Regulatory Compliance Registry

Privacy Policy & Data Safety

Effective Date: July 17, 2026 | Version 2.1 (Google Play Compliant)

Our Core Privacy Promise

Local-First Storage: Financial ledgers stay compiled in a local sandbox database on your device.
No Selling of Data: We never share, license, or sell user financial information to third parties.

1. Information We Collect

ACRU is a financial utility. We prioritize client-side data isolation. In order to provide synchronization and billing, we interact with the following data classes:

  • User Identity Data: Username, email address, and optional phone numbers (managed securely via Supabase Auth for login credentials).
  • Financial Feeds (Plaid API): Read-only bank tokens, institutional names, and transactions. Financial credentials (usernames/passwords) are handled directly by Plaid and are never accessed or stored by ACRU.
  • Manual Ingestion Data (CSV Porter): Uploaded statement columns are parsed in-memory and committed strictly to the device's local database.

2. How Data is Processed & Shared

All financial ledger analysis, Safe-to-Spend buffers, categorizations, and savings rate benchmark math are computed entirely on your device. We do not transmit transaction payloads to centralized databases for advertising or profiling. Billing operations (Stripe API) and bank feeds (Plaid API) represent the only outbound secure transmission endpoints.

3. Children's Privacy Compliance (COPPA)

ACRU complies strictly with the Children's Online Privacy Protection Act (COPPA) standards and Google Play Families Policies.

⚠️
Age Restrictions: Our services are not intended for, marketed to, or designed for use by individuals under the age of 13 (or 18 in specific jurisdictions without parent/guardian supervision). We do not knowingly collect, solicit, or maintain personal or financial data from children under 13. If we discover a child under 13 has created an account, we will permanently purge the account from our systems immediately.

4. Data Control & Deletion Rules

You maintain absolute control over your financial history. You can use the **Danger Zone** in the settings panel to wipe the SQLite database or request complete profile deletion. Account deletions purge identity credentials from Supabase Auth and cascade-delete all transaction logs and Plaid connection records from our database in a single transaction.

5. Contact & Compliance

If you have any questions regarding this Privacy Policy or wish to file a compliance request, please contact our privacy officer at **compliance@acru.cloud**.

© 2026 ACRU. Fully compliant with Google Play Personal Financial Services policies.