Privacy Policy

The Service does not integrate with bank-credential aggregators (such as Plaid, MX, or Finicity). The Service never requests, transmits, or stores bank login credentials. Funding happens exclusively via tokenized rails — Apple Pay, Google Pay, or one-time debit-card tokenization — so your underlying account number is never exposed to us.

As a result, the Service cannot see your bank balances, transaction history, or account metadata. This is intentional.

ID images, selfie captures, and document metadata are sent directly from your device to Stripe Identity through their hosted flow. The Service does not intercept, proxy, or store these artifacts. We receive only the verification outcome (verified / rejected / pending) and a reference token.

The Service stores: your email, hashed authentication material, virtual-card metadata (last four, status, limits), activity ledgers, and group-split participation records. The Service does not store primary account numbers, full card numbers, CVV codes, bank credentials, ID document images, or biometric templates.

Activity data (declined charges, blocked transactions, group split events) is retained for ledger integrity and shown to you on your Activity page. We will disclose records only when compelled by valid legal process and will notify you when lawfully permitted.