Vault-Sprout logo
Vault-SproutClarity-first finance

Effective December 28, 2025 - Last updated December 28, 2025

Vault-Sprout Privacy Policy

We do not sell your personal information.

Home

Contact Us

Privacy questions or requests: support@vault-sprout.com

Legal notices: email support@vault-sprout.com with the subject line "Legal Notice."If a physical mailing address is required for a specific legal purpose, email us and we'll provide the appropriate address.

What Vault-Sprout Never Does

  • Never sells your personal information.
  • Never asks for or stores your bank login credentials inside Vault-Sprout (linking is via Plaid).
  • Never runs ads based on your transactions or shares transaction details for ad targeting.
  • Never gives other users access to your data unless you explicitly share it.

We use Supabase (auth + database) and Plaid (optional bank connections) to operate core features. They process information to provide their services, not to let Vault-Sprout sell your data.

Information We Collect

A) Information you provide

  • Account information (such as name and email)
  • Preferences and content you save (budgets, categories, goals, rules, notes)
  • Messages you send to support or feedback you submit

B) Financial information (if you connect accounts via Plaid)

Transactions, account information, and balances you authorize through Plaid's flow. Vault-Sprout never asks you to type bank credentials directly into Vault-Sprout.

C) Usage and device information

Pages viewed, actions taken, device/browser info, IP, diagnostics.

D) Cookies/local storage

Used to keep you signed in, remember preferences, and help the Service function.

E) Automated processing

We may auto-categorize transactions and generate insights. These are informational only and do not have legal or similarly significant effects. You can review and correct categorizations where available.

How We Use Information

  • Provide and operate the Service
  • Personalize your experience
  • Process features you enable (including linked accounts via Plaid)
  • Improve reliability, troubleshoot, and develop features
  • Prevent fraud, abuse, and unauthorized access
  • Communicate with you (support, service notices, important updates)
  • Comply with legal obligations and enforce terms

Legal bases for EEA/UK/Switzerland users: contract, legitimate interests, consent (where applicable), and legal obligation.

How We Share Information

  • Supabase: auth + database to run core features.
  • Plaid: only if you enable bank connections; data flows per your authorizations.
  • Other processors: infrastructure/support/analytics/payment providers acting on our instructions.
  • Legal/safety: to comply with law or protect rights/safety.
  • Business transfers: as part of a merger/acquisition/financing/reorg; notice provided when required.

We Do Not Sell Your Personal Information

We do not sell your personal information or share it for cross-context behavioral advertising in a way that would be considered a "sale" or "share" under certain state laws.

California "Shine the Light": California residents may request a list of third parties (if any) to which we disclosed personal information for those third parties' direct marketing purposes in the prior calendar year by emailing support@vault-sprout.com.

Data Retention

  • We retain information as long as needed to provide the Service, maintain security, comply with legal requirements, and resolve disputes.
  • Account data stays while your account is active; Plaid data is refreshed per your connections.
  • On account deletion, we delete or de-identify data from active systems subject to legal/fraud/backup needs.
  • Aggregated or anonymized usage data may be retained longer because it is not intended to identify you.

Security + Breach Notification

We use reasonable safeguards (e.g., encryption in transit, access controls, monitoring). No system is 100% secure. If a breach occurs, we will investigate, contain, and notify users/regulators as required by law.

Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing; withdraw consent; and opt-out of sale/sharing (we do not sell data). No discrimination for exercising rights where protected by law.

To make a request, email support@vault-sprout.com from the email tied to your account. Response times follow applicable law (e.g., ~45 days for certain U.S. state requests; ~1 month under GDPR/UK GDPR, with extensions where allowed).

You can disconnect linked accounts via the Service (if available) and/or through Plaid tools depending on how the connection was established.

Children's Privacy

Vault-Sprout is not intended for anyone under 18. We do not knowingly collect personal information from children.

International Users

If you access the Service from outside the U.S., your information may be processed in the U.S. or other locations where our providers operate.

Changes to This Policy

We may update this Privacy Policy; material changes will include reasonable notice (for example, in-app or by email). The "Last Updated" date reflects the latest version.

Contact

Email support@vault-sprout.com for privacy questions or requests. You can also review our Terms of Service.