We read the receipts. No one else does.

§01Who we are

Brenda is a product of Brenda Labs, the data controller for the information described in this policy. When this policy says “we,” “us,” or “Brenda,” we mean Brenda Labs.

If you want to reach a human about anything in this document, write to privacy@usebrenda.com.

§02What we collect

Information you give us

• Account. Email address, first and last name, a password (stored hashed), and your time zone. If you sign in with Apple or Google, we receive your email and name from those providers instead of a password.
• Consents. Whether you accepted this policy, the terms of service, and whether you opted into marketing emails.
• Profile content. Goals, budgets, categories, notes you write on transactions, and messages you send to the in-app coach.

Information we receive from your bank, through Plaid

When you link a bank account, you authenticate directly with your bank through Plaid. Plaid is the regulated data network that brokers the connection. From Plaid, we receive:

• The institution you linked and the account names, types, masks (last-four), and balances.
• Transactions on those accounts: amount, date, merchant name and category from Plaid, and — when the bank provides it — the city, state, and approximate location of the transaction.

We use only the Plaid Auth and Transactions products. We do not pull credit data, income verification, identity documents, or initiate transfers.

Information we collect automatically

• Device. Device model, OS version, app version, and a push-notification token when you opt in.
• Authentication metadata. When you enable Face ID/Touch ID/Android biometrics, we store a public credential identifier — never your biometric data, which stays on the device.
• Activity. A “last active” timestamp and basic event logs to keep the app working and detect abuse.

§03How we use it

• To run the app: show your accounts, transactions, and budgets.
• To generate the coach summaries, monthly wraps, streaks, and insights you see inside Brenda.
• To search your transactions quickly. We index transaction fields (merchant, amount, category, date) into a search service so the search bar is fast.
• To send transactional notifications you've opted into (e.g. a goal milestone, a missed-streak reminder).
• To keep the service secure: rate-limiting, abuse detection, fraud-signal review.

§04What we don't do

• We don't sell your personal information. Not now, not later.
• We don't share your transactions with advertisers or data brokers.
• We don't train third-party AI models on your financial data. When the in-app coach calls a model provider, it sends only what's needed for that response and asks the provider not to retain it for training.
• We don't run third-party advertising trackers inside the app.

§05Who we share with

We share data with a small set of vendors that help us run Brenda:

• Plaid — to establish and refresh the bank connection and to deliver transactions. Plaid's handling of your data is governed by Plaid's End User Privacy Policy.
• Apple and Google — only if you choose to sign in with them, to verify your identity.
• Cloud infrastructure (database, search, push delivery) — to host the data and deliver notifications.
• Model providers — to generate coach replies, with retention disabled where the provider supports it.
• Law enforcement — only when compelled by valid legal process. We push back on overbroad requests.

§06Where it lives, how long

Account, budget, and transaction data is stored in our primary database (PostgreSQL) and indexed in a search service (Elasticsearch). Both run in cloud infrastructure in the United States.

We keep your data while your account is active. When you delete your account, we revoke any Plaid bank connections, then permanently delete your data within 30 days, except where we're legally required to keep a record longer (e.g. fraud or tax obligations).

§07How we protect it

• TLS 1.2+ for everything in transit.
• Bank credentials never touch our servers. Plaid handles authentication; we hold only an encrypted access token.
• Passwords are hashed with a modern algorithm; auth tokens are short-lived JWTs with refresh-token rotation.
• Production data access is limited to a small set of engineers and logged.

No system is unbreakable. If a breach affects you, we'll tell you and any required regulator without delay.

§08Your rights

You can, at any time:

• See the data we hold on you — most of it is in the app already.
• Correct profile fields from the Profile screen.
• Disconnect any bank connection from Profile → Bank links. We immediately stop receiving new transactions for that connection.
• Delete your account from Profile → Privacy & security → Delete account. This also revokes Plaid access and removes your records from our search index.
• Export your data — email privacy@usebrenda.com and we'll send a copy.
• Object or restrict certain processing if you live in the EU/UK, or exercise the rights granted by your state if you live in California, Colorado, or another state with a privacy law.

§09Children

Brenda is not for anyone under 18. We don't knowingly collect data from minors. If you believe a minor has signed up, write to us and we'll remove the account.

§10Changes

If we change this policy in a way that affects you, we'll let you know in the app and update the “last updated” date at the top. Material changes get at least 30 days' notice.

§11Contact

Privacy questions: privacy@usebrenda.com
Everything else: hello@usebrenda.com

This document is a draft pending legal review and does not constitute legal advice.