WIMM Premium

Privacy Policy

Last updated: April 5, 2026

Where Is My Money (“WIMM,” “we,” “us,” or “our”) is a household finance tracking application. We believe you have the right to know exactly what data we collect, why we collect it, and how it is stored. This policy is written in plain language — no legalese.

What We Collect

Account Information

  • Email address — used for authentication, password resets, and license management. This is the only piece of personally identifiable information required to create an account.
  • Password — hashed using scrypt (a memory-hard key derivation function) before storage. We never store or have access to your plain-text password.
  • Two-factor authentication secrets — if you enable 2FA, your TOTP secret is encrypted with AES-256-GCM before storage. Recovery codes are hashed with bcrypt.

Financial Data

  • Bank transactions — transaction descriptions, amounts, dates, merchant names, and categories. This data is fetched via Plaid (see below) or imported manually by you through CSV, Excel, or OFX files.
  • Bank account metadata — account names, types (checking, savings, credit), and current balances. We do not store full account numbers.
  • Budgets, goals, and preferences — the budgets you set, savings goals you create, and display preferences you configure.

Data We Do NOT Collect

  • Full bank account numbers or routing numbers
  • Social Security numbers or government IDs
  • Physical addresses
  • Phone numbers
  • Biometric data
  • Usage analytics or behavioral tracking data

Third-Party Services

We use the following third-party services. Each has access only to the data necessary for its function:

Plaid (Bank Connections)

When you connect a bank account, Plaid acts as an intermediary between WIMM and your bank. Plaid receives your bank login credentials directly — WIMM never sees them. Plaid returns an access token that we encrypt with AES-256 before storing. This token allows us to fetch your transactions without ever handling your bank password.

Plaid's privacy policy: plaid.com/legal

AI Categorization (Anthropic, OpenAI, DeepSeek)

When you use AI categorization, transaction descriptions (merchant name, amount, date) are sent to one of our AI providers to determine a spending category. We send the minimum data required — no account numbers, no personal identifiers, no bank credentials.

The AI providers we use:

  • Anthropic (Claude) — primary provider
  • OpenAI (GPT-4o) — fallback provider
  • DeepSeek — tertiary fallback

You may also configure your own API keys for these providers in Settings. When you do, your keys are encrypted with AES-256-GCM before storage and requests go directly to the provider under your own account.

PayPal (License Purchases)

If you purchase a Premium license, payment is processed entirely by PayPal. We receive a confirmation and your PayPal email address but never handle your credit card or bank details for the payment itself.

Resend (Email Delivery)

We use Resend to send transactional emails: password reset links, household invitation emails, and license delivery emails. Resend processes only your email address and the email content.

How Your Data Is Stored

  • Database — your data is stored in a PostgreSQL database. Financial data is scoped to your user account and cannot be accessed by other users.
  • Encryption at rest — Plaid access tokens, TOTP secrets, and AI API keys are encrypted with AES-256 before being written to the database. Passwords are hashed with scrypt. Recovery codes are hashed with bcrypt.
  • Encryption in transit — all communication between your browser and our servers uses TLS (HTTPS).
  • Data isolation — every database query is scoped to your authenticated user ID. There is no shared access to financial data across users unless you explicitly join a household and mark specific accounts as shared.

Household Sharing

WIMM supports household sharing for families. When you join a household, only accounts you explicitly mark as “shared” are visible to other members. You can mark individual transactions as private even within shared accounts. You control what is shared at all times.

Your Rights

  • Access — you can export all your transaction data at any time via CSV or PDF from the app.
  • Deletion — you can delete your account and all associated data by contacting us. We will remove all data from our databases within 30 days.
  • Portability — your data is yours. Export it, move it, delete it.
  • Correction — you can edit any transaction, category, or account information directly in the app at any time.

Data Retention

We retain your data for as long as your account is active. If you delete your account, we remove all associated data within 30 days. We do not sell, rent, or share your financial data with any third party for advertising or marketing purposes — ever.

Cookies

We use only essential cookies required for authentication (session tokens). We do not use tracking cookies, analytics cookies, or advertising cookies.

Changes to This Policy

If we make material changes to this policy, we will update the “Last updated” date at the top. For significant changes, we will notify you via the app or email.

Contact

Questions about this privacy policy? Email us at privacy@wimm.money.