| Technology | Purpose | Duration |
|---|---|---|
| Session cookie | Authentication (keeps you logged in) | Until logout or expiration |
| CSRF token | Security (prevents cross-site request forgery) | Per session |
| localStorage | Theme preference (dark/light mode) | Until cleared by user |
We do not use third-party advertising cookies or cross-site tracking cookies. We do not participate in ad networks or retargeting programs.
Data Security
We implement industry-standard security measures to protect your data:
- ●All data is encrypted in transit using TLS/SSL
- ●Plaid access tokens and Coinbase OAuth tokens are encrypted at rest using AES-256
- ●Passwords are hashed using bcrypt with salt and password history is maintained to prevent reuse
- ●MFA backup codes are hashed, not stored in plaintext
- ●Two-factor authentication (TOTP) is available for additional security
- ●Rate limiting is applied per-user and per-IP to prevent abuse
- ●CSRF protection on all state-changing requests
- ●Session versioning for immediate session invalidation when needed
- ●Regular security audits and vulnerability assessments
Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion |
| Transaction history | Until account deletion |
| AI conversations | Until deleted by user or account deletion |
| Uploaded receipts | Until associated expense is deleted or account deletion |
| Error logs (Sentry) | Per Sentry's retention policy (typically 90 days) |
| Performance metrics | Aggregated and anonymized; raw data retained for 30 days |
| Email delivery logs | Until account deletion |
If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes. Deletion cascades to all associated data including transactions, budgets, goals, loyalty programs, and conversations.
Your Rights
You have the right to:
- ●Access your personal data at any time through the app
- ●Export your data in portable formats (CSV, PDF) via the export features
- ●Correct inaccurate data through account settings
- ●Delete your account and all associated data
- ●Disconnect linked bank accounts and third-party services at any time
- ●Delete individual AI conversations
- ●Opt out of non-essential email communications via email preferences
- ●Disable specific financial alerts and notifications
California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information:
Your California Rights
- ●Right to Know: You may request that we disclose what personal information we have collected, used, disclosed, and sold about you in the past 12 months.
- ●Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
- ●Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide an opt-out mechanism.
- ●Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- ●Right to Correct: You may request that we correct inaccurate personal information.
- ●Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information to what is necessary to provide the Service.
Categories of Information Collected
| Category | Collected | Sold |
|---|---|---|
| Identifiers (name, email, IP address) | Yes | No |
| Financial information (accounts, transactions) | Yes | No |
| Internet activity (usage patterns, errors) | Yes | No |
| Geolocation (IP-based, approximate) | Yes | No |
| Inferences (spending patterns, tax insights) | Yes | No |
| Sensitive PI (financial account access) | Yes | No |
To exercise any of these rights, contact us at privacy@atlasfi.io. We will respond to verifiable requests within 45 days.
Financial Privacy (GLBA Notice)
As a financial technology application, we are committed to the principles of the Gramm-Leach-Bliley Act (GLBA) regarding the protection of your nonpublic personal information (NPI).
Information We Collect
We collect nonpublic personal information about you from the following sources:
- ●Information you provide directly (name, email, financial goals, tax profile)
- ●Information from your financial institutions via Plaid (account balances, transactions)
- ●Information from your cryptocurrency accounts via Coinbase (holdings, balances)
- ●Information generated through your use of the Service (budgets, insights, rewards)
Information We Share
We do not share your nonpublic personal information with non-affiliated third parties except as necessary to provide the Service (e.g., Plaid for bank connectivity) or as required by law. We do not sell your financial information.
How We Protect Your Information
We maintain administrative, technical, and physical safeguards to protect your nonpublic personal information, including encryption, access controls, and regular security assessments, as described in Section 7 of this policy.
State Privacy Rights
Residents of states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Kentucky, and Rhode Island) may have additional rights including:
- ●Right to access, correct, and delete personal data
- ●Right to data portability
- ●Right to opt out of targeted advertising (we do not engage in targeted advertising)
- ●Right to opt out of the sale of personal data (we do not sell personal data)
- ●Right to appeal a denial of a privacy request
To exercise these rights, contact us at privacy@atlasfi.io.
Data Breach Notification
In the event of a data breach that compromises your personal information, we will:
- ●Notify affected users via email within 72 hours of discovery
- ●Provide details about what information was affected
- ●Describe the steps we are taking to address the breach
- ●Offer guidance on steps you can take to protect yourself
- ●Notify relevant regulatory authorities as required by applicable state and federal law
Children's Privacy
Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information. If you believe we have collected information from a child, please contact us immediately.
International Users
Atlas Finance is designed for and primarily serves users in the United States. Our financial data integrations (Plaid, Coinbase) and regulatory compliance are US-focused. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and sending an email notification for significant changes. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:
General: support@atlasfi.io
Privacy requests: privacy@atlasfi.io
Atlas Finance