Legal

Privacy Policy

Effective date: March 9, 2026 · Governing law: State of Utah, USA

Plain-English Summary

  • We connect to your bank accounts via Plaid or Teller to give you AI-powered financial insights. We never see or store your bank username or password.
  • We use your data to power Centiv — insights, ¢Score scoring, and your Money Persona. We don't use it for advertising.
  • We do not sell your personal or financial data. Ever.
  • We share data only with the service providers needed to run Centiv, each bound by a data processing agreement.
  • You can access, correct, export, or delete your data at any time by emailing privacy@centiv.app.
  • Deleting your account removes your personal data within 30 days (certain legal records may be held longer).

Table of Contents

  1. Plain-English Summary
  2. 1. Information We Collect
  3. 2. How We Use Your Information
  4. 3. How We Share Your Information
  5. 4. AI & Automated Processing
  6. 5. Financial Data & Bank Connections
  7. 6. Cookies & Tracking Technologies
  8. 7. Push Notifications
  9. 8. Data Retention
  10. 9. Data Security
  11. 10. Children's Privacy
  12. 11. U.S. State Privacy Rights
  13. 12. Sensitive Personal Data
  14. 13. Data Transfers
  15. 14. Business Transfers
  16. 15. Changes to This Policy
  17. 16. Contact Us

1. Information We Collect

We collect several categories of personal data depending on how you interact with Centiv.

A. Information You Provide Directly

Account dataEmail address, password (hashed), name, date of birthCreating and managing your account
Profile dataDisplay name, profile photo (optional)Personalising your experience
Payment dataLast 4 digits of card, billing email, payment method typeProcessing your subscription via Stripe
CommunicationsEmails or support messages you send usResponding to your requests

B. Financial Data (via Bank Connections)

When you connect a bank account, our integration partners — Plaid (plaid.com) and Teller (teller.io) — retrieve data on your behalf. Centiv never receives, stores, or has access to your bank login credentials. The financial data we receive and store includes:

Account informationInstitution name, account type, account mask (last 4 digits), available and current balancesPowering insights, ¢Score, and spending summaries
Transaction dataTransaction date, amount, merchant name, category, descriptionGenerating insights, Persona, and AI analysis
Subscription detection dataRecurring transaction patternsIdentifying and tracking active subscriptions

C. Data Collected Automatically

Device & IP dataIP address, device model, operating system, app versionSecurity, fraud prevention, debugging
Usage analyticsFeatures used, screens viewed, session frequency and durationImproving the product
Crash & error dataStack traces, error messages (via Sentry)Diagnosing and fixing bugs
Push notification tokensDevice token issued by Apple Push Notification Service (iOS) or Firebase Cloud Messaging (Android)Delivering notifications you opt into

D. Data From Third Parties

If you sign in with Google, we receive your name, email address, and profile photo from Google as permitted by their OAuth flow. We do not receive your Google account password or any other data beyond what you authorize.

2. How We Use Your Information

We use personal data only for the purposes described below:

  • Providing the service — delivering AI financial insights, ¢Score scores, Money Personas, subscription tracking, and spending summaries.
  • Personalisation — tailoring Cent AI responses, recommendations, and weekly summaries to your financial behaviour.
  • Account and subscription management — creating and managing your account, processing payments, and communicating plan changes.
  • Security and fraud prevention — detecting suspicious activity, investigating potential policy violations, and protecting both you and Centiv.
  • Product improvement — using aggregated, anonymised data to improve algorithms, scoring models, and features.
  • Communications — sending transactional emails (receipts, account alerts), push notifications you opt into, and material policy updates.
  • Legal compliance — meeting obligations under applicable law, responding to lawful requests, and enforcing our Terms of Service.

We do not use your personal or financial data for interest-based advertising, and we do not build advertising profiles.

3. How We Share Your Information

We do not sell your personal data. We share data only with the service providers necessary to operate Centiv, and only to the extent required for them to perform their services. All providers are bound by data processing agreements that prohibit them from using your data for their own purposes.

