Privacy Policy

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Connected Financial Data

When you link your bank accounts or credit cards, we use Plaid Inc., a secure, SOC 2 Type II certified third-party service.

Plaid's Privacy Policy →

2.4 Information from Third Parties

We may receive information from:

• • Identity verification services (to comply with financial regulations)
• • Fraud prevention services (to protect your account)
• • Analytics providers (aggregated, non-identifiable usage statistics)
• • App stores (Apple, Google) regarding app downloads and updates

2.5 Information We Do NOT Collect

• ✗ Social Security Numbers
• ✗ Driver's license numbers (unless required by law for identity verification)
• ✗ Passport information
• ✗ Credit scores or credit reports (unless you explicitly provide them)
• ✗ Biometric data (unless you enable device biometric authentication, which is stored locally on your device, not our servers)

3.1 Provide Core Services

• Account management: Create and maintain your account
• Financial insights: Calculate debt payoff projections, optimize payment strategies
• Payment processing: Facilitate ACH payments from your bank to credit card issuers (via Stripe)
• Data synchronization: Update balances and transactions from linked accounts (via Plaid)
• Personalization: Customize recommendations based on your financial profile

3.2 Improve and Secure Services

• Performance optimization: Identify bugs, crashes, and areas for improvement
• Security monitoring: Detect and prevent fraud, unauthorized access, and security threats
• Product development: Analyze usage patterns to develop new features
• Quality assurance: Test new features and ensure reliability

3.3 Communicate With You

3.4 Legal and Compliance

• Comply with laws: Respond to legal requests, court orders, or regulatory requirements
• Enforce Terms: Investigate violations of our Terms of Use
• Protect rights: Defend against legal claims or protect our users' safety
• Financial compliance: Meet Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations where required

3.5 Aggregated Analytics

• • Create anonymized, non-identifiable statistics about app usage trends, feature popularity, and general demographic insights
• • Aggregated data cannot be traced back to individual users

4.1 Contractual Necessity

To provide Services you've requested (account creation, payment processing, financial insights)

4.2 Legitimate Interests

To improve, secure, and personalize our platform (fraud prevention, product development, customer support)

4.3 Consent

For optional features where you've given explicit consent:

• • Linking bank accounts via Plaid
• • Receiving marketing emails or SMS
• • Enabling biometric authentication
• • Allowing push notifications

You may withdraw consent at any time through account settings or by contacting us.

4.4 Legal Compliance

Where required by law, regulation, or legal process (tax reporting, AML compliance, court orders, data protection laws)

5.1 Security Measures

5.2 Your Security Responsibilities

• • Use strong passwords: At least 12 characters with letters, numbers, and symbols
• • Enable two-factor authentication (2FA) when available
• • Keep devices secure: Use device passcodes, biometric locks
• • Don't share credentials: Never share your password or authentication codes
• • Monitor account activity: Report suspicious activity immediately
• • Beware of phishing: We will never ask for your password via email or text

6.1 Retention Periods

6.2 Deletion Process

When you delete your account:

1. Personal data is flagged for deletion within 24 hours
2. Data is permanently erased from production systems within 30 days
3. Encrypted backups are purged within 90 days
4. You will receive confirmation of deletion via email

To delete your account:

• • In-app: Settings → Account → Delete Account
• • Email: support@ovrfinance.io with subject "Account Deletion Request"

7.1 Service Providers

7.2 Legal Disclosures

We may disclose personal data when required by law or to protect rights:

• • Court orders and subpoenas
• • Government requests (law enforcement, regulatory inquiries)
• • Tax authorities as required by law
• • Fraud prevention and safety protection
• • Enforce Terms of Use

7.4 International Data Transfers

Ovr Finance™ operates primarily in the United States. If you access our Services from outside the U.S., your data may be transferred to, stored, and processed in the United States.

Safeguards: Standard Contractual Clauses (SCCs), EU-U.S. Data Privacy Framework compliance, encryption, and access controls.

9.1 No Knowing Collection

We do not knowingly collect, use, or share personal information from children under 18. If we discover a minor has provided data:

• • We will delete it immediately
• • We will notify parents/guardians (if contact information is available)
• • We will terminate the account

9.3 COPPA Compliance (U.S.)

We comply with the Children's Online Privacy Protection Act (COPPA). We do not collect personal information from children under 13, allow children under 13 to create accounts, or target advertising to children.

10.2 Types of Cookies We Use

10.4 Mobile App Tracking

• • iOS: We comply with Apple's App Tracking Transparency (ATT) framework
• • Android: We comply with Google's advertising policies. We do NOT use advertising IDs for tracking.

12.1 Subscription Payments

Processed by: Stripe (web), Apple (iOS), Google (Android)

Important: We do NOT store full credit card numbers or CVV codes. Payment data is tokenized by processors.

12.2 ACH Payments (Bank-to-Credit Card)

When you use the "Pay Now" feature:

1. You link bank account via Plaid
2. You authorize payment in Ovr Finance
3. We instruct Stripe to initiate ACH debit
4. Stripe processes payment to your credit card issuer

13.3 App Permissions

16.1 California Residents (CCPA/CPRA)

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out of Sale/Sharing: We do NOT sell or share personal information
• Right to Non-Discrimination: We will not discriminate for exercising CCPA rights

How to Exercise: Email privacy@ovrfinance.io with subject "CCPA Request - [Right Being Exercised]"

Other U.S. States

We comply with privacy laws in all U.S. states, including:

• • Virginia (VCDPA)
• • Colorado (CPA)
• • Connecticut (CTDPA)
• • Utah (UCPA)
• • Montana, Oregon, Texas, and other emerging state laws

Email privacy@ovrfinance.io with your state in the subject line.

18.1 Use of AI and Algorithms

Ovr Finance™ uses AI and algorithms to:

• • Calculate optimal debt payoff strategies
• • Recommend payment amounts and timing
• • Predict debt-free dates
• • Personalize financial insights
• • Detect anomalies or unusual spending patterns

18.6 No Profiling for Adverse Decisions

We do NOT use AI or profiling to deny services, charge different prices based on protected characteristics, or discriminate based on race, ethnicity, religion, gender, etc.

19.1 Types of Communications

19.2 How to Opt-Out of Marketing

• • Email: Click "Unsubscribe" at the bottom of any marketing email
• • SMS: Reply STOP to any marketing text
• • Push Notifications: Device settings or in-app Settings → Notifications

While we implement robust security measures, we cannot guarantee absolute security. We are NOT liable for unauthorized access due to circumstances beyond our control, cyberattacks that bypass security measures, your own security lapses, or third-party breaches.

Liability Cap: Where liability cannot be excluded by law, our total aggregate liability is limited to the lesser of $100 USD or the total amount you paid to Ovr Finance in the 12 months prior to the claim.