Privacy Policy

Last updated: March 2026

Ghost Financial Inc. (“Ghost Financial”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights as a user. We operate in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy law.

1. Information We Collect

We collect only the information necessary to provide you with a useful financial overview. This includes:

• Account information: Your name and email address when you create an account.
• Bank account data: Account names, balances, and transaction history retrieved through Plaid, a third-party bank connectivity service. We receive this data in read-only form — we never access credentials or move money.
• Profile and preferences: Settings you configure within the app, such as budget categories and notification preferences.
• Subscription status: Whether you are on a free or paid plan, managed through RevenueCat.
• Usage data: Basic analytics about how you interact with the app, used solely to improve the product.

2. How We Use Your Information

Your data is used exclusively to operate and improve Ghost Financial. Specifically, we use it to:

• Display your account balances, transactions, and financial summaries.
• Categorize transactions and generate budget insights.
• Power Ghost AI — our AI-driven financial analysis feature — by sending anonymized transaction data to Anthropic’s API for processing.
• Manage your subscription and process billing through RevenueCat.
• Send you important service notifications (e.g., security alerts, product updates).

We never sell your personal information. We do not use your data for advertising, and we do not share it with any third party beyond what is described in this policy.

3. Third-Party Services

Ghost Financial relies on a small number of trusted third-party services to function:

• Plaid (bank connectivity): Plaid connects to your financial institutions on our behalf. You authenticate directly with your bank through Plaid’s secure interface — Ghost Financial never sees your banking credentials. Plaid’s privacy policy is available at plaid.com/legal.
• Anthropic (AI analysis): Transaction data is sent to Anthropic’s API to generate financial insights. Data sent to Anthropic is not used to train their models. Anthropic’s privacy policy is available at anthropic.com/legal/privacy.
• Supabase (data storage): Your account data and financial records are stored in Supabase, a managed database platform. Data is encrypted at rest and in transit.
• RevenueCat (subscriptions): Subscription management and billing is handled through RevenueCat. RevenueCat’s privacy policy is available at revenuecat.com/privacy.

4. Data Storage and Security

Your data is stored on servers located in Canada (Toronto region). We use encryption in transit (TLS) and at rest to protect your information. Access to your data is restricted using row-level security controls so that users can only access their own records.

We do not store your bank login credentials at any point. Plaid handles all authentication with your financial institution directly.

5. PIPEDA Compliance

As a Canadian company, Ghost Financial operates in compliance with PIPEDA. We collect only the minimum data necessary, obtain consent before collection, allow you to access or correct your information upon request, and maintain appropriate security safeguards.

If you have a privacy concern or complaint, you may contact our Privacy Officer at support@ghostfinancial.app. You also have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

6. Data Retention and Deletion

We retain your data for as long as your account is active. If you delete your account, your personal data and financial records are permanently removed from our systems within 30 days. Cached or backup copies may persist for up to 90 days before being fully purged.

You can request account deletion at any time through the app settings or by emailing support@ghostfinancial.app.

7. Cookies

Our web application uses minimal cookies, limited to those required for authentication and maintaining your session. We do not use advertising cookies or third-party tracking cookies.

8. Children’s Privacy

Ghost Financial is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, where the changes are material, notify you in-app or by email.

10. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Ghost Financial Inc.
support@ghostfinancial.app
ghostfinancial.app