Draft — pending legal review before public launch. This policy is not yet in effect.

Privacy Policy

Last updated: March 2026

1. What we collect

Bank transactions. When you connect a bank account via Plaid, Douse receives read-only access to your transaction history. We store transaction amounts, merchant names, dates, MCC codes, and spending categories. We do not store account numbers, balances, routing numbers, or bank login credentials.

Account information. Your email address, the comfort zone amount you set, and your alert preferences.

Spending patterns. Derived data including weekly spending totals, streak counts, and zone status (comfort / caution / warning / danger). This is computed from your transactions and stored to power your dashboard.

Device information. Push notification tokens so we can deliver alerts to your device. We do not collect device identifiers beyond what is required for push delivery.

2. How we use it

  • Detecting spending activity and triggering alerts
  • Calculating your streak and current spending zone
  • Generating weekly insights (Pro tier)
  • Delivering push notifications and SMS alerts
  • Showing your dashboard and transaction history

We do not use your data for advertising, sell it to third parties, or use it to train machine learning models.

3. Who we share it with

Support persons. You choose what your support person sees. Options range from simple zone notifications to full transaction details. They cannot see anything by default — you control the permission level at any time from Settings.

Plaid Inc. We use Plaid Inc. to connect to your bank. Plaid's privacy policy applies to data collected through their service (plaid.com/legal). Plaid's access token is stored server-side only — it never reaches your device or browser.

Twilio. We use Twilio to send SMS alerts to you and your support persons. Twilio receives the phone number and message text, nothing more.

Supabase. Our database and authentication provider. Data is stored in Supabase's infrastructure with row-level security enforced — no one can read your data except you and the people you've granted access to.

4. Data retention and deletion

Your data is retained for as long as your account is active. You can delete your account and all associated data at any time from the Settings page. Deletion is immediate and permanent — bank connections are revoked via Plaid and all records (transactions, alerts, streaks, bank connections) are removed from our database.

You may also request deletion by emailing privacy@douse.app. We will process the request within 30 days.

5. Your rights

You have the right to access, correct, or delete your personal data at any time. You may also request a copy of your data in a portable format, or object to certain processing. To exercise any of these rights, contact us using the information in Section 7.

California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you additional rights:

  • Right to know. You can request a copy of the personal information we hold about you.
  • Right to delete. You can request deletion of your account and all associated data at any time from the Settings page, or by emailing privacy@douse.app.
  • Right to opt out of sale. Douse does not sell your personal information to third parties.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

Opt out of data sharing. Douse does not sell or share your personal data for cross-context behavioral advertising. The only sharing that occurs is described in Section 3 (support persons you invite, and infrastructure providers Plaid, Twilio, and Supabase).

6. Children

Douse is not intended for users under 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, contact privacy@douse.app and we will delete the account promptly.

7. Contact

For privacy questions, data requests, or to close your account, email privacy@douse.app.