Back

Privacy Policy

Last updated: April 27, 2026

Nexvest ("we", "our", "us") is a personal budget management application. We are committed to protecting our users' ("you") privacy. This policy describes what data we collect, why, and how we protect it.

1. Data Collected

1.1 Account Information

When you sign up, we collect: full name, email address, and password (stored as encrypted hash, never in plain text).

1.2 Banking Data via Plaid

If you connect a bank account, we use Plaid Inc. to access your financial information: institution name, account balances, and transaction history.

We never store your banking credentials. Authentication occurs directly through Plaid Link's secure interface.

1.3 Banking Data via Stripe Financial Connections

For US bank accounts, we use Stripe Financial Connections. The same types of data are collected.

1.4 Payment Data

Subscription payments are processed by Stripe. We do not store your credit card numbers.

2. Use of Data

We use your data exclusively to: provide budget tracking features, AI-categorize transactions, detect recurring expenses, generate personalized financial reports, and manage your account.

We never sell, rent, or share your personal or financial data with third parties for advertising purposes.

3. Data Sharing

Data is shared only with: Plaid Inc. (bank connections), Stripe Inc. (payments), Abacus.AI (hosting), and Abacus.AI LLM API (transaction categorization — no data retained).

4. Storage & Security

Hosted on AWS (US), TLS 1.2+ encryption in transit, encrypted at rest (AWS RDS), bcrypt-hashed passwords, production access limited to the application owner.

5. Data Retention & Deletion

Nexvest applies the following retention periods:

  • Account data (profile, email): retained while the account is active.
  • Transactions & budgets: retained while the account is active.
  • Calculation history: retained while the account is active.
  • MFA codes: automatically deleted after use or expiry (10 minutes).
  • Password reset tokens: automatically deleted after expiry (1 hour).
  • Payment data: managed by Stripe; Nexvest does not store card numbers.

You can delete your account and all associated data at any time from Settings → Danger Zone → Delete Account. This action is irreversible and permanently deletes your profile, bank accounts, transactions, budgets, calculation history, and subscription.

You may also contact [email protected] to exercise your right to erasure. This policy is reviewed annually.

6. Contact

Email: [email protected]

Terms of Service© 2026 Nexvest