Privacy Policy

Last updated: April 18, 2026

Cinderfi is built around a simple principle: your financial data is yours.

How Cinderfi Works

You can use Cinderfi without an account. When used anonymously, all data stays in your browser — nothing is sent to our servers. If you create an account, your plan data is synced to a secure database so you can access it across devices.

What We Collect

Anonymous users: No personal data. All financial inputs are stored locally in your browser using localStorage and IndexedDB.

Signed-in users: We store your email address, plan inputs (income, balances, assumptions), budget data, transaction history, scenarios, and score history. This data is stored in a secure, encrypted database hosted in Canada (ca-central-1).

We never collect: social insurance or social security numbers, bank login credentials, full account or routing numbers, or government-issued identification.

Bank Connections (Plaid)

Pro users can connect bank accounts through Plaid to automatically import account balances and transactions. When you use this feature:

Your bank credentials are entered directly into Plaid's secure widget — Cinderfi never sees or stores your bank login
Plaid provides us with account names, balances, and transaction history
Connection tokens are encrypted with AES-256-GCM before storage and are only accessible by our server-side functions
You can disconnect any institution at any time, which immediately revokes access and deletes the encrypted token

Plaid's privacy practices are described in their End User Privacy Policy.

Encryption & Security

All data in transit is encrypted via TLS (HTTPS)
Database storage is encrypted at rest
Plaid access tokens are additionally encrypted at the application level using AES-256-GCM with a dedicated encryption key
Row Level Security (RLS) ensures users can only access their own data
Sensitive operations (token exchange, balance fetching) run in server-side edge functions — never in the browser

Analytics & Advertising

We use the following tools to measure how people find and use Cinderfi so we can improve the product and reach new users. None of these tools ever receive your financial inputs, plan numbers, account balances, or transactions — only anonymized interaction data (page views, button clicks, signups, purchases).

Google Analytics 4 — measures site and app usage (page views, signups, feature engagement, purchases). Uses first-party cookies to distinguish visitors. If you're signed in, we associate a hashed user ID so cross-device usage can be stitched together. Google Analytics 4 provides data controls including opt-out, and we do not enable Google Signals or advertising features inside GA4 itself.

Google Tag Manager + Server-side Tag Manager — we operate our own tagging server at metrics.cinderfi.com (hosted on Railway) which receives measurement events first-party and forwards them to our analytics and ad-measurement providers. This keeps your browsing data inside our own domain rather than third-party domains, and lets us strip or redact fields before forwarding.

Reddit Conversions API — for signups and purchases that originate from Reddit Ads, we send the conversion event server-to-server from our tagging server or from Stripe's webhook (not from your browser). We send a SHA-256 hash of your email and the event type ("SignUp", "Purchase", etc.) so Reddit can attribute the conversion. The raw email is never sent, and no financial details are ever included.

Google Ads measurement — for visitors who arrive from a Google Ads click, we send the conversion event (signup, purchase) so Google Ads can measure campaign effectiveness. Same principle: hashed identifiers, no financial data.

Opting out of advertising cookies. If you don't want Google or Reddit to receive advertising-measurement data from your visit:

Install any tracker-blocker (uBlock Origin, Privacy Badger) — our tagging server respects blocked requests
Use a privacy-focused browser (Brave, Safari with ITP, Firefox with Enhanced Tracking Protection)
Disable advertising cookies via Google Ad Settings and Reddit privacy settings

Third-Party Services

Supabase — provides authentication and database hosting (ca-central-1, Canada). Data is encrypted at rest. See their privacy policy.
Plaid — connects bank accounts for balance and transaction import (Pro feature). See their privacy policy.
Stripe — processes subscription payments. We do not store your payment card details. See their privacy policy.
Vercel — hosts the app. Standard server logs (IP address, user agent) are collected and automatically deleted per their privacy policy.
Railway — hosts our analytics tagging server at metrics.cinderfi.com. See their privacy policy.
Google (Analytics, Tag Manager, Ads) — site measurement and ad attribution. See Google's privacy policy.
Reddit (Pixel, Conversions API) — ad attribution for Reddit campaigns. See Reddit's privacy policy.

Data Deletion

Anonymous users: Clear your browser's site data for cinderfi.com, or use the "Clear browsing data" feature.

Signed-in users: You can delete your account and all associated data at any time from Settings. This immediately and permanently removes:

Your plan, scenarios, budget, transactions, and score history
All Plaid connections (tokens are revoked and deleted)
Your authentication record and profile

You can also disconnect individual bank connections or clear transaction history without deleting your account.

To request deletion by email, contact info@cinderfi.com. Requests are processed within 30 days.

Data Retention

We retain your data only for as long as your account is active. When you delete your account, all data is permanently removed. We do not retain backups of individual user data beyond standard database backup windows (up to 7 days), after which deleted data is irrecoverable.

Changes

If this policy changes materially, we'll notify signed-in users by email and update the date at the top. The current policy is always available at this URL.

Contact

Questions about this policy or your data? Reach us at info@cinderfi.com.