Data Policy
Last updated: June 25, 2026
This Data Policy is a plain-language companion to our Privacy Policy. It summarizes the categories of data we hold, where they live, how long we keep them, and the controls you have.
Our approach
Superbasic Finance is built around radical simplicity, and we apply the same principle to data: we collect what the Service needs to work, and little else. We do not sell your data, and we do not use your financial transactions for advertising. This page describes how we handle data operationally; for your formal rights and our legal commitments, see the Privacy Policy.
What we store
| Category | Examples | Source |
|---|---|---|
| Account | Email, name, hashed password, sign-in provider | You / your identity provider |
| Financial connections | Connected institution, accounts, balances, transactions (up to 24 months) | Plaid, with your authorization |
| Manual entries | Accounts and transactions you add yourself | You |
| Organization | Workspaces, groups, filters, sorts, rules, notes, sheets | You |
| Billing | Stripe customer and subscription IDs, status, slot count, billing period | Stripe |
| Technical | IP address, device/browser type, request logs | Automatically collected |
We do not store your online banking username or password — those are entered directly with Plaid. We do not store full payment card numbers — those are handled by Stripe.
Where your data lives
Your data is stored in managed PostgreSQL databases — hosted on Neon as our primary database, with a standby copy on Supabase kept in sync for disaster recovery — and the application runs on cloud infrastructure (such as Google Cloud) in the United States. Sensitive credentials, such as the access tokens that allow us to refresh your bank connections, are encrypted at rest. See our Security page for the safeguards we apply.
Who we share it with
We rely on a small set of vendors (sub-processors) to run the Service. Each processes data on our behalf under contract:
| Provider | Purpose |
|---|---|
| Plaid | Connecting your financial institutions and retrieving data |
| Stripe | Subscription payments and card processing |
| Cloudflare | Bot defense on authentication flows |
| Resend | Transactional email delivery |
| Neon | Primary PostgreSQL database hosting |
| Supabase | Standby PostgreSQL database for disaster recovery |
| Cloud infrastructure (e.g. Google Cloud) | Running the application |
Members of a workspace can see the accounts and transactions you make available to that workspace. Sharing a bank is your choice, but each workspace’s owners and admins — who may be people other than you — control that workspace’s membership.
How long we keep it
- While your account is active: we keep your data so the Service can show it to you.
- When you disconnect a bank: the historical data already imported can remain as manual records so your history is preserved, until you delete it.
- When you permanently delete a bank: its accounts and transactions are removed.
- When you delete your account: we delete or de-identify your personal data, except records we must retain for legal, accounting, or dispute-resolution purposes.
See Data Deletion for step-by-step instructions.
Your controls
- View and edit your accounts, transactions, and notes in the app.
- Disconnect or permanently delete any connected bank.
- Export your bank accounts and transactions as CSV from the app.
- Delete your entire account from your account settings.
- Request access, correction, or deletion by emailing privacy@superbasicfinance.com.