Last updated: January 1, 2025
OttaMoney, Inc. ("OttaMoney," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our personal finance application and website (collectively, the "Services").
Our Services are designed to help individuals manage their personal finances. We handle sensitive financial data and take that responsibility seriously. This policy describes in detail how your information is collected, stored, and used.
When you connect financial accounts to OttaMoney, we access:
We access this data read-only through secure, tokenized connections. We do not store your bank login credentials.
Our business model is based on subscription revenue. We do not sell your personal information or financial data to advertisers, data brokers, or any third parties for their commercial purposes.
We share data with trusted service providers who help us operate our Services, including cloud infrastructure, data analytics, customer support, and payment processing. These providers are contractually bound to protect your data and use it only for specified purposes.
To connect your bank accounts, we work with financial data aggregation services. These partners access your financial institutions on your behalf using tokenized credentials. You can revoke this access at any time through the app.
We may disclose your information when required by law, legal process, or to protect the rights, property, or safety of OttaMoney, our users, or the public.
We implement bank-level security measures to protect your information:
You can access, export, and delete your account data at any time through the app's Settings. Account deletion is permanent and removes all personal and financial data within 30 days.
You can disconnect linked financial accounts at any time in the app. We will stop accessing data from disconnected accounts immediately.
You can manage notification preferences in the app settings. To opt out of marketing emails, use the unsubscribe link in any marketing email.
California residents have rights under CCPA/CPRA including the right to know, delete, correct, and opt-out of sale (which we do not engage in). Contact us at hello@ottamoney.org to exercise these rights.
We retain your account data as long as your account is active. Transaction history is retained for up to 7 years to enable historical financial analysis. Upon account deletion, we delete or anonymize your data within 30 days, except where required by law.
Our Services are intended for users 18 and older. We do not knowingly collect data from anyone under 18. If we discover we have collected data from a minor, we will delete it promptly.
We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect. Continued use of the Services after the effective date constitutes acceptance.
OttaMoney, Inc.
580 Howard St Suite 300, San Francisco CA 94105
Email: hello@ottamoney.org
Phone: +1 415 555 0429
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.
Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you. This includes categories of personal information collected, sources of that information, our business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions including our need to retain data for legal compliance.
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Opt-Out: We do not sell personal information as defined under CCPA/CPRA. We do not share personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, provide a different quality of service, or suggest that you may receive a different quality of service because you exercised your rights.
To submit a CCPA rights request, contact us at hello@ottamoney.org or use the data request feature in the app under Settings > Privacy > Your Data Rights. We will respond within 45 days, which may be extended by an additional 45 days when reasonably necessary with advance notice.
Despite our best security efforts, no system is completely secure. In the event of a data security incident that affects your personal information, we will notify you as required by applicable law. For incidents involving financial account information or other sensitive data, we will provide notification without unreasonable delay and in no event later than 72 hours after we become aware of the incident, as required under applicable breach notification laws.
Our incident response process includes: immediate containment of the breach, assessment of affected data and individuals, notification to affected users and, where required, regulatory authorities, and implementation of remediation measures to prevent similar incidents. We maintain a dedicated incident response team and retain outside counsel and forensics specialists to assist with significant security incidents.
If you suspect unauthorized access to your OttaMoney account, immediately change your password, revoke any connected financial account authorizations that may have been compromised, and contact us at hello@ottamoney.org.
OttaMoney connects to your financial accounts through secure, read-only connections powered by financial data aggregation technology. When you authorize a connection, you are granting OttaMoney permission to access specified data from that account on your behalf. This authorization is governed by the terms of service of both OttaMoney and the financial data aggregation service we use.
We access your financial account data solely for the purpose of providing the OttaMoney Services to you. We do not use your financial account data for any other purpose, including advertising, data sales, or any purpose that would benefit parties other than you. We store only the data necessary to provide the Services, and we delete data that is no longer needed for service provision within our standard retention schedules.
You can revoke any financial account connection at any time through the Settings section of the OttaMoney app. Upon revocation, we will stop collecting new data from the revoked account and will delete historical data from that account within 30 days, unless we are required to retain it for legal compliance purposes.
OttaMoney does not collect biometric data such as fingerprints or facial recognition data. However, our mobile apps may use your device's built-in biometric authentication (Face ID, Touch ID, or fingerprint sensors) for the purpose of authenticating you to the app. In these cases, the biometric data is processed entirely on your device by your device's operating system and is never transmitted to or stored by OttaMoney's servers. We receive only a yes/no authentication result from the device's secure enclave.
We may collect behavioral data related to how you interact with the app -- such as session length, feature usage patterns, and navigation sequences -- in aggregated, anonymized form for the purpose of improving the app's user experience. This behavioral data cannot be used to identify you individually and is analyzed only at the aggregate level. If you prefer not to have your usage patterns included in our aggregate analytics, you can opt out by contacting us at hello@ottamoney.org.
Additionally, we maintain a Data Protection Officer (DPO) who is responsible for overseeing our compliance with privacy regulations and who serves as the primary point of contact for privacy-related inquiries and regulatory communications. If you have concerns about how we handle your personal information that have not been resolved through our standard privacy request process, you may escalate your concern to our DPO at hello@ottamoney.org with the subject line "Data Protection Officer Inquiry."