Effective date: May 16, 2026

Patrn Privacy Policy

This Privacy Policy explains how Patrn ("Patrn," "we," "our," or "us") collects, uses, discloses, protects, and deletes information when you use our mobile or web application, website, and related services.

1. What Patrn Does

Patrn helps users understand their personal finances by connecting financial accounts and turning account, balance, transaction, spending, budget, savings, and debt information into app views and insights.

Patrn uses Plaid Link to help users connect financial accounts. Plaid may ask you to authenticate with your financial institution and authorize the data you want to share with Patrn. Patrn does not receive or store your bank login credentials.

2. Information We Collect

Account Information

We may collect information you provide when creating or managing an account, such as:

  • Name
  • Email address
  • Authentication and session information
  • Account preferences
  • Consent records and security settings

Patrn uses Supabase Auth as its consumer identity provider. Supabase may process authentication-related information to create sessions, verify email addresses, and support multi-factor authentication.

Financial Information From Plaid

With your consent, Patrn may collect financial information made available through Plaid, including:

  • Financial institution name
  • Account names, account type, subtype, and masked account number
  • Account balances
  • Transaction names, dates, categories, amounts, merchant names, and currency
  • Plaid item, account, and transaction identifiers
  • Plaid sync cursors and connection metadata needed to keep your data up to date

We use this information to power linked accounts, budgets, spending analysis, transaction views, savings goals, debt summaries, and personalized insights.

App Usage And Device Information

We may collect limited technical information needed to operate, secure, debug, and improve the service, such as:

  • App version, platform, and device type
  • Approximate request metadata, such as timestamps and IP-derived security signals
  • Server logs, error information, and security audit events
  • User actions related to account linking, disconnecting, deletion, and authentication

Patrn does not currently use financial data for third-party advertising or cross-context behavioral advertising.

3. How We Use Information

We use information to:

  • Create and manage your Patrn account
  • Authenticate users and protect access to financial data
  • Connect accounts through Plaid Link with your consent
  • Sync account and transaction information
  • Display budgets, spending, linked accounts, savings goals, debts, and transactions
  • Generate personalized financial summaries and insights
  • Detect, prevent, and investigate fraud, abuse, security incidents, and unauthorized access
  • Maintain audit logs and comply with legal, regulatory, and contractual obligations
  • Respond to support, security, privacy, and deletion requests
  • Improve reliability, performance, and product quality

We do not sell your personal financial data. We do not use Plaid access tokens, bank credentials, or financial transaction data for unrelated advertising.

4. Plaid And Connected Financial Accounts

When you choose to connect an account, Patrn opens Plaid Link. Plaid may collect information directly from you and your financial institution to authenticate your account and provide data to Patrn according to your consent.

Patrn receives data from Plaid only after you authorize the connection. Patrn stores a Patrn connection identifier in the app and stores Plaid access tokens only on the server side. Plaid access tokens are encrypted before persistence and are never exposed to the mobile app.

You may review Plaid's own privacy disclosures in Plaid Link and at Plaid's privacy pages. Plaid's practices are governed by Plaid's privacy terms, not this Patrn Privacy Policy.

5. How We Share Information

We may share information with:

  • Service providers that help us operate Patrn, such as authentication, database, hosting, security, infrastructure, and support providers
  • Plaid, when you use Plaid Link or when we revoke, update, or sync a Plaid connection
  • Legal, regulatory, or safety recipients when required by law or necessary to protect rights, safety, security, or the integrity of the service
  • Successor organizations if Patrn is involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality and privacy protections

We require service providers to use information only to provide services to Patrn and to protect it appropriately.

6. Security

Patrn uses administrative, technical, and organizational safeguards designed to protect personal and financial information. Current safeguards include:

  • Supabase Auth for user authentication
  • Email verification before Plaid Link is surfaced
  • Multi-factor authentication support and assurance checks
  • Platform secure storage for mobile sessions
  • Device biometric/passcode app lock for financial data where available
  • Server-side-only Plaid token exchange and Plaid access-token handling
  • Application-layer envelope encryption for Plaid access tokens
  • Supabase Row Level Security to scope financial rows to the owning user
  • HTTPS/TLS for non-local client-server traffic
  • CORS allowlists, request size limits, rate limits, audit logging, and redacted server errors
  • Restricted administrative access and MFA requirements for critical systems

No method of transmission or storage is perfectly secure. If we identify a security incident that affects your information, we will take appropriate steps to investigate, mitigate, and notify affected users or regulators when required.

7. Data Retention

We retain personal information for as long as needed to provide Patrn, maintain your account, comply with legal obligations, resolve disputes, protect the service, and enforce agreements.

Financial account and transaction data is retained while you have an active linked account. If you disconnect a Plaid account or request deletion of your financial data, Patrn revokes Plaid access and deletes synced account and transaction rows. Residual copies in backups or audit systems should not be retained longer than 30 days unless a legal obligation requires otherwise.

Security audit records and deletion request records may be retained for a limited period to document compliance, prevent abuse, and resolve disputes.

8. Your Choices And Controls

You may:

  • Choose whether to connect a financial account through Plaid
  • Decline Plaid consent before linking
  • Disconnect a linked account
  • Request deletion of synced financial data
  • Sign out of the app
  • Use device-level protections such as passcode or biometric unlock
  • Contact us about access, correction, deletion, or privacy questions

Disconnecting an account stops future syncing through Patrn and deletes synced financial rows. It may not delete information separately retained by Plaid or your financial institution.

9. Account Deletion

If you request account deletion or deletion of your financial data, Patrn will:

  • Revoke active Plaid connections where technically available
  • Delete synced account and transaction rows associated with your user ID
  • Record a deletion request for audit and compliance purposes
  • Apply a 30-day maximum retention ceiling for backups or residual operational copies unless legally required otherwise

Some information may be retained where necessary for security, fraud prevention, legal compliance, dispute resolution, or enforcing rights.

10. AI And Automated Insights

Patrn may generate personalized insights from your budgets, transactions, balances, savings, and debt information. These insights are intended to help you understand patterns in your finances and are not financial, investment, tax, legal, or credit advice.

Patrn should not use your personal financial data to train third-party foundation models unless we provide additional disclosure and obtain any consent required by law or platform policy.

11. Children's Privacy

Patrn is intended for adults and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to Patrn, contact us so we can take appropriate action.

12. State And Regional Privacy Rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, or restriction of certain personal information. You may also have the right to appeal certain privacy decisions.

To exercise privacy rights, contact us at admin@patrn.ai. We may need to verify your identity before responding. We will not discriminate against you for exercising privacy rights.

Patrn does not sell personal information or share personal information for cross-context behavioral advertising as those terms are commonly used in U.S. state privacy laws.

13. International Users

Patrn is currently intended for users in the United States. If you use Patrn from outside the United States, your information may be processed in the United States or other locations where our service providers operate.

14. Changes To This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the app, website, email, or another reasonable method. The "Effective date" above indicates when this policy was last updated.

15. Contact Us

For privacy, security, or deletion questions, contact:

Patrn Admin
admin@patrn.ai