Privacy Policy

Effective Date: November 03, 2025

Introduction

This Privacy Policy describes how Stak ("we," "us," or "our") collects, uses, shares, and protects your

personal information when you use our mobile application (the "App"). By using the App, you agree

to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following types of information to provide and improve the App experience:

• Financial Data: Bank account information (obtained via Plaid), account balances, transaction

history, and budget information.

• Personal Data: Name, email address, and profile preferences.

• Usage Data: Wishlist activity, discovery feature interactions, social sharing activity, and app

navigation patterns.

• Device Information: Device type, operating system version, unique device identifiers, and

mobile network information.

• Analytics Data: Usage patterns, feature adoption metrics, performance logs, crash reports, and

error data.

• Location Data: Approximate location information (only if explicitly enabled by you in device

settings).

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide budgeting insights, calculate spending power, and deliver

personalized financial recommendations.

• Feature Enhancement: To power wishlist functionality, discovery features, and social sharing

capabilities.

• App Improvement: To analyze usage patterns, improve app performance, enhance stability,

and develop new features.• Security: To detect and prevent fraud, abuse, and security threats.

• Communication: To send important notifications, service updates, and respond to your

inquiries.

• Compliance: To comply with legal obligations and enforce our Terms of Service.

3. Data Sharing and Third Parties

We do not sell your personal or financial information to third parties. We may share your data with

the following trusted service providers who assist us in operating the App:

• Plaid: For secure bank account connections and transaction data retrieval. Plaid's privacy policy

is available at https://plaid.com/legal/#privacy-policy

• Supabase: For secure cloud database hosting and backend infrastructure.

• Apple: For app distribution via the App Store and push notifications.

• Analytics Providers: For crash reporting and performance monitoring (if applicable).

We may also disclose your information if required by law, legal process, or to protect the rights,

property, or safety of Stak, our users, or others.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: All data transmitted between the App and our servers uses TLS 1.2 or higher

encryption.

• Token Encryption: Plaid access tokens are encrypted at rest using strong encryption

algorithms.

• Access Controls: Strict access controls limit who can view or modify your data.

• Authentication: Multi-factor authentication is enforced on all administrative accounts.

• Monitoring: Continuous monitoring and logging of security events to detect and respond to

threats.

While we strive to protect your information, no method of transmission over the internet or

electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information according to the following schedule:

• Active Accounts: Data is retained indefinitely while your account remains active and in use.

• Deleted Accounts: Upon account deletion request, data is permanently removed after a 30-day

grace period to allow for recovery if needed.

• Transaction Data: Financial transaction records are retained for 7 years to comply with

financial regulatory requirements.

• Plaid Access Tokens: Deleted immediately when you disconnect a bank account or delete your

account.

• Application Logs: Retained for 90 days to 1 year for security monitoring and troubleshooting

purposes.

• Backup Data: Deleted from backup systems within 30 days of account deletion.

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of all personal data we hold about you.

• Correction: Request correction of inaccurate or incomplete personal information.

• Deletion: Request deletion of your account and all associated personal data (subject to legal

retention requirements).

• Export: Request a machine-readable copy of your data for portability purposes.

• Revoke Consent: Disconnect bank accounts or revoke permissions at any time through the App

settings.

• Opt-Out: Opt out of non-essential communications or data collection features.

To exercise any of these rights, please contact us at support@stakapp.com or use the data

management features available in the App settings.

7. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect

personal information from children under 18. If you are a parent or guardian and believe your child

has provided us with personal information, please contact us at support@stakapp.com and we will

delete such information.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy

Act (CCPA), including:

• Right to Know: Request information about the personal information we collect, use, and share.

• Right to Delete: Request deletion of your personal information.

• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal

information).

• Right to Non-Discrimination: Exercise your privacy rights without discrimination.

To exercise these rights, contact us at support@stakapp.com.

9. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data

Protection Regulation (GDPR), including the rights described in Section 6 above. Our legal basis for

processing your data is:

• Consent: You have provided explicit consent for financial data access via Plaid.

• Contract Performance: Processing is necessary to provide the budgeting services you

requested.

• Legitimate Interest: We have a legitimate interest in improving the App and preventing fraud.

You may lodge a complaint with your local data protection authority if you believe we have not

complied with GDPR requirements.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where

our service providers operate. These countries may have different data protection laws than your

country of residence. By using the App, you consent to the transfer of your information to these

countries. We ensure that appropriate safeguards are in place to protect your information in

accordance with this Privacy Policy.11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology,

legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy in the App with a new effective date

• Sending you an email notification to the address associated with your account

• Displaying a prominent notice in the App

Your continued use of the App after such changes constitutes your acceptance of the updated

Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices,

please contact us at:

Email: support@stakapp.com

Mail: Stak, [Your Company Address]

Response Time: We will respond to all privacy-related inquiries within 30 days.