Privacy Policy

We do not sell your personal information. We do not share your data with advertisers. Identity documents and SSN data are processed exclusively by Stripe Identity and are never stored by The Savings Box Inc. Raw bank transaction data is analyzed in real-time by AI and is never stored in our databases.

1. About this policy

This Privacy Policy describes how The Savings Box Inc. ("SavingsBox," "we," "us," or "our") collects, uses, stores, and shares your personal information when you use our SavingsBox and SavingsBoxPro applications and website. By using our services, you consent to the practices described in this policy. We do not sell your personal information to third parties. We do not share your information with advertisers for ad targeting purposes.

2. Information we collect

We collect information you provide directly, including: full legal name, date of birth, and residential address (required for identity verification); email address and phone number; government-issued identification details collected by Stripe Identity (not stored by SavingsBox — we receive only a verification result); the last 4 digits of your Social Security Number (transmitted directly to Stripe Identity and not retained by us); bank account information via Plaid (account numbers are not stored by SavingsBox — we receive only tokenized access references); and professional credentials and license details for SavingsBoxPro users. We also automatically collect device identifiers, IP address, app usage data, push notification tokens, and transaction history within the platform.

3. Information from third parties

We receive the following information from our licensed service providers: identity verification results from Stripe Identity (approved/declined status only); bank account verification status and transaction data from Plaid (with your explicit consent for spending analysis); payment status and transaction records from Stripe; and OFAC and sanctions screening results. We do not receive your full SSN, full bank account numbers, or raw identity documents from these partners.

4. How we use your information

We use the information we collect to: verify your identity and comply with KYC/AML obligations under the Bank Secrecy Act; process savings contributions, withdrawals, subscription payments, and appointment payments; operate and improve our platform; personalize your experience including AI coach (Maya) interactions; send transactional notifications; detect and prevent fraud, money laundering, and prohibited activities; screen users and transactions against OFAC sanctions lists and government watchlists; comply with legal obligations including FinCEN 314(a) requests and court orders; analyze your bank transaction data (with your explicit consent) to provide personalized spending insights through Maya; and present relevant third-party financial product offers (with disclosure).

5. Bank transaction data and AI spending analysis

With your explicit consent, SavingsBox may access your bank transaction data through Plaid to power our AI-driven spending analysis feature. This works as follows: your raw transaction data is fetched from Plaid in real-time when you request spending analysis; the transaction data is processed by our server and summarized by category and merchant; this summary is passed to Anthropic's Claude AI to generate personalized insights; raw transaction data is never stored in SavingsBox's databases — only AI-generated summaries and insights are used to power the feature; you may revoke this consent at any time by disabling spending analysis in your Profile settings, which will immediately prevent further transaction data access. You must separately consent to (a) linking your bank account and (b) enabling AI spending analysis. These are distinct permissions and you may use one without the other.

6. How we share your information

We share necessary data with the following licensed service providers: Stripe Payments Company for payment processing, fund custody, identity verification, and money transmission (stripe.com/privacy); Plaid Inc. for bank account linking, verification, and transaction data access with your consent (plaid.com/legal); Anthropic PBC for AI processing of Maya coach interactions and spending analysis summaries; Resend for transactional email delivery; and Supabase for secure cloud database infrastructure. We do not share your data with these partners for their own marketing purposes. Transaction-level data shared with Anthropic for spending analysis is anonymized summaries only — individual merchant names and amounts are included in analysis prompts but not retained by Anthropic beyond the API call per their data use policies.

7. Legal and compliance disclosures

We may disclose your information when required by law to: comply with a court order, subpoena, or government request; respond to FinCEN 314(a) requests or National Security Letters as required by the Bank Secrecy Act; file Suspicious Activity Reports (SARs) with FinCEN when required; report blocked transactions to OFAC; or protect the rights, property, or safety of SavingsBox, our users, or the public. We are legally prohibited from disclosing that a SAR has been filed or that a National Security Letter has been received, if applicable.

8. Third-party referral partners

If you engage with a third-party financial product referral surfaced in the app or by Maya, we may share limited information with that partner necessary to process your inquiry. We will disclose such sharing at the time of referral and you will have the opportunity to opt out. SavingsBox may receive compensation for referrals. Third-party services are governed by those providers' own privacy policies.

9. Data retention

We retain your personal information for as long as your account is active and as required by applicable law. Identity verification records and transaction records are retained for 5 years after account closure as required by BSA regulations. SAR-related and OFAC screening records are retained for 5 years. General account information is retained for up to 7 years after closure. Plaid access tokens are deleted from our systems immediately upon bank account disconnection or consent revocation. Raw transaction data from Plaid is never stored — only AI-generated summaries are retained temporarily to power the analytics dashboard. After applicable retention periods expire, we securely delete or anonymize your information.

10. Your rights and choices

You may access and update your personal information at any time through your account profile. You may request account deletion by contacting us at privacy@thesavingsbox.com. You may revoke bank spending analysis consent at any time in Profile settings — this immediately stops transaction data access. You may disconnect your bank account at any time, which removes our access to your Plaid data. Note that we are required by law to retain identity verification and transaction records for the periods described in Section 9, even after deletion. You may opt out of non-transactional communications using the unsubscribe link in emails or app notification settings.

11. California residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California rights, contact us at privacy@thesavingsbox.com. We will respond within 45 days.

12. Data security

We implement industry-standard security measures including encryption in transit (TLS 1.2+) and at rest, role-based access controls, multi-factor authentication for administrative access, and regular security reviews. Plaid access tokens stored in our database are encrypted at rest. Your financial data is handled by PCI-DSS compliant partners. Despite these measures, no system is completely secure. Notify us immediately at privacy@thesavingsbox.com if you suspect unauthorized access.

13. Children's privacy

SavingsBox is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, contact us at privacy@thesavingsbox.com and we will delete that information promptly.

14. Cookies

We use cookies and similar tracking technologies on our website to track activity and maintain session state. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Our mobile applications do not use browser cookies.

15. Changes to this policy

We may update this Privacy Policy periodically. We will notify you of material changes via the app or email at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

16. Contact us

For privacy-related questions or to exercise your rights, contact us at privacy@thesavingsbox.com or visit thesavingsbox.com/privacy. Mail: The Savings Box Inc., Privacy Officer, United States.