Privacy Policy

Last updated: January 2025

Welcome to Capitowl. Your privacy is important to us. This Privacy Policy explains how Capitowl, LLC ("Capitowl," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our mobile application, website, and related services (collectively, the "Services").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Services.

Information We Collect

Information You Provide

When you create an account or use our Services, you may provide us with:

  • Account information — name, email address, and password
  • Financial account credentials — bank login information you provide to connect accounts (handled via encrypted third-party connections; we never store your raw credentials)
  • Profile information — preferences, settings, and optional details you choose to share
  • Communications — messages you send us via support or feedback channels

Information Collected Automatically

When you use the Services, we automatically collect:

  • Device information — device type, operating system, unique device identifiers
  • Usage data — features accessed, actions taken, time spent in the app
  • Log data — IP address, app version, crash reports, performance data
  • Location data — approximate location based on IP address (we do not track precise GPS location)

Information From Third Parties

We may receive information from:

  • Financial data providers — transaction data, account balances, and institution metadata via Plaid and similar aggregators
  • Market data providers — investment pricing and security information

How We Use Your Information

We use the information we collect to:

  • Provide and improve the Services — including syncing your financial accounts, generating insights, and personalizing your experience
  • Communicate with you — send account alerts, security notifications, and product updates
  • Ensure security and prevent fraud — monitor for suspicious activity and protect your account
  • Comply with legal obligations — respond to lawful requests and enforce our terms
  • Conduct analytics — understand how users interact with the Services to improve product quality

We do not sell your personal information to third parties. We do not use your financial data for advertising purposes.

How We Share Your Information

We may share your information with:

  • Service providers — third-party vendors who help us operate the Services (e.g., cloud infrastructure, payment processors, analytics). These parties are contractually bound to handle your data securely and only as directed by us.
  • Financial data aggregators — such as Plaid, to connect and retrieve your financial account data on your behalf
  • Legal and regulatory authorities — when required by law, subpoena, or to protect the rights, property, or safety of Capitowl, our users, or the public
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. If you delete your account, we will delete or anonymize your data within 30 days, unless we are required to retain it for legal or regulatory purposes.

Your Rights and Choices

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export a copy of your data in a machine-readable format
  • Opt out of certain data processing activities

To exercise any of these rights, contact us at privacy@capitowl.io.

Security

We take reasonable technical and organizational measures to protect your information from unauthorized access, use, or disclosure. These measures include:

  • End-to-end encryption for sensitive data in transit
  • AES-256 encryption for data at rest
  • Two-factor authentication options for your account
  • Regular security audits and penetration testing

No method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication.

Children's Privacy

The Services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at privacy@capitowl.io and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will notify you via email or an in-app notice at least 14 days before the changes take effect. Continued use of the Services after the effective date constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Capitowl, LLC Email: privacy@capitowl.io