Pandi Finance LLC (“we,” “us,” or “our”) operates the Almie mobile application (the “App”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Almie. By using the App, you agree to the practices described in this policy.
Information You Provide
- Account information — name, email address, and authentication credentials when you create an account.
- Budget preferences — income details, spending categories, budget limits, and financial goals you set within the App.
- Manual entries — transactions, notes, tags, or other data you enter manually.
- Support communications — messages, feedback, and other information you provide when contacting us for support.
Information Collected Through Plaid
When you connect a financial institution through Plaid, we receive:
- Account information — account name, type (checking, savings, credit card, etc.), and masked account numbers (last four digits only).
- Transaction data — transaction descriptions, amounts, dates, categories, and merchant information.
- Balance information — current and available balances for connected accounts.
- Recurring transaction patterns — identified recurring charges such as subscriptions and regular bills.
Information Collected Automatically
- Device information — device model, operating system version, unique device identifiers, and language settings.
- Usage data — features used, screens viewed, interaction patterns, and crash/error logs to help us improve the App.
Information We Never Collect or Store
We never store your full account numbers, routing numbers, Social Security numbers, or bank login credentials. Your bank username and password are entered directly into Plaid’s secure interface and are never transmitted to or stored on our servers.
- Budgeting and financial insights — categorizing transactions, tracking spending against your budgets, and surfacing trends to help you manage your money.
- Bill tracking and reminders — identifying upcoming bills and recurring charges so you can plan ahead.
- Notifications — sending alerts about budget thresholds, unusual activity, upcoming bills, and account updates.
- Account management — authenticating your identity, managing your preferences, and providing customer support.
- Service improvement — analyzing aggregated, de-identified usage patterns to improve features, fix bugs, and develop new functionality.
- Security and fraud prevention — detecting and preventing unauthorized access, abuse, or other harmful activity.
Service Providers
We share information with trusted third-party service providers who assist us in operating the App, solely to the extent necessary for them to perform their services:
- Plaid — to securely connect your bank accounts and retrieve financial data.
- Supabase — for database hosting, user authentication, and backend infrastructure.
- CloudFlare — for API security, DDoS protection, and content delivery.
- Apple — for app distribution, in-app purchases, and push notifications via the App Store.
Legal Requirements
We may disclose your information if required to do so by law, or in the good-faith belief that such action is necessary to:
- Comply with a subpoena, court order, or similar legal process.
- Respond to lawful requests from law enforcement or government agencies.
- Protect our rights, property, or safety, or that of our users or the public.
Business Transfers
If Pandi Finance LLC is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your personal information becomes subject to a different privacy policy.
With Your Consent
We may share your information for other purposes with your explicit consent.
What We Do NOT Do
- We do not sell your personal data to anyone, ever.
- We do not share your data with advertisers or ad networks.
- We do not store your bank login credentials.
- We do not access more financial data than is necessary to provide the App’s features.
4. Third-Party Services
The following third-party services process data on our behalf:
| Service |
Purpose |
Data Shared |
| Plaid |
Bank account connectivity |
Bank credentials (handled directly by Plaid), account info, transactions, balances |
| Supabase |
Database, authentication, backend infrastructure |
Account info, encrypted tokens, budget data, transaction data |
| Apple |
App distribution, payments, push notifications |
Device identifiers, purchase records, notification tokens |
| CloudFlare |
API security, DDoS protection |
IP addresses, request metadata |
Each provider is contractually obligated to protect your data. For more details on how Plaid handles your financial information, please review Plaid’s End User Privacy Policy.
We implement multiple layers of security to safeguard your data:
- Encryption in transit — all data transmitted between the App and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest — sensitive tokens and credentials are encrypted using AES-256-GCM before storage.
- iOS Keychain — authentication tokens and sensitive values on your device are stored in the iOS Keychain, Apple’s hardware-backed secure storage.
- Row Level Security — database-level policies ensure that each user can only access their own data.
- Multi-factor authentication — administrative access to our infrastructure requires MFA.
- Biometric authentication — the App supports Face ID and Touch ID for an additional layer of on-device protection.
- Webhook verification — all incoming webhooks from third-party services are cryptographically verified before processing.
While we take extensive measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any vulnerability or incident that may arise.
6. Data Retention
Active Accounts
We retain your personal information for as long as your account remains active and as needed to provide you with the App’s services.
Deleted Accounts
When you delete your account, we initiate an immediate, permanent deletion of your data through a 7-step cascade process that removes your profile, connected accounts, transactions, budgets, preferences, notification history, and all associated records from our production database.
Infrastructure Backups
Automated infrastructure backups may retain residual copies of your data for up to 7 days after account deletion. These backups are encrypted, access-restricted, and automatically purged on a rolling basis.
Legal Obligations
In limited circumstances, we may retain certain information beyond account deletion as required by applicable law, regulation, or legal process (for example, tax or financial record-keeping requirements).
7. Your Rights and Choices
You have the following rights regarding your personal information:
- Access — request a copy of the personal data we hold about you.
- Delete — delete your account and all associated data at any time from within the App or by contacting us.
- Export — request an export of your data in a portable format.
- Disconnect banks — disconnect any linked financial institution at any time, which revokes Plaid’s access to that account.
- Manage notifications — adjust or disable push notifications and email communications from the App’s settings.
- Opt out of communications — unsubscribe from promotional emails using the link provided in each message, or by updating your preferences in the App.
To exercise any of these rights, contact us at support@almie.money or use the relevant controls within the App.
8. U.S. State Privacy Rights
California (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to know — you may request the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
- Right to delete — you may request that we delete the personal information we have collected from you, subject to certain exceptions.
- Right to opt out of the sale of personal information — we do not sell your personal information and have never done so. No opt-out is necessary.
- Right to non-discrimination — we will not discriminate against you for exercising any of your privacy rights.
Virginia, Colorado, and Connecticut
If you reside in Virginia, Colorado, or Connecticut, you have rights under your state’s applicable privacy laws, including:
- Access — confirm whether we are processing your personal data and access that data.
- Correction — correct inaccuracies in your personal data.
- Deletion — delete personal data you have provided or that we have obtained about you.
- Data portability — obtain a copy of your personal data in a portable and readily usable format.
- Opt out of targeted advertising — we do not engage in targeted advertising or profiling, so no opt-out is necessary.
- Right to appeal — if we deny your privacy request, you have the right to appeal that decision.
To exercise any state privacy right, contact us at support@almie.money or use the account deletion feature within the App. We will respond to verified requests within the timeframes required by applicable law.
9. Children’s Privacy
Almie is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe a child under 13 has provided us with personal information, please contact us at support@almie.money.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes, we will notify you through the App or via email before the changes take effect. We encourage you to review this page periodically. The “Last Updated” date at the top of this policy indicates when it was most recently revised.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: