Effective April 16, 2026
Candor, LLC ("Candor," "we," "us," or "our") operates the Candor mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. By creating an account or using the App, you consent to the practices described in this Privacy Policy.
We reserve the right to make changes to this Privacy Policy at any time. We will alert you about any changes by updating the "Effective Date." Your continued use of the App after changes constitutes your acceptance of those changes.
When you create an account, we collect your email address, encrypted password, and optionally your display name and profile photo.
When you connect a bank account through Plaid or Finicity (a Mastercard company), we process transaction data (dates, amounts, merchant names, categories), account names, institution names, and account balances. This data is stored both on your device and on our secure server so your spending history is always available. Candor never receives, processes, or stores your bank login credentials. We also never receive full account numbers or routing numbers.
Data you import via CSV is processed on your device and synced to our server.
We use your information to create and manage your account, authenticate your identity, display your spending data within the App, categorize transactions automatically, synchronize bank transactions via Plaid and Finicity, sync your data across sessions so it is never lost, send account-related communications, improve the App, detect and prevent security threats, and comply with legal obligations.
Your financial data is stored on your device using Apple's SwiftData framework, encrypted at rest by iOS Data Protection. It is also stored on our server (hosted on Railway) so your data persists across devices and is never lost. Server-side data is stored in a PostgreSQL database encrypted at rest using AES-256.
All data in transit is encrypted using TLS 1.2 or higher with certificate pinning to prevent interception. Plaid and Finicity access tokens on our server are encrypted using envelope encryption with AES-256-GCM before being stored in the database.
We use Plaid and Finicity (a Mastercard company) to connect to your bank accounts and retrieve transaction data. Plaid's privacy policy is available at plaid.com/legal. Finicity's privacy policy is available at finicity.com/privacy.
We use Google Firebase for authentication and Firebase Crashlytics to collect anonymous crash reports and basic device metadata (device model, OS version, app version) to help us diagnose and fix bugs. Crash data is not linked to your identity and is not used for advertising or tracking.
We use Betterstack for server audit log retention. Logs contain request metadata (endpoints, status codes, timestamps) but never contain your financial data or credentials.
If you sign in with Apple, Apple facilitates that process under their own privacy policy.
We do not sell, rent, lease, or trade your personal information or financial data to any third party for marketing, advertising, or any other commercial purpose. We share data only with Plaid and Finicity (for bank connectivity), Firebase (for authentication and crash reporting), and Betterstack (for server audit logs), as required by law, or with your explicit consent.
You can view all data within the App, export your transaction data via CSV, disconnect bank accounts at any time, and delete your account from Settings. When you delete your account, all server-side data is permanently removed. Exported CSV files are generated from your data and downloaded directly to your device. California residents have additional rights under the CCPA including the right to request disclosure and deletion of personal information. We do not sell personal information.
Transaction data is retained on our server as long as your account is active. Plaid and Finicity access tokens are deleted within 24 hours of disconnection. Server audit logs are retained for no more than 90 days. If you delete your account, all associated data — including transactions, categories, account records, and encrypted access tokens — is permanently removed within 30 days.
The App is not intended for use by individuals under 18. We do not knowingly collect personal information from children under 18.
We implement commercially reasonable measures to protect your data, including: encryption in transit (TLS 1.2+) and at rest (AES-256), certificate pinning on all server connections, envelope encryption for third-party access tokens, biometric authentication (Face ID / Touch ID), automatic session timeouts, structured audit logging with 90-day retention, server-side rate limiting, and regular security reviews. No method of electronic storage is 100% secure, and we cannot guarantee absolute security.
If you have questions about this Privacy Policy, contact us at:
Candor, LLC
Roeland Park, KS 66205
Email: privacy@candorfinance.app