Privacy Policy

Last updated: January 07, 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, how we protect it, and your rights regarding your data.

1. Information We Collect

Information You Provide

  • Account Information: When you create an account, we collect your name and email address.
  • Waitlist Information: If you join our waitlist, we collect your email address to notify you when OmniAccount launches.
  • Communications: When you contact us, we keep records of your correspondence.

Financial Data via Plaid

OmniAccount uses Plaid Inc. ("Plaid") to securely connect to your financial institutions. By using OmniAccount to link your financial accounts, you expressly consent to the collection, use, and storage of your financial data as described in this policy.

When you connect a financial account through Plaid, we receive:

  • Account information (account name, type, balances)
  • Transaction data (date, amount, merchant, category)
  • Account and routing numbers (for payment initiation, if enabled)
  • Account holder information provided by your financial institution

We DO NOT store your bank login credentials. Your credentials are entered directly into Plaid's secure interface and are never transmitted to or stored by OmniAccount. Plaid acts as a secure intermediary between you and your financial institutions.

For more information about how Plaid handles your data, please review Plaid's End User Privacy Policy.

Automatically Collected Information

  • Usage Data: We collect information about how you interact with OmniAccount, including pages visited and features used.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP addresses, access times, and referring URLs.
  • Cookies: We use essential cookies to keep you logged in and remember your preferences.

2. Consumer Consent

We obtain your consent for the collection, processing, and storage of your data in the following ways:

  • Account Creation: By creating an account, you consent to our collection and use of your account information as described in this policy.
  • Financial Account Linking: Before connecting your financial accounts through Plaid, you will be presented with Plaid's consent screen and must explicitly authorize the connection. This constitutes your consent for us to receive and process your financial data.
  • Ongoing Consent: You may revoke consent at any time by disconnecting your financial accounts or deleting your OmniAccount account.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve OmniAccount's services
  • Process, categorize, and display your financial data
  • Generate insights, budgets, and financial summaries based on your transaction history
  • Send important service updates and security alerts
  • Respond to your support requests
  • Notify waitlist members when we launch
  • Detect and prevent fraud or unauthorized access

We do not sell your personal information. We do not share your financial data with third parties for their marketing purposes.

4. Data Security

We implement comprehensive security measures to protect your data, especially given the sensitive nature of financial information:

Encryption

  • Encryption in Transit: All data transmitted between you and OmniAccount is encrypted using TLS 1.3 with 256-bit encryption. We enforce HTTPS on all connections.
  • Encryption at Rest: Consumer financial data received from the Plaid API is encrypted at the application level before being stored in our database. Encryption keys are managed separately from the database and rotated periodically.
  • Database Security: Database connections require SSL encryption. Access to production databases is restricted and logged.

Access Controls

  • Principle of Least Privilege: Access to production systems and consumer data is limited to personnel who require it for their job functions.
  • Authentication: Multi-factor authentication (MFA) is required for access to systems that store or process consumer financial data.
  • Audit Logging: Access to sensitive data is logged for security monitoring and compliance purposes.

No Credential Storage

We never store your bank login credentials. Authentication with your financial institution is handled securely through Plaid's interface.

5. Data Retention and Deletion Policy

We retain your data only as long as necessary to provide our services and comply with legal obligations:

Retention Periods

  • Account Data: Retained while your account is active and for 30 days after account deletion to allow for recovery if requested.
  • Financial Data: Transaction history and account data received from Plaid is retained while your account is active. Upon account deletion, this data is permanently deleted within 30 days.
  • Plaid Connection Tokens: Access tokens used to retrieve your financial data are deleted immediately when you disconnect an account or delete your OmniAccount account.
  • Waitlist Data: Retained until you unsubscribe, convert to a full account, or request deletion.
  • Log Data: Server logs containing IP addresses and usage data are retained for 90 days for security and debugging purposes, then automatically purged.
  • Backups: Encrypted backups are retained for up to 30 days and are purged on a rolling basis.

Data Deletion

You may request deletion of your data at any time by:

Upon receiving a deletion request, we will:

  • Delete your account and all associated personal data within 30 days
  • Revoke all Plaid access tokens, terminating our access to your financial accounts
  • Remove your data from active databases and, within the backup retention period, from backups
  • Send confirmation when deletion is complete

We may retain certain data as required by law (e.g., for tax, legal, or regulatory compliance) or to resolve disputes, but only to the extent permitted by applicable law.

Policy Review

This data retention and deletion policy is reviewed annually and updated as needed to ensure compliance with applicable data privacy laws including CCPA, GDPR, and other relevant regulations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data (see Data Deletion above).
  • Portability: Request your data in a portable, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing of your data for certain purposes.
  • Withdraw Consent: Withdraw consent for data processing at any time by disconnecting accounts or deleting your account.
  • Opt-out: Unsubscribe from marketing communications at any time.

To exercise these rights, contact us at privacy@omniaccount.com. We will respond to your request within 30 days.

7. Third-Party Services

We use the following third-party services to provide OmniAccount:

  • Plaid Inc.: Financial data aggregation and secure bank authentication. Plaid Privacy Policy
  • Cloud Infrastructure Provider: Secure hosting of application and database services
  • Email Service Provider: Transactional emails (confirmations, security alerts)

Each third-party service maintains its own privacy policy and security practices. We select vendors who meet our security and privacy standards.

8. Children's Privacy

OmniAccount is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete that information promptly.

9. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

  • We will notify you by email at least 30 days before the changes take effect
  • We will post a notice on our website
  • We will update the "Last Updated" date at the bottom of this policy

Your continued use of OmniAccount after changes take effect constitutes acceptance of the updated policy. If you do not agree to the changes, you may delete your account.

10. Contact Us

If you have questions about this privacy policy, our data practices, or wish to exercise your rights, contact us at:

Email: privacy@omniaccount.com

Last Updated: January 7, 2026

Back to Home