Skip to main content
Basis

Basis Financial

Privacy Policy

What Basis stores, how product data is used, and how account-level data controls work.

1. Information We Collect

We collect information you provide directly when using Basis Financial:

  • Account Information: Email address, authentication credentials handled through Supabase, profile details, newsletter preference, age/region eligibility attestation, account status, and support or privacy-request communications. Basis does not collect date of birth for the eligibility attestation.
  • Financial Inputs: Data you enter into our calculators and planning tools, including income, expenses, loan terms, home prices, savings, and planner goals. This data is used solely to run your calculations and saved workflows.
  • Connected Account Data: If you choose to connect accounts through Plaid, we may receive account names, account identifiers, balances, transactions, merchant names, descriptions, categories, institution metadata, Plaid Item/sync metadata, and connection status for budgeting, planning, analytics, and user-requested financial modeling features.
  • Billing Information: If you subscribe to a paid plan, Stripe processes payment details. Basis stores billing status and Stripe customer/subscription identifiers, not card numbers.
  • Reviewed Transcript Inputs: If transcript intake is enabled, text you explicitly submit from a speech tool or manual transcript may be used to draft a reviewed action preview. Basis does not store raw audio. Raw transcript text is not persisted by default; the resulting confirmed action record and hashed audit metadata may be stored.
  • Career Scenario Inputs: Salary, offer details, benefits, health premiums, location, employer stage, equity assumptions, household size, household income, savings, relocation, occupation, industry, and scenario-comparison data you choose to enter or save.
  • Assessment Responses: Answers to our behavioral risk assessment questionnaire, used to personalize your experience.
  • Limited Product Analytics: Page views, feature usage, errors, performance metadata, and similar operational events that help us operate and improve the product without collecting raw connected-account financial content.

Basis treats connected-account data, financial inputs, behavioral assessment responses, reviewed transcript text, and career-compensation information as sensitive product data. We use this data only to provide, secure, support, maintain, and improve Basis as described in this Policy.

2. Connected Accounts and Plaid

Connecting financial accounts is optional and user-initiated. If you choose to connect an account, Basis uses Plaid to let you authorize read-only access to account data for connected-account budgeting, planning, analytics, and financial modeling features you request.

Basis does not receive or store your financial institution login credentials. Depending on the accounts and Plaid products you authorize, Basis may receive account names, account identifiers, balances, transactions, merchant names, descriptions, categories, institution metadata, Plaid Item/sync metadata, and connection status.

Plaid is a third-party service and its handling of data is governed by Plaid's policies, including the Plaid legal and privacy policies. You should review Plaid's policies before connecting an account.

You may disconnect a Plaid connection or delete your Basis account. Disconnecting revokes Basis's Plaid access, deletes the encrypted connection credential, and stops future syncs, but historical local budgeting records remain by default so your budget history does not disappear. You may also choose to disconnect and delete local history for a Plaid connection, which deletes local Basis accounts, transactions, investment rows, and liability rows tied to that connection after Plaid access is revoked. Full account deletion revokes active Plaid Items before local connected-account records are deleted when revocation can be completed. You can also use Plaid's consumer portal or contact us for questions about additional vendor-side data controls.

3. How We Use Your Information

  • To provide, operate, secure, and improve our financial modeling tools.
  • To save your scenarios, budgets, and planner goals when you are signed in.
  • To power connected-account budgeting, planning, analytics, and user-requested financial modeling when you choose to connect accounts.
  • To structure reviewed transcript text into draft-only action previews when you explicitly submit the transcript.
  • To run career-transition, benefits, cost-of-living, liquidity, and scenario-comparison simulations you request.
  • To personalize product context based on your risk profile and preferences.
  • To send transactional account, security, billing, support, and service emails.
  • To send product updates or newsletters if you have opted in.
  • To respond to support, privacy, billing, accessibility, and security requests.

We do not sell your personal data. We do not sell, rent, license, or share your financial data with third parties for advertising, marketing, data brokerage, or cross-customer model-training purposes.

4. Data Retention

We retain personal data only for as long as reasonably necessary to provide the Services, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, and maintain security.

Saved scenarios, planner goals, budgeting records, connected-account records, assessment responses, and career scenario data are retained while your account remains active unless you delete them or request deletion. Plaid access tokens are deleted when you disconnect the relevant account or delete your Basis account, subject to technical and legal limitations. Plaid-derived local history remains after ordinary disconnect unless you choose the separate disconnect-and-delete-local-history option or delete your Basis account.

Billing and transaction records may be retained as required for tax, accounting, fraud-prevention, and compliance purposes. Support records, security logs, privacy-request records, and backup copies may remain for a limited period before being deleted or overwritten.

5. Analytics and Model/Data Use

Basis does not use user personal data, Plaid data, transaction data, balances, merchant names, financial inputs, behavioral assessment responses, transcripts, or chat content to train AI models or cross-customer machine-learning models.

Basis may use your own data to provide budgeting, planning, analytics, modeling, chat, and account-management features to you. For example, your connected account data may be used to categorize your transactions, show budget activity, and model scenarios you request.

Basis may use limited product analytics such as page views, feature usage, errors, and performance metadata. Product analytics must not include raw connected-account data, account identifiers, transaction descriptions, merchant names, balances, Plaid access tokens, or full financial inputs.

Model improvements may use synthetic data, test fixtures, public or non-user data, or manually reviewed internal examples. Basis does not use customer financial data for AI training or cross-customer model training.

