Effective April 27, 2026

Privacy Policy

Why Did You Buy That is a personal spending companion from JNDN Labs, LLC. This policy explains what we collect, why we collect it, who we share it with, and how you can ask us to delete it.

Information We Collect

Account information: email address, authentication identifiers, settings, and support messages you send us.
Financial account data: when you connect an account with Plaid Link, we may receive account names, account type, masked account numbers, institution names, transaction details, merchant names, amounts, dates, categories, and related metadata.
Plaid connection data: Plaid item identifiers and encrypted Plaid access tokens. The iOS app never receives Plaid access tokens.
Generated insights: AI-generated notes about spending patterns and the transaction identifiers used to produce those notes.
Technical data: server logs, request identifiers, IP-derived security information, device or app metadata, and diagnostics needed to operate and protect the service.

How We Use Information

To connect your financial accounts through Plaid Link after you choose to do so.
To sync, categorize, display, and aggregate transactions inside the app.
To generate spending insights, reminders, summaries, and similar product features.
To provide support, troubleshoot bugs, prevent misuse, secure the service, and comply with legal obligations.

Plaid

We use Plaid to let you connect financial accounts. Plaid collects and processes information according to Plaid's own policies and consent screens. You should review Plaid's End User Privacy Policy and the permissions shown in Plaid Link before connecting an account.

AI Processing

When you ask for insights, transaction details needed to create the insight may be sent to our AI provider. We do not send Plaid access tokens to AI providers. AI output may be incomplete or inaccurate, and it is not financial, legal, tax, medical, or investment advice.

Sharing

We do not sell personal information. We share information only with service providers that help operate the app, including Plaid for account connections, infrastructure and database providers, AI providers for requested insights, email providers for transactional messages, and legal or security parties when required to protect users or comply with law.

Security

We use HTTPS, server-side API keys, restricted backend access, row-level database controls, and AES-256-GCM encryption for Plaid access tokens. No internet service can be guaranteed perfectly secure, so please contact us promptly if you believe your account or data may be at risk.

Retention And Deletion

We keep account, transaction, and insight data while your account is active or as needed for the purposes described here. You can request deletion through the app or by emailing us. Our deletion flow removes connected Plaid items, encrypted Plaid tokens, accounts, transactions, insights, profile records, and the authentication user record, subject to short backup windows and legal obligations.

Your Choices And Rights

You may ask to access, correct, or delete your information. Depending on where you live, you may have additional rights such as the right to know, delete, correct, opt out of sale or sharing, limit certain sensitive data uses, and not be discriminated against for exercising privacy rights. We do not knowingly collect information from children under 18.

Contact

For privacy requests or questions, email hello@whydidyoubuythat.app.