Privacy Policy
Last updated: 2026-05-28
What we collect
Aurum is a personal finance app for a single user (you). The data we hold is what you connect or import:
- Bank account links via Plaid (institutions, balances, transactions).
- Manual accounts and CSV imports you upload yourself.
- Goals, budgets, spending principles, recurring rules.
- Insights, agent digests, and chat history with the Aurum coach.
- Audit-log entries describing state-changing actions you take.
AI processing
Aurum's coach, insights, and agents send your financial context to Anthropic (and, for push copy, Google AI) to generate responses. This processing is optional.
- Opt out anytime. Open Settings → Privacy & Security → AI processing and turn off “Allow AI features.” When off, the coach, AI insights, and agents are disabled; the rest of Aurum keeps working with deterministic (non-AI) calculations.
- Chat retention. Coach chat messages are deleted automatically after 90 days. You can also delete your full chat history immediately from Settings → Privacy & Security.
Your rights
Under GDPR Article 17 (right to erasure) and CCPA §1798.105 (right to delete), you can request deletion of your Aurum account and all associated data at any time.
The 30-day soft-delete window
We honor erasure requests with a 30-day soft-delete window:
- Open Settings → Privacy & Security → Danger zone and click “Delete my account.”
- We email a 6-digit code to your sign-in address. Entering the code schedules your account for deletion immediately — you are signed out and your data is hidden from all interactive surfaces.
- For 30 days you can sign back in and cancel the deletion. After 30 days have elapsed, a background job hard-deletes every record we hold about you. This includes:
- Revoking Plaid access tokens upstream (so Plaid can no longer pull data on your behalf).
- Deleting all transactions, accounts, goals, budgets, rules, insights, and chat history.
- Deleting your API tokens, audit log entries, exports, and preferences.
- Deleting the user row itself in our database.
Clerk-managed identity
Clerk-managed identity (sign-in credentials, MFA factors) is a separate system; deleting your Clerk account is done through Clerk directly. Aurum's hard-delete severs our link to your Clerk user but does not delete the Clerk record itself.
Data export
You also have the right to export every Aurum record we hold about you. Open Settings → Privacy & Security → Full data export for a complete archive in JSON + CSV.
Data retention
Active accounts: most data is retained for as long as your account exists. Soft-deleted accounts: 30 days, then permanent erasure as described above. Backups: rolling 30-day window; backups that pre-date a deletion are pruned within 30 days so no data outlasts the policy.
Some categories are minimised on a rolling schedule even while your account is active:
- Coach chat messages: deleted after 90 days (or immediately on request).
- Superseded forecast insights: deleted 90 days after they're replaced.
- Audit-log entries: deleted after 13 months.
Contact
Questions about this policy, or wanting to exercise a right we haven't covered here? Email privacy@aurum-finance.app.