6. AI Feature Processing

Basis uses Anthropic business/API services to generate AI responses for chat, budgeting support, guide chat, scenario analysis, and Career Transition assumption-assistant features. These AI features are optional; you can avoid them by not using chat, guide, assumption-assistant, or transcript-draft features.

When you use AI features, relevant prompts, selected variable keys, minimal location/occupation/industry context, model inputs, scenario results, chat history, and the subset of Plaid-derived budgeting context reasonably necessary for the requested response may be sent to Anthropic to generate the response. Career assumption research does not require sending your full saved scenario when only one variable is being reviewed.

Basis does not use AI feature content to train AI models or cross-customer models. We configure AI providers, where available under the applicable business/API service, to limit use of submitted personal data to providing and securing the requested AI response. Provider retention, abuse monitoring, and other processing may depend on the API feature and service configuration. Anthropic describes API data handling in its API and data-retention documentation.

You should avoid entering information in AI chat that you do not want processed by the AI feature.

7. Data Security

We take the security of your data seriously. Your account is managed through Supabase with industry-standard authentication practices. All data is transmitted over encrypted connections (HTTPS/TLS). Financial inputs used in calculations are processed in real time and stored only if you explicitly save a scenario or plan. Plaid access tokens are stored server-side only and encrypted before storage. Connected account, balance, and transaction data is stored in Supabase behind user-level access controls so it can power budgeting and planning features. If you save scenarios while signed out, those saved scenarios are stored in your browser storage on that device and are separate from account-based cloud data. Deleting your account removes account-based data but does not automatically clear browser storage on devices where you saved local scenarios.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. We regularly review our security practices and infrastructure.

8. Third-Party Services

Basis Financial uses the following third-party services to operate:

  • Supabase: Authentication and data storage. Supabase's privacy policy is available at supabase.com/privacy.
  • Plaid: Optional bank account connection, balance, account, and transaction data sync when you choose to connect an account. Plaid's own privacy and legal terms are available at plaid.com/legal.
  • Stripe: Hosted checkout, billing portal, and subscription status management. Basis does not handle raw card data.
  • Anthropic Claude: AI-powered chat, budgeting support, guide chat, scenario-analysis, and Career Transition assumption-assistant features, as described above.
  • OpenWhispr: Optional transcript provider for reviewed speech-to-text processing when transcript intake is enabled. OpenWhispr does not receive Basis account credentials or permission to apply planner or budgeting actions.
  • Brevo: SMTP and transactional email delivery, and newsletter delivery if you subscribe. Basis syncs newsletter unsubscribe requests to Brevo and stores suppression metadata so your account is not automatically re-subscribed. Brevo's privacy policy is available at brevo.com/legal/privacypolicy.
  • PostHog: Product analytics and feature flagging when enabled. Product analytics must not include raw connected-account financial content.
  • Sentry: Error monitoring and performance diagnostics. Basis configures Sentry to reduce or remove sensitive personal, financial, Plaid, Supabase, Stripe, transcript, and AI-content data before events are sent, and does not enable Session Replay by default.

Each third-party service operates under its own privacy policy. We share only the information reasonably necessary for each service to function.

Cloud speech-to-text is disabled by default. If cloud transcription is introduced later, Basis will require separate consent and disclose whether audio leaves your device before that provider is used.

9. Legal, Safety, and Business Transfers

We may disclose information if we believe it is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request; protect the rights, property, or safety of Basis, our users, or others; detect, prevent, or address fraud, security, or technical issues; or enforce our terms and policies.

If Basis is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to this Privacy Policy or a policy that provides materially similar protections unless users are notified otherwise.

10. International Data Transfers

Basis and its service providers may process and store information in the United States and other countries where our providers operate. These countries may have data-protection laws different from those where you live.

11. Your Privacy Rights

Depending on where you live, you may have the right to access, correct, delete, or export personal data; opt out of certain processing; limit certain uses of sensitive personal information; or appeal a decision we make about your request. We will not discriminate against you for exercising privacy rights.

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your account and associated Basis-controlled data, including local connected-account records after active Plaid access is revoked.
  • Export your saved scenarios, financial plans, budgeting data, and safe Plaid-derived records, excluding encrypted connection credentials.
  • Opt out of marketing communications at any time.

To protect your account, we may need to verify your identity before fulfilling a request. If permitted by applicable law, you may use an authorized agent, and we may request proof that the agent is allowed to act for you.

Some data may be retained where necessary for security, fraud prevention, legal compliance, accounting, dispute resolution, or backup integrity. Deleting your Basis account deletes Basis-controlled account data, but it may not delete data held by third parties under their own policies or data stored locally in your browser.

To exercise any of these rights, contact us at privacy@basis-financial.com.

12. Cookies and Analytics

We use essential cookies to keep you signed in and remember your preferences. We may use limited product analytics to understand how our tools are used, diagnose errors, and improve performance. Analytics must not include raw connected-account data, account identifiers, transaction descriptions, merchant names, balances, Plaid access tokens, or full financial inputs. We do not use advertising cookies or tracking pixels.

13. Children's Privacy

Basis is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child has provided us information, contact us at privacy@basis-financial.com.

14. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will provide notice as required by law. Where required, we will obtain your consent before applying material changes to previously collected personal data. For ordinary updates, the updated policy applies after the effective date posted on this page.

15. Contact Us

If you have questions about this privacy policy or your data, contact us at privacy@basis-financial.com.

Last updated: June 3, 2026