← A2Z Ventures

A2Z Money Privacy Policy

Last Updated: May 11, 2026 · Effective Date: May 11, 2026

1. Who We Are

A2Z Money is operated by A2Z Ventures LLC ("we," "us," "our"), a Washington limited liability company located at 1955 129th Ave NE, Bellevue, WA 98005, USA. This Privacy Policy describes how we collect, use, store, and share information in connection with the A2Z Money mobile application and related services (collectively, the "Service").

If you have questions about this policy or our privacy practices, contact us at anurag.gupta@a2z-ventures.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address — used for authentication and service communications.
• Password — stored as a salted scrypt hash; we never store or have access to your plaintext password.
• Apple ID identifier (if you sign in with Apple) — a unique, app-specific identifier provided by Apple.

2.2 Financial Account Information (via Plaid, Teller, and SnapTrade)

To provide aggregated views of your finances, A2Z Money connects to your bank, credit card, and investment accounts through trusted third-party financial data providers: Plaid Inc., Teller, and SnapTrade. When you link an account:

• You authenticate directly with your financial institution through the provider's secure interface. We never see your bank login credentials.
• The provider returns an access token to us, which we use to retrieve account data on your behalf.
• We collect: account names, account types, account balances, transaction history (date, amount, description, merchant, category), investment holdings, and (where applicable) account and routing numbers needed to display account identifiers.

Plaid's use of your information is governed by Plaid's End User Privacy Policy. By using A2Z Money, you also agree to allow Plaid to share your financial information with us as described in that policy.

2.3 User-Generated Content

Information you create within the app, such as: financial goals, savings targets, transaction notes, transaction tags, custom categories, and budget settings.

2.4 Device and Usage Information

We collect minimal technical information needed to operate the app:

• Device type and operating system version (e.g., "iPhone 15, iOS 17.2") — for compatibility and bug diagnosis.
• App version — to ensure you receive updates.
• Error logs and crash reports — to identify and fix bugs. We minimize personal information in these logs and do not send them to third-party crash-reporting services.
• IP address — used for security purposes (e.g., detecting suspicious sign-ins) and not retained beyond what is necessary.

We do not use third-party analytics or advertising SDKs in A2Z Money.

3. How We Use Your Information

We use the information we collect solely to:

• Provide and maintain the Service — display your accounts, transactions, balances, and goals.
• Authenticate you and secure your account.
• Categorize transactions and calculate spending insights, net worth, and goal progress.
• Communicate with you about service-related matters (e.g., security alerts, account changes).
• Diagnose technical problems and improve the Service.
• Comply with legal obligations.

4. How We Share Your Information

We share your information only in the limited circumstances described below:

4.1 Service Providers

We share information with vetted service providers who help us operate the Service, under contractual confidentiality and data-protection obligations. For each provider below, we list what is sent and why:

• Plaid Inc. — financial account aggregation. What is sent: your authorization grant; in return Plaid sends us your bank account names, balances, and transactions. We never send Plaid your bank login credentials; you enter them directly into Plaid's interface. Plaid's Privacy Policy.
• Teller — financial account aggregation for institutions not covered by Plaid. What is sent: same model as Plaid — your authorization grant; Teller returns account data. Teller's Privacy Policy.
• SnapTrade — brokerage and retirement account aggregation. What is sent: a pseudonymous SnapTrade user ID we generate for you, plus your authorization grant; SnapTrade returns investment holdings and balances. SnapTrade's Privacy Policy.
• RevenueCat, Inc. — subscription and in-app-purchase management. What is sent: an anonymous RevenueCat user ID and purchase / restore events from the App Store. RevenueCat never receives your account balances, transactions, or any financial data. RevenueCat's Privacy Policy.
• Resend, Inc. — transactional email delivery for the optional monthly email report. What is sent (only if you opt in via Settings → Email Reports): your email address and the report content (net worth, cash-flow summary, top spending categories, and goal progress). If you have not opted in, no data is sent to Resend. Resend's Privacy Policy.
• Cloudflare, Inc. — content delivery and DDoS protection. What is sent: request metadata (IP address, user agent, URL) needed to route and protect traffic. No application-level financial data is logged by Cloudflare. Cloudflare's Privacy Policy.
• Apple Inc. — Sign in with Apple authentication, App Store distribution, and Apple Push Notification service. What is sent: for Sign in with Apple, a per-app pseudonymous identifier; for APNs, a device push token (no message content is stored by Apple beyond delivery). Apple's Privacy Policy.

