Privacy Policy

We don't sell your data. We don't show you ads. We don't share your financial information with anyone except the third parties that strictly need it to make Plata work (auth, payments, AI). Your data is yours. Cancel any time and export everything.

• Account info. Email, name, password (hashed), language preference, theme preference.
• Financial data you enter. Transactions, budgets, goals, recurring bills, account balances. Stored encrypted.
• Usage events. Anonymous, aggregated traffic stats via Vercel Analytics (no cookies, no personally-identifiable data).
• Payment data. Card processing happens entirely on LemonSqueezy. We never see card numbers.

• We don't use third-party advertising trackers.
• We don't fingerprint your browser.
• We don't sell, rent, or share data with data brokers.
• We don't train AI models on your financial data.

To run Plata we share specific data with these vendors:

• Vercel — hosting and analytics. Sees your IP and pages visited.
• Turso — database. Sees your encrypted records.
• Anthropic (Claude) — powers the AI assistant. Sees your messages and the relevant data summary needed to answer (not your full database). Anthropic does not train on this data per their API terms.
• LemonSqueezy — payment processing. Sees your billing email and card details.
• Resend — transactional emails (password reset, receipts). Sees your email address.

You can:

• Export everything as CSV or JSON from Settings → Export.
• Delete everything from Settings → Delete account. We hard-delete your records within 30 days.
• Cancel billing in one click — no phone calls, no forms.
• Request a copy of all data we hold about you by emailing privacy@useplata.com.

Residents of California (CCPA), the EU/UK (GDPR), and other jurisdictions have additional rights, including the right to know, the right to delete, and the right to opt out of any data sharing. Contact us to exercise them.

Data at rest is encrypted with AES-256. Data in transit uses TLS 1.3. Passwords are hashed with bcrypt (cost factor 12). Sessions are signed JWTs in httpOnly cookies with the Secure and SameSite flags. We run on Vercel's SOC2-certified infrastructure.

Plata is not intended for users under 18. We don't knowingly collect data from minors. If you believe a minor has signed up, contact us and we will delete the account.

If we update this policy in a way that affects how we use data, we'll email you and post a banner on the site. We won't expand data collection retroactively without explicit consent.

Questions? Email privacy@useplata.com. We answer within 5 business days.