Service Providers

Supabase (supabase.com)Database hosting and authenticationUser accounts, transactions, and profile data
Plaid (plaid.com)Bank connectivitySecurely linking financial accounts; see Plaid's Privacy Policy
Teller (teller.io)Bank connectivity (alternative)Securely linking financial accounts; see Teller's Privacy Policy
Stripe (stripe.com)Payment processingSubscription billing; payment card data handled entirely by Stripe
Anthropic (anthropic.com)AI / large language modelPowering Cent AI — financial data sent is governed by a DPA; not used to train public models
Railway (railway.app)Server / API hostingHosting the Centiv Node.js API and Python microservice
Vercel (vercel.com)Website hostingHosting the centiv.app marketing site
Inngest (inngest.com)Background job orchestrationScheduling and running Persona, Pulse, and scoring jobs
Sentry (sentry.io)Error monitoringCrash reports and stack traces for debugging
Apple (apple.com)Push notifications (iOS)Delivering app notifications via Apple Push Notification Service
Google / Firebase (firebase.google.com)Push notifications (Android), crash reportingDelivering app notifications via Firebase Cloud Messaging; crash diagnostics via Firebase Crashlytics
Google (google.com)OAuth sign-inAuthentication only; no financial data is shared with Google

Legal Obligations

We may disclose personal data to government or law enforcement authorities when required by a valid legal process (court order, subpoena, or equivalent), or where we have a good-faith belief that disclosure is necessary to protect the safety of any person, prevent fraud, or enforce our legal rights.

Aggregated / Anonymised Data

We may use and share aggregated, de-identified data (data that cannot reasonably be used to identify you) for product analytics, research, and service improvement. This data is not personal data.

4. AI & Automated Processing

Cent — our AI financial agent — uses Anthropic's Claude API to generate insights, answers, and commentary based on your financial data. When you interact with Cent, relevant portions of your financial data (transaction history, balances, patterns) are included in the prompt sent to Anthropic's API. This data is processed solely to generate your response.

Your data is not used to train Anthropic's models. We have a data processing agreement with Anthropic that governs this usage.

¢Score scores and Money Personas are generated by our own scoring algorithms running on our secure servers. These produce inferences about your financial behaviour (e.g., "Spending Score: 72/100") — you have the right to request access to, or deletion of, this inferred data (see Section 11).

5. Financial Data & Bank Connections

Connecting your bank accounts is optional but required to use most of Centiv's core features. Bank connections are made through Plaid or Teller, which use bank-grade OAuth flows or credential-based secure authentication. Your bank username and password are never transmitted to or stored by Centiv.

Transaction data is stored encrypted at rest (AES-256) in our Supabase database. You may disconnect any linked bank account at any time from within the Centiv app, which stops future data retrieval. Historical transaction data you have already synced may be retained for up to 30 days following disconnection, unless you request earlier deletion.

For details on how Plaid and Teller handle your credentials and data, please review:

6. Cookies & Tracking Technologies

The centiv.app website uses cookies and similar technologies to operate and improve the site experience.

Essential cookiesRequired for authentication and session management (e.g. keeping you logged in). Cannot be disabled without breaking the site.
Functional cookiesRemember your preferences such as dark/light theme.Persisted locally via localStorage
Analytics cookiesHelp us understand how pages are used (page views, session duration). Data is aggregated and not linked to individuals.You may opt out via your browser settings

We do not use advertising or retargeting cookies. We do not share cookie data with advertising networks. Most browsers allow you to control or disable cookies in settings. Note that disabling essential cookies may prevent you from signing in.

7. Push Notifications

The Centiv app may request permission to send you push notifications for alerts such as spending warnings, bill reminders, weekly Money Persona summaries, and Daily Pulse updates. You may grant or revoke this permission at any time in your device's settings (iOS Settings or Android system settings). We do not send marketing push notifications without your explicit consent.

8. Data Retention

We retain personal data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements.

Account and profile dataRetained for the life of your account; deleted within 30 days of account deletion request
Transaction and financial dataRetained while your account is active; deleted within 30 days of account deletion
Payment recordsRetained for 7 years as required for tax and accounting purposes
Aggregated / anonymised analyticsMay be retained indefinitely; cannot be linked back to you
Error logs (Sentry)Retained for 90 days then auto-purged
Archived account data (post-cancellation)Retained for 90 days to allow account reactivation; then purged

9. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit — all data between your device and our servers is encrypted via TLS 1.2+.
  • Encryption at rest — database data is encrypted using AES-256.
  • Row-level security (RLS) — database policies ensure users can only access their own data.
  • Multi-factor authentication (MFA) — a one-time code is sent to your email address to verify your identity at each sign-in, with an optional 30-day grace period you control in Settings.
  • Biometric authentication (Face ID / Touch ID / Fingerprint) — if you enable biometric login, authentication is handled entirely on your device (Apple Secure Enclave on iOS, Android Keystore on Android). Centiv never receives, transmits, or stores your biometric data.
  • Access controls — production credentials are restricted to the minimum number of team members required.
  • Error monitoring — Sentry captures crashes and errors without logging sensitive financial values.