We do not use third-party analytics, advertising, marketing-automation, or AI/ML-training providers. The list above is exhaustive.

4.2 Legal Requirements

We may disclose information if required to do so by law or in response to valid legal process (e.g., a subpoena, court order, or government request), or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

If A2Z Ventures LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We take security seriously and apply industry-standard practices to protect your information:

• Encryption in transit: All communication between the app, our servers, and our data providers uses TLS 1.2 or higher (typically TLS 1.3).
• Encryption at rest: Financial-provider access tokens are encrypted at the column level using AES-256-GCM. Passwords are stored as one-way scrypt hashes and are never recoverable, even by us. The underlying server storage volume is additionally encrypted at the infrastructure layer using LUKS2 (AES-256), so disk access alone does not grant access to your data.
• On-device security: The iOS app supports Face ID / Touch ID lock with idle timeout. Authentication tokens are stored in the iOS Keychain. The app does not retain your bank credentials.
• Access controls: Production systems sit behind Cloudflare's network protections and follow the principle of least privilege. Administrative access is limited to authorized personnel.
• Read-only design: A2Z Money never has the ability to move money or initiate transactions on your accounts.

No system is perfectly secure. While we strive to protect your information, we cannot guarantee its absolute security. If you become aware of any security issue, please contact us immediately.

6. Data Retention

We retain your information only for as long as necessary to provide the Service and for legitimate business or legal purposes. The schedule below aligns with our internal Data Retention and Disposal Policy:

• Account information (email, hashed password, Sign-in-with-Apple identifier): retained while your account is active.
• Financial data (account balances, transactions, holdings retrieved via Plaid / Teller / SnapTrade): retained while the corresponding account is linked. Disconnecting an account in the app revokes the upstream token and removes that account's data from active storage.
• User-generated content (goals, transaction notes, custom categories): retained while your account is active.
• Server logs (access, error, and security events): 30 days rolling, then automatically rotated and purged.
• Database backups: 30 days rolling, then automatically purged. Backups inherit the same encryption-at-rest protections as production data.
• On account deletion (Settings → Account → Delete account): all user-identifying records — credentials, financial data, and user-generated content — are removed from production systems within 14 days, and from rolling backups within 30 days. We may retain your email address and a minimal record of the deletion request for the limited purpose of demonstrating compliance.
• Legal obligations: some information may be retained longer where required by law (e.g., subpoena hold).

7. Your Rights and Choices

You have the following rights with respect to your information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Update or correct inaccurate information.
• Deletion: You can delete your A2Z Money account entirely at any time, directly from the app: Settings → Account → Delete account. The flow uses a two-step confirmation. On confirmation we revoke your upstream Plaid, Teller, and SnapTrade tokens, purge your records from production systems within 14 days, and purge them from rolling backups within 30 days (subject to legal retention requirements). You may also disconnect any individual linked account without deleting your full A2Z Money account.
• Data portability: Request an export of your data in a portable format. The monthly email report's optional CSV attachments (transactions, categories, accounts, merchants, goals) also serve as a self-service export.
• Withdrawal of consent: Disconnect any data provider at any time from within the app, which immediately stops further data collection from those institutions.

To exercise any of these rights — or if you prefer not to use the in-app flow — email anurag.gupta@a2z-ventures.com. We will respond within 30 days.

7.1 Plaid-Specific Rights

You can manage and disconnect your Plaid connections at any time by visiting Plaid's portal at my.plaid.com. Disconnecting via Plaid will stop A2Z Money from receiving further data for those institutions.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any "sale" or "sharing" of personal information.

We do not sell or share your personal information for cross-context behavioral advertising. To exercise your California rights, contact us at anurag.gupta@a2z-ventures.com.

9. Children's Privacy

A2Z Money is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

10. International Users

A2Z Money is operated from the United States and is currently intended for users in the United States. If you access the Service from outside the U.S., you understand that your information will be transferred to, stored, and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you through the app or by email. Your continued use of the Service after the effective date of the revised policy constitutes acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your information, please contact us:

A2Z Ventures LLC
Email: anurag.gupta@a2z-ventures.com
Address: 1955 129th Ave NE, Bellevue, WA 98005, USA