Privacy Policy

Effective Date: February 25, 2026

NALO ("we," "our," or "us") operates the NALO mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our app.

1. Information We Collect

Account Information: When you create an account, we collect your email address and authentication credentials through Firebase Authentication (Google Cloud). If you sign in with Apple or Google, we receive only the identifiers those services provide.

Financial Data: When you connect bank accounts through Plaid, we receive transaction history, account balances, and account metadata. We do not receive or store your bank login credentials — Plaid handles authentication directly with your financial institution.

Usage Data: We collect anonymized analytics about how you interact with the app, including screens visited, features used, and session duration. This data does not include any financial information.

AI Interaction Data: Conversations with the NALO AI coach are processed to provide personalized financial guidance. The AI receives only a privacy-safe summary of your finances — never raw account numbers or full transaction details.

2. How We Use Your Information

• To provide AI-powered financial coaching and personalized insights
• To calculate your financial health score and safe-to-spend amounts
• To detect and track subscriptions across your accounts
• To send you relevant alerts about your financial activity
• To improve and maintain the quality of our service

We never sell your personal or financial data to third parties. Your data is used solely to provide and improve the NALO service.

3. Third-Party Services

We use the following third-party services to operate NALO:

• Plaid — Secure bank account connections and transaction data retrieval. Plaid's privacy policy: plaid.com/legal
• Firebase / Google Cloud — Authentication, database, and cloud functions infrastructure
• RevenueCat — Subscription management and billing through Apple's In-App Purchase system
• Sentry — Error monitoring and crash reporting (no financial data is included in error reports)

4. Data Retention and Deletion

We retain your data for as long as your account is active. You may delete your account and all associated data at any time from the Settings screen within the app.

When you delete your account:

• All personal and financial data is permanently removed from our servers
• All AI conversation history is deleted
• All Plaid connections are revoked
• Your Firebase Authentication account is deleted

Account deletion is irreversible. We cannot recover data after deletion.

5. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, server-side access controls, and rate limiting on all API endpoints. Financial data is processed on secure Google Cloud infrastructure.

6. Your Rights

GDPR (European Users): You have the right to access, correct, or delete your personal data. You may request a portable copy of your data through the Data Export feature in Settings. To exercise these rights, contact us at support@nalo.app.

CCPA (California Users): You have the right to know what personal information we collect and how it is used. You have the right to request deletion of your personal information. We do not sell personal information. To exercise these rights, contact us at support@nalo.app.

We do not discriminate against users who exercise their privacy rights.

7. Children's Privacy

NALO is not intended for users under the age of 18. We do not knowingly collect personal information from children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email. Continued use of NALO after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

support@nalo.app