Privacy Policy
Effective date: February 19, 2026 · Last updated: February 19, 2026
River Finance is operated by Weiss Solutions LLC, a company registered in Idaho, USA. This privacy policy explains how we collect, use, store, and protect your information when you use the River Finance application.
We believe your financial data is yours. We designed River Finance with privacy as a core principle, not an afterthought.
1. Information We Collect
Account information
When you create an account, we collect your email address for authentication purposes. We use magic link sign-in (no passwords are stored).
Financial data via Plaid
If you choose to connect bank accounts, we use Plaid to securely retrieve your financial information. This may include:
- Account names, types, and masked account numbers
- Transaction history (amounts, dates, merchant names)
- Account balances
Manually entered data
Any transactions, categories, budgets, or financial goals you enter manually within the app.
Usage data
We collect anonymized usage analytics (via PostHog) to understand how the app is used and improve the experience. This does not include your financial data.
2. How Your Data Is Stored
| Data | Where stored | Encryption |
|---|---|---|
| Financial data (transactions, balances, accounts) | On your device + optional cloud sync | AES-256 (SQLCipher) on device; AES-256 at rest in cloud |
| Bank connection tokens | On your device only | AES-256 (SQLCipher), key in OS Keychain |
| Email address | Cloud (Convex) | Encrypted at rest (AES-256) |
Bank connection tokens (Plaid access tokens) never leave your device at rest. They are stored exclusively in an encrypted database on your device, with the encryption key stored in your operating system's secure keychain. During active sync operations, tokens are transmitted over TLS but are never persisted server-side.
3. How We Use Your Data
Your financial data is used exclusively to provide you with personal finance management features within the app. Specifically:
- Displaying your accounts, transactions, and balances
- Categorizing transactions (including AI-assisted categorization)
- Calculating budget progress and financial runway
- Syncing data between your devices (if you opt in to cloud sync)
4. What We Never Do
- We never sell your data to any third party
- We never share your financial data with advertisers or data brokers
- We never monetize your data in any way
- We never use your data for profiling or targeted advertising
5. Third-Party Services
We use the following third-party services:
| Service | Purpose | Security |
|---|---|---|
| Plaid | Bank account connections and financial data retrieval | SOC 2 Type II, ISO 27001, ISO 27701 |
| Convex | Cloud sync and authentication | SOC 2 Type II certified |
| Apple | App distribution and device security | App Sandbox isolation, notarization |
| PostHog | Anonymized usage analytics | SOC 2 Type II certified |
6. Data Retention and Deletion
Your financial data is retained for as long as your account is active. When you delete your account:
- All your data in the cloud is purged immediately
- All Plaid access tokens for linked bank accounts are revoked via the Plaid API
- No financial data is retained after account deletion
Local data on your device can be removed by uninstalling the app.
7. Your Rights
You have the right to:
- Access all data we hold about you
- Export your data at any time
- Delete your account and all associated data
- Disconnect bank accounts at any time, which revokes Plaid access tokens
- Use the app without bank connections (manual entry is always available)
8. Cookies
River Finance is a native desktop and mobile application. We do not use cookies. Our website (this page) does not use cookies or tracking scripts.
9. Children's Privacy
River Finance is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
10. Security
We take the security of your data seriously:
- All data in transit uses TLS 1.2 or higher
- Local data is encrypted with AES-256 (SQLCipher)
- Encryption keys are stored in the operating system's secure keychain
- All access to production systems requires two-factor authentication
- We follow the principle of data minimization
For security concerns, contact security@weisssolutions.org.
11. Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated through the app or via email. Continued use of River Finance after changes constitutes acceptance of the updated policy.
12. Contact
If you have questions about this privacy policy or our data practices:
- Email: contact@weisssolutions.org
- Security issues: security@weisssolutions.org
Weiss Solutions LLC, Idaho, USA