Olbey Privacy Policy

Olbey is a personal finance app for the United States. It connects to your bank read-only so you can see, in plain language, how much you can safely spend, what financial state you’re in, and where your money goes. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices and rights you have.

It covers the Olbey iOS app and this website (together, the Services). By using Olbey, you agree to the practices described here. If something is unclear, email us at [email protected] and we’ll explain it like a human.

Effective date: May 29, 2026

Two quick promises up front: we connect to your bank read-only and never see or store your bank login, and we do not sell your data.

Olbey ("Olbey," "we," "us," or "our") provides the Olbey app and website. For privacy questions, requests, or to exercise any of the rights described below, you can reach us at [email protected].

Olbey is currently in active development heading toward a beta (TestFlight) release and is available to adults in the United States. References to features below describe how the Services work for people we’ve given access to.

We collect only what we need to make Olbey useful to you. That falls into a few categories:

• Account information. Your name, email address, and the sign-in protections you set up, such as a passcode and one-time codes. We use Face ID or Touch ID for unlocking on your device — the biometric data itself stays on your device and is never sent to us.
• Financial data from your bank (via Plaid). When you connect a bank, our partner Plaid retrieves read-only information such as account balances, account type, transaction history, amounts, dates, and merchant or description details. We never receive or store your bank username, password, or other login credentials — those go only to Plaid and your bank.
• Statement uploads (optional). If you don’t connect a bank, you can upload a PDF or CSV statement. We process the transactions it contains. We may keep a non-reversible hash of a file’s header to avoid importing the same statement twice.
• Data Olbey derives. From the above, we generate things like your Available to Spend, daily capacity, spending categories, Pulse score and status, and written insights. This derived data is part of your financial profile.
• Device and usage data. Basic technical information such as device model, operating system version, app version, language, crash and diagnostic logs, and how you interact with features. This helps us keep the app stable and improve it.
• Website data. If you join the waitlist or request early access, we collect the contact details you submit (such as your email). The website also uses cookies and similar technologies as described below.
• Communications. Messages you send us, including support requests and anything you type into the in-app AI chat.

We use your information to provide, secure, and improve Olbey — never to scare you with numbers. Specifically, we use it to:

• Show your live financial picture: Available to Spend, daily capacity, your Pulse status and score, and your Spending Garden.
• Categorize transactions and generate personal, plain-English insights and answers in the AI chat.
• Set up and run your account, including onboarding in the chat.
• Protect your account and our Services — verifying sign-in, detecting and preventing fraud or abuse, and maintaining an audit log of sensitive actions.
• Provide customer support and respond to your messages.
• Keep the app reliable, fix bugs, and develop and improve features.
• Send you service-related messages and, if you’ve asked, waitlist or early-access updates. You can opt out of non-essential messages at any time.
• Comply with legal obligations and enforce our terms.

We do not use your bank or financial data to serve you third-party advertising, and we do not sell it.

Two parts of Olbey deserve their own explanation because they’re central to how it works.

Bank connections through Plaid. We use Plaid Inc. to connect to your financial institution. When you link a bank, you interact with Plaid directly and your credentials are handled by Plaid, not Olbey — we never see or store them. The connection is read-only: Olbey can view information, but cannot move money or make changes to your accounts. Plaid’s handling of your information is governed by Plaid’s own privacy policy and its end-user privacy notice, which we encourage you to read.

AI categorization and insights. Olbey uses artificial intelligence to categorize your transactions and to turn your financial metrics into readable insights and chat answers. To do this, relevant financial and transaction data may be processed by trusted third-party AI providers acting on our behalf under contract. These providers are restricted to processing your data only to deliver Olbey’s features — they are not permitted to use your data to train their own general-purpose models or for their own purposes. AI output is meant to be helpful and informational; it is not financial, tax, or investment advice.

We share information only in the limited circumstances below, and only as needed:

• Service providers (sub-processors). Companies that help us run Olbey — for example Plaid (bank connections), AI model providers (categorization and insights), cloud hosting and infrastructure, and crash and diagnostics tooling. They may process your data only on our instructions and to provide their service to us.
• Legal and safety. When required by law, legal process, or a valid government request, or to protect the rights, safety, and security of our users, the public, or Olbey, and to detect or prevent fraud.
• Business transfers. If Olbey is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We’ll notify you if it becomes subject to a materially different privacy policy.
• With your direction. When you ask us to share information or otherwise direct us to.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

Where data protection laws require a legal basis to process your personal information, we rely on the following:

• Performance of a contract — to provide the Services you’ve signed up for, such as connecting your bank and showing your financial picture.
• Your consent — for example, when you choose to connect a bank, upload a statement, or receive optional communications. You can withdraw consent at any time.
• Legitimate interests — to secure the Services, prevent fraud, maintain audit logs, and improve and develop features, balanced against your rights.
• Legal obligation — where we must process data to comply with applicable law.

Olbey is currently offered in the United States. We describe these bases for transparency and for anyone to whom such laws may apply.

Security is foundational to a finance app, and we take it seriously:

• Read-only bank access. Bank connections are read-only through Plaid, and we never receive or store your bank login credentials.
• Encryption. We encrypt data in transit and at rest using industry-standard methods.
• Sign-in protection. Your account is protected by a passcode, biometrics (Face ID / Touch ID), and one-time codes. Biometric data stays on your device.
• Audit logs. Every sensitive action is written to an audit log so it can be traced.
• Access controls and rate limits. We limit internal access to your data and apply safeguards such as limits on statement uploads to protect the Services.

No method of transmission or storage is ever completely secure, so we can’t guarantee absolute security — but we work hard to protect your information and to keep these measures current.

We keep your information only for as long as we need it to provide the Services to you, and afterward only as long as necessary for legitimate business or legal purposes.

• We retain your account and financial data while your account is active.
• When you use Delete All Data, we delete your financial data as described in the next section.
• When you delete your account, we delete or de-identify your personal information, except where we must retain limited records to comply with law, resolve disputes, prevent fraud, or enforce our agreements.
• Backups and logs may persist for a limited period before being overwritten on our routine cycles. Audit-log entries may be retained as required for security and compliance.

You’re in control of your data. Within Olbey you can:

• Delete All Data. Wipe all of your financial data (bank connections, transactions, and derived insights) while keeping your account. This is a one-tap option in the app.
• Delete your account. Permanently delete your entire account, confirmed with your biometrics or passcode. This removes your personal information, subject to the limited legal retention described above.
• Disconnect a bank or remove a statement at any time.

Depending on where you live, you may also have rights to access a copy of your data, correct inaccurate data, delete data, port your data, object to or restrict certain processing, and withdraw consent. To exercise any of these, email [email protected]. We’ll verify your request and respond within the timeframe required by applicable law. You won’t be discriminated against for exercising your rights.

If you’re a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you specific rights regarding your personal information:

• Right to know the categories and specific pieces of personal information we collect, the sources, the purposes, and the categories of third parties we share it with.
• Right to delete personal information we hold about you, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information — although Olbey does not sell or share your personal information for cross-context behavioral advertising, so there is nothing to opt out of.
• Right to limit the use of sensitive personal information to what’s necessary to provide the Services — which is already how we operate.
• Right to non-discrimination for exercising any of these rights.

To make a request, email [email protected]. We will verify your identity before responding, and you may use an authorized agent where the law allows.

Olbey is built for adults and is not intended for anyone under 18, and in no case for anyone under 16. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal information, please contact [email protected] and we will delete it.

Olbey is operated from and intended for users in the United States. Your information will be processed and stored in the United States and in other countries where our service providers operate. These countries may have data protection laws that differ from those where you live.

Where required, we put appropriate safeguards in place for international transfers — such as standard contractual clauses or equivalent mechanisms — to protect your information consistent with this policy.

Our website uses cookies and similar technologies. We use strictly necessary cookies to make the site work, and may use preference and analytics cookies to understand how the site is used so we can improve it. The app itself does not rely on advertising cookies.

You can control cookies through your browser settings, and where required we’ll ask for your consent to non-essential cookies. Blocking some cookies may affect how parts of the website function.

As Olbey grows, we may update this Privacy Policy. When we do, we’ll revise the Effective date at the top and, for material changes, give you additional notice — for example, in the app or by email.

Your continued use of the Services after an update takes effect means you accept the revised policy. We encourage you to review it from time to time.

If you have any questions, requests, or concerns about this Privacy Policy or how we handle your information, we’d genuinely like to hear from you.

Email us at [email protected]. We’ll get back to you as soon as we can, in plain language — no jargon.