No method of electronic storage or transmission is 100% secure. If you discover a security vulnerability, please contact us immediately at security@centiv.app.

10. Children's Privacy

Centiv is not directed to individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. During account creation, we require users to confirm they are 18 or older and collect date of birth for verification. If we learn that a person under 18 has provided us with personal data, we will delete it promptly. If you believe a minor has created an account, please contact us at privacy@centiv.app.

11. U.S. State Privacy Rights

Depending on your state of residence, you may have the following rights regarding your personal data. These rights apply to residents of California, Utah, Colorado, Connecticut, Virginia, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Maryland, Minnesota, Tennessee, and other states with comprehensive privacy laws.

Your Rights

  • Access — request confirmation of whether we process your personal data, and a copy of that data.
  • Correction — request that inaccurate personal data be corrected.
  • Deletion — request deletion of your personal data, subject to certain legal exceptions.
  • Portability — receive a copy of your personal data in a structured, machine-readable format.
  • Opt out of sale or sharing — as described below, we do not sell or share your personal data for advertising. No opt-out is required, but you may contact us to confirm.
  • Non-discrimination — we will not discriminate against you for exercising any privacy right.

Do Not Sell or Share My Personal Information

We do not sell personal data and we do not share personal data with third parties for cross-context behavioural advertising or targeted advertising. We therefore do not offer a "Do Not Sell" mechanism, because no such sale or sharing takes place. If you have questions, contact us at privacy@centiv.app.

California Residents (CCPA / CPRA)

In addition to the rights above, California residents may request a list of third parties to whom we have disclosed personal data for their own direct marketing purposes in the prior year. We do not engage in this practice.

Notice at Collection: At the point of account creation, we collect your name, email, date of birth, and (upon bank connection) financial transaction data. This data is collected for the purpose of providing the Centiv service as described in this Privacy Policy.

Exercising Your Rights

To exercise any of these rights, email us at privacy@centiv.app with the subject line "Privacy Request". We will respond within 45 days. We may need to verify your identity before fulfilling your request. We will not charge a fee for reasonable requests.

12. Sensitive Personal Data

Certain U.S. state laws designate categories of personal data as "sensitive," including financial account information. Centiv processes the following categories of sensitive data:

  • Financial account data (account balances, transaction history) — used solely to deliver Centiv's services.
  • Date of birth — used for age verification (18+ requirement) and, where provided, profile personalisation.

We do not collect sensitive categories such as Social Security numbers, health data, race, ethnicity, religion, political beliefs, sexual orientation, or genetic information. While Centiv offers optional biometric authentication (Face ID / Touch ID on iOS, Fingerprint / Face Unlock on Android), biometric processing occurs entirely on your device — Centiv never receives or stores your biometric data.

We do not use sensitive personal data to infer characteristics beyond those necessary to provide the Centiv service.

13. International Data Transfers

Centiv is operated from the United States. If you are accessing the service from outside the United States, your personal data will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country of residence. By using Centiv, you consent to this transfer. We take steps to ensure that any such transfers comply with applicable law and that your data remains protected in accordance with this Privacy Policy.

14. Business Transfers

In the event that High Five Creations LLC undergoes a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of its assets, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or via an in-app notification at least 14 days before the changes take effect. The "Effective date" at the top of this page will always reflect the most recent revision. Continued use of Centiv after the effective date constitutes acceptance of the updated policy.

16. Contact Us

For any privacy-related questions, requests, or concerns, contact our privacy team:

High Five Creations LLC
898 South State St, Ste 310 #5885, Orem, Utah 84097 US
Email: privacy@centiv.app
Security disclosures: security@centiv.app
Read our Terms of Service →Contact & Support