How OrbitFinance
protects your data
Connecting a bank account to any app is a serious decision. Here is exactly what OrbitFinance can and cannot do with your financial data, explained in plain English.
Read-only access
OrbitFinance can only view your account balances and transaction history. We request read-only permissions from your bank. The app cannot initiate transfers, make payments, or change anything on your accounts.
Cannot move your money
OrbitFinance has no ability to move, withdraw, or transfer funds from any of your accounts. We do not request write access to your financial institutions. Your money stays exactly where it is.
We never see your bank password
When you connect a bank account, you authenticate directly with your bank through Plaid. Your login credentials are handled entirely by Plaid and your financial institution. OrbitFinance never receives, stores, or has access to your banking passwords.
256-bit AES encryption
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via AWS KMS). Your financial information is protected at every layer, from the moment it leaves your bank to when it is stored on our servers.
Row-level data isolation
Your data is isolated at the database level using PostgreSQL row-level security. Each user can only access their own data. Even if a query runs incorrectly, the database itself enforces boundaries between users.
Delete your data anytime
You can disconnect any bank account at any time. You can request full account deletion, and we will remove all your personal and financial data within 30 days. See our data deletion instructions.
What is Plaid?
Plaid is the third-party service that securely connects your bank accounts to OrbitFinance. When you link an account, you log in directly with your bank through Plaid's interface. Plaid then provides OrbitFinance with read-only access to your account information and transactions.
Plaid is used by thousands of financial apps and is SOC 2 Type II certified. Your bank login credentials are never shared with OrbitFinance or stored on our servers. To learn more, see the Plaid End User Privacy Policy.
What data does OrbitFinance store?
When you connect an account, OrbitFinance receives and stores the following information from your financial institution via Plaid:
- Account details: account name, type, and current balance
- Transactions: amount, date, merchant name, and category
- Investment holdings: security name, ticker, quantity, and current value (for brokerage accounts)
- Account owner info: name and email (for verification purposes only)
We do not store your bank login credentials, full account numbers, or routing numbers.
How long do we keep your data?
- Account and transaction data: retained for the lifetime of your account to provide historical analysis and insights
- AI-generated insights: cached for up to 6 hours, then regenerated
- Operational logs: retained for up to 90 days for debugging and security monitoring
- After deletion: personal and financial data is removed within 30 days. Encrypted backups may persist up to 90 days before automatic purge.
Important disclaimers
OrbitFinance is not a bank. We do not hold deposits, issue credit, or provide any banking services. Your accounts remain at your financial institutions.
OrbitFinance does not provide financial advice. AI insights and budget recommendations are for informational purposes only. They are not a substitute for professional financial, tax, or legal advice. Consult a qualified professional before making significant financial decisions.
Data accuracy. Financial data is sourced from your bank via Plaid. While we work to display accurate information, delays or discrepancies can occur. Always verify important financial information directly with your institution.