Privacy Policy
Effective Date: March 14, 2026 | Last Updated: March 14, 2026
Introduction
Welcome to SupportVest (“we,” “our,” or “us”). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (the “Service”).
By using SupportVest, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Information You Provide to Us
Account Information
- Email address (for account creation and authentication)
- Username (chosen by you for display purposes)
- Password (stored in encrypted format via bcrypt hashing)
- Profile information (optional: age range, education level)
Financial Education Data
- Lesson completion records
- Quiz answers and scores
- Learning preferences and Money Type Indicator (MTI) results
- Progress tracking data
- VestCoin and FinIQ balances (virtual currencies)
Self-Reported Financial Data
- Budget information (categories, amounts, transactions) entered voluntarily
- Savings goals and progress
- Asset and liability information for net worth tracking
- Insurance policy details and uploaded documents
- Financial contact information (your advisors, not other users)
- Estate planning document checklists
Linked Financial Account Data (via Plaid)
If you choose to link a bank account, the following data is accessed through Plaid, Inc.:
- Account balances
- Transaction history
- Institution name and account type
You may revoke access to linked accounts at any time through the app. Upon revocation, all cached financial account data is immediately deleted. Per CFPB Section 1033 (Open Banking Rule), consumers must reauthorize data access every 12 months.
Subscription Information
- Subscription tier (Free, Plus, Pro, Wealth, Family, Dynasty)
- Purchase history (processed through Apple App Store, Google Play, or Stripe)
- We do not directly process or store payment card information
Information Automatically Collected
Learning Analytics
- Question-level performance tracking (answers, time taken, correctness)
- Concept mastery metrics and knowledge gap identification
- Learning velocity and difficulty adjustment data
- Session duration and feature usage patterns
- Focus score and response patterns
Device and Technical Information
- Device type and operating system version
- Session identifiers for analytics
- Time zone and language preferences
Information from Third-Party Services
Authentication Providers
- Apple Sign In: Email (may be relay address), display name
- Google Sign In: Email, display name, profile photo
Market Data (Polygon.io)
- Stock prices and market information for portfolio simulation
- No personal data is shared with Polygon.io
Financial Account Data (Plaid, Inc.)
- Account balances and transaction data, only when you opt in
- See Plaid's End User Privacy Policy
How We Use Your Information
To Provide Core Functionality
- Create and manage your account
- Track your learning progress and award VestCoins and FinIQ points
- Maintain leaderboard rankings and competition results
- Provide AI-driven personalized learning paths
- Power financial tools (budgets, calculators, goal tracking, net worth)
- Display linked bank account information (if opted in)
To Enhance Educational Effectiveness
- Adjust question difficulty based on your performance
- Target questions aligned to your Money Type personality
- Identify knowledge gaps and suggest learning paths
- Track long-term knowledge retention
To Improve Our Service
- Analyze aggregate usage patterns
- Fix bugs and optimize performance
- Develop new educational content
Data Sharing and Disclosure
We DO NOT
- Sell your personal information
- Share data with advertisers for cross-app tracking
- Share your learning progress with other users (except public leaderboard rank)
We May Share Data With
- Supabase — Database hosting and authentication (SOC 2 Type II certified)
- Plaid, Inc. — Financial account linking (only if you opt in)
- Stripe / Apple / Google — Payment processing
- Polygon.io — Market data (no personal info shared)
- Legal requirements — If required by law, legal process, or to protect rights and safety
Data Retention
| Data Category | Retention Period |
|---|---|
| Account and profile data | Until account deletion |
| Self-reported financial data | Until account deletion or user deletes |
| Linked financial account data | Until user revokes access or account deletion (max 12 months per CFPB) |
| Learning progress and analytics | Until account deletion |
| Uploaded documents | Until account deletion or user deletes |
| Application and auth logs | 90 days |
| Database backups | Rolling 90-day window |
| Aggregated analytics (anonymized) | Indefinitely |
Account Deletion
When you delete your account (via in-app settings or email request):
- All user data is deleted from the primary database within 24 hours
- All uploaded files are permanently deleted from storage within 24 hours
- Plaid access tokens are revoked within 24 hours
- Local device data is cleared on logout
- Data is purged from rotating backups within 90 days
Data Security
- Encryption in transit: All data transmitted using TLS 1.2+
- Encryption at rest: AES-256 encryption on all stored data
- Access controls: Row-Level Security (RLS) on all database tables ensures users can only access their own data
- Authentication: Passwords hashed with bcrypt; Apple Sign In and Google Sign In supported
- Infrastructure: Hosted on SOC 2 Type II certified services (Supabase)
- MFA: Multi-factor authentication on all administrative systems
Your Privacy Rights
You have the right to:
- Access — Request copies of your personal data
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your account and data
- Portability — Receive your data in a portable format
- Opt-out — Unsubscribe from optional communications
- Revoke financial data access — Disconnect linked bank accounts at any time
To exercise these rights, email us at privacy@supportvest.com.
California Privacy Rights (CCPA/CPRA)
California residents have additional rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information
- Right to equal service and price
We do not sell personal information.
Children's Privacy
SupportVest has a 13+ age rating. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will promptly delete it. Parents who believe their child has provided personal information should contact us immediately.
Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy and updating the “Last Updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, please contact us:
- Privacy inquiries: privacy@supportvest.com
- General support: support@supportvest.com
- Website: www.supportvest.com