Effective date: 2026-05-11 Owner: Sean Rose Contact: hi@seanro.se
finance-sync is a personal, single-user tool that retrieves the operator's own financial transaction data from Plaid and stores it in a private Supabase project for budgeting and personal analysis.
The operator (Sean Rose) is the only user of the application and the only data subject whose information is processed. The application is not offered to, marketed to, or used by any other person. There are no employees, no customers, and no third-party users.
This policy describes what data finance-sync processes, where it is stored, with whom it is shared, and how the operator (who is also the sole data subject) can exercise rights over it.
finance-sync only ever processes the operator's own personal financial data. Specifically:
| Data category | Source | Purpose |
|---|---|---|
| Bank account metadata (institution, masked account number, account name, type, current and available balance) | Plaid /accounts/get |
Display account context for transactions |
| Transactions (date, amount, merchant, category, payment channel, location, counterparties, raw Plaid response) | Plaid /transactions/sync |
The core data the application is built to retrieve |
| Plaid access tokens | Issued by Plaid on successful OAuth | Required for ongoing transaction retrieval |
| Optional: Claude-generated categorization (category, tags, one-sentence note) | Anthropic API, derived from the data above | Personal categorization aid |
| Operational logs (sync run timestamps, status, error messages) | Generated locally | Operational visibility |
No data is collected about anyone other than the operator. No browsing history, no device identifiers, no advertising IDs, no third-party tracking, and no telemetry are collected.
Data is used only for the operator's own budgeting, analysis, and historical record-keeping. It is never:
- Sold or rented to any party.
- Used for advertising or marketing.
- Shared with data brokers or analytics services.
- Disclosed to third parties beyond the service providers strictly required to operate the application (see §5).
| Data | Storage | At-rest encryption |
|---|---|---|
| Transactions, accounts, enrichments, audit logs | Supabase Postgres (private project) | Yes — Supabase encrypts databases with AES-256 |
| Plaid access tokens | Supabase Vault (libsodium-encrypted) | Yes — encrypted with a project-scoped key |
| Raw Plaid response archives (90-day rolling) | Operator's local machine, chmod 600 |
Filesystem encryption (FileVault) |
| Source code | Private GitHub repository | Repository access is restricted to the owner |
All data in transit between the application and its service providers is encrypted with TLS 1.2 or better.
The application depends on the following providers to operate. Each receives only the data described, governed by their own privacy policies:
| Provider | Role | Data shared |
|---|---|---|
| Plaid (https://plaid.com/legal) | Source of transaction and account data | API credentials, the operator's own banking credentials during the link flow, OAuth state |
| Supabase (https://supabase.com/privacy) | Database and Vault storage | The data described in §2 |
| Anthropic (https://www.anthropic.com/legal/privacy) | Powers optional transaction categorization | Transaction merchant, amount, date, and Plaid category — sent only when the operator runs enrich.py |
| GitHub (https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement) | Hosts the source code (no transaction data) | Source code only; no transaction or account data |
The application sends no data to any party other than those listed above.
Transaction history is retained indefinitely for the operator's personal historical record. Plaid access tokens are retained until the corresponding Item is unlinked. Raw response archives are deleted from local disk after 90 days. Detailed retention rules — and how to dispose of every category — are documented in the Data Retention and Disposal Policy.
Because the operator is the only data subject and has direct administrative access to the database:
- Access — The operator queries the data directly with SQL.
- Correction — The operator updates rows directly with SQL.
- Deletion — The operator can wipe all data using the procedures in the Data Retention and Disposal Policy §3.3.
- Portability — The data is already in a standard Postgres database with documented JSON schemas; export is
pg_dump.
No request mechanism is required because the operator is also the controller.
The application does not collect data about children. The operator is over the age of majority in their jurisdiction.
By running the application against a Plaid Item, the operator consents to the data flows described above. The operator can withdraw consent at any time by calling /item/remove on Plaid (terminating new data flow), revoking the API keys, and disposing of stored data per §6.
Information security controls — including encryption, access controls, MFA, monitoring, and incident response — are documented in:
- Information Security Policy
- Access Controls Policy
- Multi-Factor Authentication Implementation
- Data Retention and Disposal Policy
Material changes to this policy are versioned in the project repository's git history. The effective date at the top of this document reflects the most recent revision.
Questions, requests, or notices regarding this policy can be sent to hi@seanro.se.