Privacy Policy

Effective Date: March 30, 2026

Thrivn ("we," "our," or "us") is a personal finance management application developed and operated by Roberto Benavides (sole proprietor). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Thrivn mobile application (the "App").

By using Thrivn, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.

1. Information We Collect

1.1 Personal Information

  • Name (provided during onboarding)
  • Apple ID email address (via Sign in with Apple)
  • User preferences and settings

1.2 Financial Data via Plaid

When you connect a bank account, we use Plaid Inc. ("Plaid") to securely retrieve your financial information. By connecting your accounts through Plaid Link, you authorize Plaid to access the following data on your behalf:

  • Account information: bank account names, types, account masks, and current/available balances
  • Transaction data: transaction history including amounts, dates, merchant names, and categories
  • Institution information: bank name and institution identifier

Plaid's use of your information is governed by the Plaid Privacy Policy. We encourage you to review it.

1.3 Device Information

  • Device type and operating system version
  • App version
  • Push notification tokens (if notifications are enabled)

1.4 Usage Data

  • Features used and interaction patterns (anonymized)
  • Error logs for debugging purposes

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Thrivn service
  • Sync and display your bank account balances and transactions
  • Categorize transactions and apply user-defined rules
  • Track budgets, savings goals, and debt payoff progress
  • Send push notifications (e.g., budget alerts) when enabled
  • Improve the App and fix bugs

3. Plaid Integration

Thrivn uses Plaid to connect your bank accounts to the App. When you tap "Connect Bank" in Thrivn, you are taken to the Plaid Link interface where you securely log in to your financial institution. Plaid then provides Thrivn with access to your account and transaction data.

Key points about our Plaid integration:

  • Your bank login credentials are entered directly into Plaid's secure interface. Thrivn never sees, collects, or stores your bank username or password.
  • Plaid access tokens are stored server-side only, in a secured database table with Row Level Security. They are never exposed to the client application.
  • You can revoke Plaid's access at any time by disconnecting your bank account within the App (Accounts > select account > Disconnect), or by contacting us at support@thrivn.app.
  • For more information on how Plaid handles your data, please visit the Plaid Privacy Policy.

4. Data Storage and Security

We take the security of your data seriously. Here is how your data is protected:

  • Server storage: All user data is stored in Supabase (PostgreSQL) with AES-256 encryption at rest.
  • Data in transit: All communication between the App, our servers, and Plaid uses TLS 1.2+ encryption.
  • Access control: Database access is governed by Supabase Row Level Security (RLS) policies, ensuring users can only access their own data.
  • Local cache: The App maintains a local cache on your device using an encrypted SQLite database for offline access.

5. Data Sharing

We do not sell, rent, or share your personal or financial data with any third parties.

Your financial data retrieved via Plaid is used exclusively to provide you with Thrivn's financial management features. We do not use your data for advertising, profiling, or any purpose other than delivering the service to you.

We may disclose information only if required by law or to protect our legal rights.

6. Your Rights

You have the right to:

  • Access your personal and financial data stored in the App
  • Correct inaccurate information via your account settings
  • Delete your account and all associated data (Settings > Delete Account)
  • Data portability: request a copy of your data by contacting us
  • Revoke Plaid access by disconnecting bank accounts within the App

To exercise any of these rights, use the in-app settings or contact us at privacy@thrivn.app.

7. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all of your data is permanently and irreversibly deleted from our servers, including your profile, bank connections, transactions, budgets, goals, debts, and rules. Plaid access tokens are revoked via the Plaid API.

Accounts inactive for more than 12 months may be flagged for deletion. You will be notified via email 30 days before any such deletion occurs.

For full details, see our Data Retention and Disposal Policy.

8. Children's Privacy

Thrivn is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided us with personal information, please contact us at privacy@thrivn.app and we will promptly delete it.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used
  • The right to request deletion of your personal information
  • The right to opt out of the sale of personal information (Thrivn does not sell personal information)
  • The right to non-discrimination for exercising your privacy rights

To submit a CCPA request, contact us at privacy@thrivn.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: