Privacy Policy

What we can't see

Amounts, balances, holding quantities, account identifiers, notes and descriptions are encrypted on your device with a key derived from your encryption passphrase. That key is never sent to our servers, so we cannot decrypt or read your financial values.

What we process (metadata)

To run the app we process: your email address (for your account and sign-in), the encrypted blobs, and non-sensitive metadata such as vault ids, currency codes, dates, recurrence-rule shape, and shared-vault membership. This metadata lets us sync your data and schedule date-based reminders.

Emails we send (invitations, reminders) never include amounts.

We log security events (sign-ins, key changes) to protect your account.

Keys and recovery

Your encryption passphrase is never sent to the server. If you lose both your passphrase and your recovery key, your data cannot be recovered — not by you and not by us. Keep your recovery key somewhere safe.

Third parties

We use Supabase (EU region) for storage and authentication, an email provider for transactional email, and market-data providers for prices (no personal data). We don't run ads, and we never sell or share your data.

Where your data lives

Your data is stored in the European Union region.

Your rights

You can export or delete your account and data at any time from Settings. Under the GDPR you have rights of access, rectification and erasure.

Children

Plenith is not intended for anyone under 16.

Changes

We may update this policy; we'll post the current version here with its date.

Contact

Reach us at support@plenithapp.com.