Prospify

Privacy Policy

Last updated: March 26, 2026 · hello@prospify.co

Introduction

Prospify (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our credit card optimization and spending analytics platform (the “Service”).

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Information We Collect

We collect the following types of information:

Account Information. When you create an account, we collect your name, email address, and profile picture through Google OAuth. We use Supabase for authentication and do not store your Google password.

Financial Data. When you connect your financial accounts through Plaid, we receive transaction data including transaction amounts, dates, merchant names, categories, and account balances. See the Financial Data (Plaid) section below for details.

Usage Data. We automatically collect certain information when you visit the Service, including your IP address, browser type, operating system, referring URLs, and pages viewed. We use Vercel Analytics for anonymous, aggregated usage metrics.

Splitwise Data. If you connect your Splitwise account, we access your Splitwise groups, friends, and expense data to enable bill-splitting features. We store your Splitwise connection details and related group/friend metadata.

Financial Data (Plaid)

We use Plaid Inc. to connect to your financial institutions and access your financial data. When you link a bank or credit card account:

  • Plaid handles authentication directly. Your bank login credentials are provided to Plaid, not to Prospify. We never see, receive, or store your bank username or password.
  • We receive transaction-level data including transaction amounts, dates, merchant names, payment categories, and account balances. This data is used to analyze your spending patterns and recommend optimal credit cards.
  • We access the Transactions product only. We do not request access to your identity, income, assets, liabilities, or investment data through Plaid.
  • Data is synced periodically. We use Plaid webhooks and manual sync triggers to keep your transaction data up to date.

You can manage or revoke Plaid's access to your financial accounts at any time by visiting my.plaid.com. For more information about Plaid's practices, please review Plaid's End User Privacy Policy.

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including spending analytics, credit card optimization recommendations, and bill-splitting features
  • Analyze your spending patterns to recommend credit cards that maximize your rewards
  • Sync and categorize your transactions across linked accounts
  • Enable Splitwise integration for splitting expenses with friends and groups
  • Improve and personalize your experience with the Service
  • Communicate with you about your account, including service updates and security alerts
  • Detect, prevent, and address technical issues or fraud

How We Share Your Information

We do not sell your personal data. We do not sell, rent, or trade your personal information, financial data, or transaction history to third parties for marketing or any other purpose.

We may share your information only in the following circumstances:

  • Service Providers. We use third-party services that help us operate the Service: Plaid (financial data aggregation), Supabase (database and authentication), Vercel (hosting and analytics), and Splitwise (bill splitting). These providers access your data only to perform services on our behalf.
  • Legal Requirements. We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Protection of Rights. We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, fraud, or threats to safety.
  • Business Transfers. If Prospify is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Data Retention & Deletion

We retain your personal information and financial data for as long as your account is active or as needed to provide you with the Service.

Account deletion. You may delete your account at any time from your profile settings. When you delete your account, we will delete all your personal data, financial data, transaction history, and linked account information. This deletion is permanent and cannot be undone.

Plaid connection removal. You can disconnect individual financial institutions at any time. When you disconnect an institution, we revoke the Plaid access token and soft-delete the associated account data.

We may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance). Any retained data will be anonymized where possible.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

California Residents (CCPA). If you are a California resident, you have the right to: know what personal information we collect; request deletion of your personal information; opt out of the sale of personal information (we do not sell your data); and not be discriminated against for exercising your rights.

European Residents (GDPR). If you are a resident of the European Economic Area, you have the right to: access your personal data; rectify inaccurate data; request erasure of your data; restrict or object to processing; data portability; and withdraw consent at any time.

To exercise any of these rights, please contact us at hello@prospify.co. We will respond to your request within 30 days.

Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • All data is encrypted in transit using TLS 1.3 encryption
  • Our infrastructure runs on SOC 2 compliant platforms (Supabase, Vercel)
  • Financial data is accessed through Plaid's bank-level security infrastructure
  • Row-level security (RLS) policies ensure users can only access their own data
  • Authentication is handled through Google OAuth with Supabase, eliminating password storage

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@prospify.co