Skip to main content
aurum
Personal finance, quiet & clear

Privacy Policy

Last updated: 2026-05-28

What we collect

Aurum is a personal finance app for a single user (you). The data we hold is what you connect or import:

  • Bank account links via Plaid (institutions, balances, transactions).
  • Manual accounts and CSV imports you upload yourself.
  • Goals, budgets, spending principles, recurring rules.
  • Insights, agent digests, and chat history with the Aurum coach.
  • Audit-log entries describing state-changing actions you take.

What we share

Aurum does not sell your data. We share data only with the sub-processors required to operate the service:

  • Plaid (open-banking aggregator, US) — account and transaction sync.
  • Clerk (identity, US) — sign-in, MFA, and session management.
  • Anthropic(LLM, US) — the AI coach, insight generation, and the weekly/monthly agents. Your prompts and the financial context attached to them are processed by Anthropic to produce responses. Anthropic does not train its models on data sent through the API. AI features are subject to your consent (see “AI processing” below).
  • Vercel AI Gateway (US) — routes the LLM requests above; does not retain prompt content beyond transit.
  • Google AI (Gemini, US) — generates the privacy-safe push-notification copy for proactive insights.
  • Vercel (hosting, US) and Neon (managed Postgres, US) — run the app and store your data.
  • Upstash (Redis, US) — rate-limiting counters; keyed by your user id, holds no financial data.
  • Resend (email, US) — transactional email (account-deletion codes, notifications).
  • Sentry (error monitoring, US) — captures sanitized error reports; financial values and secrets are scrubbed before they leave the server.

Data residency

Aurum's database and all sub-processors above operate in United States regions. If you access Aurum from the EU/UK, your data is transferred to and processed in the US under the relevant standard contractual clauses with each sub-processor.

AI processing

Aurum's coach, insights, and agents send your financial context to Anthropic (and, for push copy, Google AI) to generate responses. This processing is optional.

  • Opt out anytime. Open Settings → Privacy & Security → AI processing and turn off “Allow AI features.” When off, the coach, AI insights, and agents are disabled; the rest of Aurum keeps working with deterministic (non-AI) calculations.
  • Chat retention. Coach chat messages are deleted automatically after 90 days. You can also delete your full chat history immediately from Settings → Privacy & Security.

Your rights

Under GDPR Article 17 (right to erasure) and CCPA §1798.105 (right to delete), you can request deletion of your Aurum account and all associated data at any time.

The 30-day soft-delete window

We honor erasure requests with a 30-day soft-delete window:

  • Open Settings → Privacy & Security → Danger zone and click “Delete my account.”
  • We email a 6-digit code to your sign-in address. Entering the code schedules your account for deletion immediately — you are signed out and your data is hidden from all interactive surfaces.
  • For 30 days you can sign back in and cancel the deletion. After 30 days have elapsed, a background job hard-deletes every record we hold about you. This includes:
    • Revoking Plaid access tokens upstream (so Plaid can no longer pull data on your behalf).
    • Deleting all transactions, accounts, goals, budgets, rules, insights, and chat history.
    • Deleting your API tokens, audit log entries, exports, and preferences.
    • Deleting the user row itself in our database.

Clerk-managed identity

Clerk-managed identity (sign-in credentials, MFA factors) is a separate system; deleting your Clerk account is done through Clerk directly. Aurum's hard-delete severs our link to your Clerk user but does not delete the Clerk record itself.

Data export

You also have the right to export every Aurum record we hold about you. Open Settings → Privacy & Security → Full data export for a complete archive in JSON + CSV.

Data retention

Active accounts: most data is retained for as long as your account exists. Soft-deleted accounts: 30 days, then permanent erasure as described above. Backups: rolling 30-day window; backups that pre-date a deletion are pruned within 30 days so no data outlasts the policy.

Some categories are minimised on a rolling schedule even while your account is active:

  • Coach chat messages: deleted after 90 days (or immediately on request).
  • Superseded forecast insights: deleted 90 days after they're replaced.
  • Audit-log entries: deleted after 13 months.

Contact

Questions about this policy, or wanting to exercise a right we haven't covered here? Email privacy@aurum-finance.app.