Privacy Policy

Last updated: October 14, 2025

Granite Finance ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application, Granite (the "Service").

1. Information We Collect

We collect information in the following ways:

Information You Provide Directly: This includes your email address when you create an account, as well as any financial information you manually enter, such as your monthly income, fixed expenses, and savings or investment goals.
Financial Information via Plaid: When you connect your financial accounts to our Service, we use a third-party service provider, Plaid Inc. ("Plaid"), to retrieve transaction data. This includes information about your account balance, transaction history, merchant names, amounts, and categories. We do not receive or store your bank account login credentials.
Usage Information: We may collect basic information about how you interact with our Service to help us improve functionality and user experience.

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide, operate, and maintain our Service, including calculating your daily budget.
To personalize your experience.
To communicate with you, including sending optional notifications and responding to your inquiries.
To monitor and analyze usage to improve and enhance the Service.
To enforce our Terms and Conditions.

3. How We Share Your Information

We do not sell your personal information. We may share your information with trusted third-party service providers under the following circumstances:

Financial Data Aggregators: We share information with Plaid to connect to your bank accounts. Plaid's use of your information is governed by their privacy policy, which we encourage you to review.
Infrastructure and Cloud Providers: We use a backend server to host our application, database, and authentication services. Your data is stored securely on their platform.
Notification Services: If you opt-in to notifications, we will share necessary information (like your email address and relevant budget data) with our notification provider to deliver those alerts.
Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. We rely on the security infrastructure of our provider, which includes industry-standard security practices. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that no security measures are perfect or impenetrable.

5. Google Sign-In Data

If you choose to sign in with your Google account, this section explains how we handle your Google data:

Data Accessed

If you choose to sign in with your Google account, we access limited profile information provided by Google, specifically your name, email address, and profile image (if available). No other Google user data (such as Gmail, Drive, Calendar, or Contacts) is accessed.

Data Usage

This information is used solely to authenticate your account, personalize your profile within the app, and facilitate secure login. We do not use your Google data for advertising, analytics, or any secondary purposes.

Data Sharing

We do not share Google user data with any third parties except as required to operate the Service (e.g., our backend server). These providers process data only on our behalf and under strict confidentiality obligations.

Data Storage & Protection

Google user data is securely stored on Supabase servers located in the United States. All data is encrypted both in transit (HTTPS/TLS) and at rest. Access is limited to authorized personnel who need the information to operate and maintain the Service.

Data Retention & Deletion

We retain Google user data only while your account is active. When you delete your account or request data deletion, all associated Google user data is permanently deleted from our servers within 30 days.

To request deletion, email hi@granitefinance.io with the subject line "Delete My Data."

6. Your Rights and Choices

You have the right to review, update, or delete the personal information you provide in your account settings. You can also disconnect your financial accounts at any time. If you wish to permanently delete your account and all associated data, please contact us.

7. Data Retention and Deletion

We retain your information as long as your account is active. When you delete your account, all associated data is permanently deleted from our servers within 30 days.

You can request data deletion at any time by emailing hi@granitefinance.io with the subject line "Delete My Data."

8. Children&pos;s Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children.

9. Third-Party Services

We use third-party providers like Plaid (see Plaid's Privacy Policy) and Supabase for backend hosting and data storage.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us.