WalloMate ("we", "our", or "us") respects your privacy and is committed to protecting
your personal and financial information. This Privacy Policy explains how we collect, use, store,
and protect your data when you use the WalloMate mobile application and related services.
1. Information We Collect
Financial Data
WalloMate connects to your bank accounts through Plaid to retrieve financial information such as
account balances, transactions, and basic account metadata.
Access is read-only
We do not store bank credentials
We do not store full account numbers
Account Information
Email address
Authentication identifiers
App preferences and settings
AI Interactions
Messages and requests sent to Mate, our AI financial assistant
AI-generated insights and actions (e.g. categorization, planning, budgeting support)
Usage & Diagnostic Data
Analytics data via Firebase and Branch
Crash and performance data via Firebase Crashlytics
2. How We Use Your Data
We use your data to:
Provide AI-powered financial insights and assistance
Categorize and analyze transactions
Calculate safe-to-spend and cash flow projections
Help manage bills, budgets, and financial organization
Improve app performance, reliability, and user experience
Provide customer support
We do not sell your data and do not share personal or financial data for advertising
purposes.
3. AI & Automated Processing
WalloMate uses OpenAI for two primary purposes:
Mate – AI Financial Assistant
To process user questions, analyze financial data, and perform actions such as creating budgets or
bills.
Transaction Categorization
To automatically assign categories (e.g. groceries, utilities) to transactions.
Important clarifications:
Data sent to OpenAI via API is not used to train or improve models
This follows OpenAI's official API data usage policy
AI responses are generated automatically
No human review is performed for general usage
4. Human Access & Internal Logs
AI tool calls and responses may be logged internally (e.g. merchant names, transaction
descriptions)
Logs are stored in secure internal systems (AWS CloudWatch, Axiom)
Access is limited to authorized developers only
Logs are used strictly for debugging, security auditing, and system monitoring
No personal financial data is shared with third parties for human review
5. Data Storage & Security
Encryption
In transit: All communication uses HTTPS with TLS 1.2+
At rest: All data stored in Amazon DynamoDB is encrypted using AWS KMS default
keys
Infrastructure
WalloMate uses secure AWS services including:
DynamoDB (data storage)
Cognito (authentication)
Secrets Manager (credential handling)
These services comply with SOC 2, ISO 27001, and PCI DSS Level 1 standards.
6. User Controls
You have full control over your data:
Disconnect bank accounts at any time
Delete individual transactions manually
Delete your WalloMate account entirely
7. Data Retention & Deletion
Account Deletion
When you delete your account, all data is permanently deleted immediately
Data is removed directly from the live database (hard delete)
Bank Disconnection
If you disconnect a bank account but keep your WalloMate account:
Data is marked inactive
Retained only to preserve historical reports
You may manually delete this data at any time
8. Third-Party Services
We use trusted third-party services strictly to operate and improve the app:
Plaid – Bank connectivity
OpenAI – AI processing
Firebase / Branch – Analytics and attribution
Firebase Crashlytics – Crash reporting
All providers are required to follow strict data protection and security standards.
9. Children & Eligibility
WalloMate is intended for users 18 years or older. We do not knowingly collect data from children.
10. Geographic Scope & Compliance
WalloMate is available in the United States and Canada and complies with applicable privacy laws,
including:
Canada's PIPEDA
Relevant U.S. privacy regulations
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through
the app or via email.
12. Contact Us
If you have any questions about this Privacy Policy or your data, contact us at: