JE-PFM
Sign Up

Privacy Policy

How we protect and handle your financial data

Effective Date: March 22, 2026

JE-PFM ("we," "us," or "our") operates a personal finance management platform that helps users track accounts, transactions, budgets, and expenses. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

We collect the following categories of information when you use JE-PFM:

  • Account Information — Your name, email address, and authentication credentials (password hash, OAuth tokens) used to create and manage your JE-PFM account.
  • Financial Data — Account names, institution names, transaction records (dates, descriptions, amounts), and account balances that you import or manually enter into the platform.
  • Usage Data — Browser type, device information, pages visited, and feature usage patterns collected to improve the service.

2. Information We Do NOT Collect

JE-PFM is designed with a privacy-first approach. We explicitly do not collect:

  • Bank login credentials or online banking passwords
  • Social Security numbers or government-issued identification numbers
  • Full bank account numbers or credit card numbers
  • Investment account credentials or brokerage passwords

Financial data enters JE-PFM through file imports (such as OFX or CSV) or manual entry — we never connect directly to your bank or financial institution.

3. How We Store Your Data

Your data is stored in a Supabase-hosted PostgreSQL database with the following security measures:

  • Encryption at rest — All data is encrypted on disk using AES-256 encryption.
  • Encryption in transit — All connections use TLS 1.2 or higher.
  • Row-Level Security (RLS) — Every database table enforces row-level security policies, meaning your data is isolated from all other users at the database level. Even in the event of an application-layer vulnerability, one user cannot access another user's data.
  • UUID-based identification — User and record identifiers use randomly generated UUIDs, providing no sequential or guessable patterns.

4. How We Use Your Data

We use your data exclusively to:

  • Provide and operate the JE-PFM service, including displaying your accounts, transactions, budgets, and financial summaries.
  • Generate insights such as spending trends, budget tracking, and goal progress.
  • Improve the product based on aggregated, anonymized usage patterns.
  • Communicate with you about your account, service updates, and security notices.

We never sell your personal or financial data to third parties. Your financial information is yours — not a product we monetize.

5. Data Sharing

We share data only with the following third-party service, and only as necessary to operate JE-PFM:

  • Stripe — Our payment processor receives your billing information (name, email, payment method) to process subscription payments. Stripe's privacy policy governs their handling of this data.

We do not share data with data brokers, advertising networks, analytics resellers, or any other third parties. We do not serve ads and have no advertising partners.

6. Data Retention

  • Active accounts — Your data is retained for as long as your account is active and your subscription is current.
  • Cancelled accounts — Upon cancellation, your data is retained for 90 days to allow for reactivation. After 90 days, all personal and financial data is permanently deleted from our systems, including backups.
  • Account deletion requests — You may request immediate deletion at any time. We will process deletion requests within 30 days.

7. Your Rights

You have the following rights regarding your data:

  • Access — You can view all data we hold about you directly within the application.
  • Export — You can export all of your financial data at any time in standard formats (CSV, JSON).
  • Delete — You can request complete deletion of your account and all associated data.
  • Correct — You can update your personal information at any time through your account settings.

We comply with the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). If you are a resident of the EU or California, you may exercise additional rights under those regulations by contacting us.

8. Contact

For privacy-related inquiries, data requests, or concerns, contact us at noreply@inner-agility.dev.