NYX Finance

Privacy Policy

Last updated: February 16, 2026

1. Introduction

NYX Finance ("we," "us," or "our") is committed to protecting your privacy and the security of your nonpublic personal information ("NPI"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our personal finance management platform (the "Service"). This policy is provided in accordance with the Gramm-Leach-Bliley Act ("GLBA") Regulation P, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable state privacy laws.

2. Information We Collect

We collect the following categories of information:

a. Information You Provide Directly

  • Name, email address, and account credentials (managed by Clerk)
  • Timezone and display preferences
  • Manually entered financial data (account balances, crypto holdings, precious metals holdings, sportsbook activity)
  • Budget configurations and savings goals
  • Household membership and sharing preferences

b. Financial Information via Plaid

  • Bank account and credit card account details (names, types, masked account numbers — last 4 digits only)
  • Account balances (current and available)
  • Transaction history (merchant names, amounts, dates, categories)
  • Investment holdings and balances

c. Payment Information

  • Subscription and billing data processed by Stripe. We do not store your credit card number — Stripe handles all payment card data.

d. Automatically Collected Information

  • Device type, browser type, IP address
  • Pages visited, features used, and interaction patterns
  • Authentication session data

3. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service: displaying your financial data, calculating net worth, tracking budgets and goals
  • AI-powered analysis: generating spending insights, anomaly detection, and monthly financial reports (processed by Anthropic's Claude API)
  • Notifications and alerts: budget threshold alerts, weekly digests, insight notifications
  • Payment processing: managing your subscription through Stripe
  • Household features: sharing financial data with household members you explicitly authorize
  • Service improvement: understanding usage patterns to improve features
  • Security: detecting unauthorized access and preventing fraud

4. Third-Party Services & Data Sharing

We share your information with third-party service providers only as necessary to operate the Service. We do not sell your personal information.

  • Clerk — Authentication and user management. Receives your email address and authentication credentials.
  • Plaid — Bank account and investment data aggregation. Receives your bank login credentials (directly, not through us) and provides us with account and transaction data.
  • Stripe — Payment processing for subscriptions. Receives your payment card details (directly, not through us) and billing information.
  • Anthropic (Claude API) — AI-powered financial insights. Receives anonymized financial data summaries for analysis. We send transaction aggregates and spending patterns — not raw account numbers or credentials.
  • CoinMarketCap — Cryptocurrency price data. Does not receive any of your personal information.
  • Metals.dev — Precious metals spot pricing. Does not receive any of your personal information.
  • Resend — Transactional email delivery. Receives your email address and name for email delivery.
  • Neon — Database hosting (PostgreSQL). Stores your encrypted data on our behalf as a data processor.
  • Vercel — Application hosting and infrastructure. Processes requests on our behalf as a data processor.

5. Plaid-Specific Disclosure

When you connect a bank account through Plaid, the following applies:

  • Data accessed: Account names, types, balances, masked account numbers (last 4 digits), and transaction history
  • How it's used: To display your account information, categorize transactions, calculate net worth, generate budgets, and power AI insights
  • Storage: Plaid access tokens are encrypted using AES-256-GCM with per-token random initialization vectors before storage. We never store full account numbers.
  • How to disconnect: You can disconnect any linked bank account at any time from the Accounts page in your dashboard. Disconnecting will revoke Plaid's access to your bank data and delete the associated accounts and transactions from our system.

6. Data Security

We implement industry-standard security measures to protect your information:

  • All Plaid access tokens are encrypted using AES-256-GCM with per-token random initialization vectors
  • All data is transmitted over TLS (HTTPS)
  • We never store full account numbers — only masked values (last 4 digits)
  • Payment card data is handled entirely by Stripe (PCI DSS Level 1 certified) and never touches our servers
  • Authentication is managed by Clerk with support for multi-factor authentication
  • Database access is restricted and all queries are parameterized to prevent injection attacks
  • All API endpoints require authentication and are rate-limited

7. Data Retention & Deletion

We retain your data for as long as your account is active. When you delete your account:

  • All your personal and financial data is permanently deleted within 30 days
  • Connected bank accounts are disconnected (Plaid items removed)
  • Active subscriptions are cancelled
  • Data that is required to be retained by law (e.g., billing records for tax purposes) may be retained in anonymized form for the legally required period

8. Your Privacy Rights

a. GLBA Rights

Under the Gramm-Leach-Bliley Act, you have the right to opt out of certain sharing of your nonpublic personal information with nonaffiliated third parties. We do not share your NPI with nonaffiliated third parties for marketing purposes, so no opt-out is required. We only share data with service providers as described in Section 4.

b. CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request deletion of your personal information
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. See Section 11.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@nyxfinance.app or use the Privacy & Data section in your account Settings.

9. Household Data Sharing

NYX Finance allows you to share financial data with other users through the Household feature. When you join a household:

  • You must provide explicit consent before your financial data is shared with other household members
  • Shared data includes accounts, transactions, budgets, and net worth information
  • You can leave a household at any time to immediately revoke data access
  • Only users you have explicitly authorized can view your financial data

10. Children's Privacy

NYX Finance is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a user under 18, we will promptly delete that information. If you believe a child under 18 has provided us with personal information, please contact us at privacy@nyxfinance.app.

11. Do Not Sell or Share My Personal Information

NYX Finance does not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. We do not use your financial data for any purpose other than providing and improving the Service as described in this policy.

If you have questions about our data practices or wish to submit a request, contact us at privacy@nyxfinance.app.

12. Cookies & Tracking

We use essential cookies for authentication and session management through Clerk. These cookies are strictly necessary for the Service to function and cannot be disabled.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track you across other websites. We do not participate in ad networks or sell data to advertisers.

13. State-Specific Privacy Rights

In addition to the CCPA/CPRA rights described in Section 8, residents of the following states have additional privacy rights:

  • Virginia (VCDPA): Right to access, correct, delete, and obtain a copy of your personal data; right to opt out of targeted advertising and sale of personal data
  • Colorado (CPA): Right to access, correct, delete, and obtain a portable copy of your personal data; right to opt out of targeted advertising and sale of personal data
  • Utah (UCPA): Right to access and delete your personal data; right to opt out of targeted advertising and sale of personal data
  • Connecticut (CTDPA): Right to access, correct, delete, and obtain a copy of your personal data; right to opt out of targeted advertising and sale of personal data

To exercise any of these rights, contact us at privacy@nyxfinance.app or use the Privacy & Data section in your account Settings.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through a prominent notice in the application. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.

15. Contact Information

If you have questions about this privacy policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

  • Email: privacy@nyxfinance.app
  • For CCPA requests: privacy@nyxfinance.app with subject line "CCPA Request"

We will respond to all verified privacy rights requests within 45 days, as required by applicable law.