Habitual Money, Inc.
Security

🤝   We will not sell you ads. Your data is safe with us.

This Security section includes the following sections:
OverviewData AccessData RetentionInfrastructureContact Us

Overview
We understand that by using Habitual Money, you are trusting us with your most-important data. That’s why we treat your personal and financial data like we’d want ours to be treated. Below, you‘ll find the principles that guide our approach to privacy and security.

Data Access
We believe that you should have access to and control over your data. You can request to have all your transactional data, including categories, merchants, etc. to be exported. Please reach out to support@habitual.money for access.

Your personal financial account data, such as budgets and transactions, is only accessed by the Habitual team when necessary to provide customer support if you personally reported a bug or issue to us via email or a support form embedded in the product., like when you request support for a data issue. We use aggregated and anonymized data for internal analytics and business purposes – you can read our Privacy Policy for more information.

We do not see or store your bank login credentials as we use our trusted data aggregator, Plaid, to connect to your financial institutions. You can read more about Plaid’s security policies on their website.

If you choose to integrate with Gmail, we employ the same best practices as your bank account. We do not see your Gmail login credentials and are granted read-only access from Google. We and do not have the ability to send or edit any emails. We currently only look at emails related to Venmo and Amazon to help enhance your categorization experience. All of this logic is fully automated and no humans have access to your emails. We do not save any emails or any unrelated data whatsoever. You can always unlink your gmail account at any time under the app Settings.

We are currently under review by an independent third-party auditor to take a look at how Habitual uses and protects your email information, in accordance to meet Google’s standards. Habitual adheres to Google API Services User Data Policy, including the Limited Use requirements.

Data Retention
We will keep your information as long as you are a user (either trialing, paid, or free) of the service. Once your trial ends, we auto-schedule for your account and all its data to be deleted from our servers after 30 days. Any synced bank or email accounts will be disconnected after 5 days. If you request a cancellation of your account either by email via support@habitual.money, or through the product, all data associated with your account will be deleted within 72 hours.

Infrastructure
We employ a number of security measures to help keep your data safe, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. Your data is encrypted while it is being stored and while interacting with our servers.

None of your personal bank or email credentials are seen by us or stored. All your data is AES-256 encrypted. Your data is protected with bank-level security.

We use Multi-Factor Authentication (MFA) on all internal systems and incorporate MFA support and mobile device management into our company devices.

Our server is hosted on Heroku. They apply security controls at every layer from physical to application, isolate customer applications and data, and deploy security updates without customer interaction or service interruption. Heroku adheres to industry standard security, privacy and compliance controls, including:

We do not sell your data
All personal, financial and email data are used to provide you with a world class service. We do not sell your data to any other service and as such you will never see an ad on our platform.

Contact Us
We strive to be fully transparent when it comes to our security practices. If you have any questions please reach out to us at support@habitual.money.