Privacy & Data Policy

Auric is a personal finance tracking application that connects to your bank accounts via Plaid. This policy explains what data we collect, how we use it, how long we retain it, and your rights as a user.

We store only the data fields required to provide Auric’s spending tracker functionality. Full account numbers and routing numbers are never stored.

By using Auric, you acknowledge that your data is processed by Plaid in accordance with Plaid’s End User Privacy Policy. You authorize Auric to access, receive, and transmit your data to and from Plaid as reasonably necessary to provide the service.

• Display your transaction history and spending analytics
• Detect recurring charges and subscriptions
• Compare your spending against your personal budgets
• We never sell your data, share it with advertisers, or use it for purposes unrelated to providing the service.
• Auric does not “sell” or “share” your personal information or sensitive personal information (such as financial account login info) as those terms are defined under California law.

• Plaid access tokens are encrypted at rest using AES-256-GCM
• All data is transmitted over TLS 1.2 or higher
• Full account numbers are never stored; only masked identifiers (such as the last 4 digits) are retained
• We use industry-standard security practices, though no method of transmission over the Internet is 100% secure.
• Plaid API usage is audit-logged, including endpoint and timestamp.

• Transaction records are retained for up to 24 months from the transaction date and are automatically purged during sync.
• When you disconnect a bank account, the Plaid access token is revoked immediately and associated data is deleted.
• When you delete your account, all remaining data is deleted within 30 days.
• Data may persist in our secure, encrypted backups for up to 90 days before being permanently overwritten.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to know — you can view the data we hold about you through the Dashboard, Transactions, and Accounts pages.
• Right to deletion — use Settings → Delete my account to permanently delete your account and associated data.
• Right to disconnect — use Accounts → Disconnect to revoke bank access at any time.
• Right to correct — if you believe your profile information or account metadata is inaccurate, you may request a correction using the contact method below.
• Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights.

If you are not a California resident, you may still access, update, or delete your data through the product features described above.

Auric is not directed to children under 13. We do not knowingly collect or retain personal data from children under 13 (COPPA compliance).

At or before the point of collection, we collect your email address for account management and your financial transaction data through Plaid to provide spending tracking and analytics. We do not use this information for any other purpose.

For privacy-related questions, please contact Zhicong Zhong at support@auricmoney.com.