Privacy policy

Effective Date: June 25, 2025

Eira Inc. (“Eira,” “we,” “us,” or “our”) is dedicated to safeguarding your privacy. This Privacy Policy explains how we collect, use, share, store, and protectyour personal information when you use the Eira mobile application (“App”) andrelated services. The App is an iOS tool designed for U.S. residents to managepersonal finances, set savings goals, track financial habits, and engage withan AI chatbot for personalized financial insights.

By downloading, installing, accessing, or using the App, you agree to this PrivacyPolicy and our Terms and Conditions. If you do not agree with this PrivacyPolicy, please refrain from using the App.

This Privacy Policy complies with the California Consumer Privacy Act (CCPA) andother applicable U.S. federal and state data protection laws. The App is intended exclusively for U.S. residents and does not claim compliance with non-U.S. laws, such as the General Data Protection Regulation (GDPR) or UKGDPR.

1. Information We Collect

We collect personal information to deliver the App’s core features, such astracking savings goals, analyzing spending patterns, automating savingscontributions, and providing AI chatbot responses. Below, we describe the typesof personal information we collect, how we collect it, and why.

1.1 Types of Personal Information

We collect the following categories of personal information, as defined under CCPA(§ 1798.140(o)):

  • Identifiers:  This includes your name, email address, and device ID. We collect your name and email when you sign up via Apple, Google, or email authentication. The device ID is a unique identifier generated by your iOS     device to link your data across sessions.
  • Financial Information: This includes bank account numbers, transaction details (such as date, amount, and merchant), and account balances. These are retrieved from your linked bank accounts to support spending analysis and savings automation.
  • Commercial Information: This includes your subscription plan, payment method details, and billing history. We collect this to manage your subscription and process payments through the Apple App Store.
  • User-Generated Information: This includes data you manually input, such as financial goals (e.g., target amounts and timelines for savings), financial habits (e.g., saving frequency or avoiding overspending), budgets, income settings, and your interactions with the AI chatbot (e.g., questions asked and responses provided).
  • Internet or Network Activity: This includes session-level data, such as time spent on specific features, navigation patterns, and App usage metrics. These are collected to ensure smooth functionality and improve the user experience.
  • Device Information: This includes your iOS version, device model, and unique device identifiers. We collect this to ensure compatibility, personalize settings, and enhance security.
  • Inferences:     We generate insights from your data, such as spending trends or progress     toward savings goals. These help us provide tailored recommendations and     enhance AI chatbot responses.
  • Geolocation Data: We do not collect precise or approximate location data.

1.2 How We Collect Information

We collect personal information in the following ways:

  • Directly from You: You provide information when you sign up for an account, input financial goals, set budgets, track habits, or ask questions via the AI  chatbot.
  • Automatically: We collect data through your device, such as device ID and session-level     data, as you interact with the App. Transaction data is automatically retrieved from linked bank accounts to support financial features.
  • From Third Parties: We receive limited data from Apple or Google during authentication (e.g., your name and email) and from Plaid when you link bank accounts (e.g., transaction details). We do not collect data from     other third parties, such as data brokers or marketing partners.
  • Local Storage: The App stores certain data, such as user preferences and goal settings, locally on your iOS device to enable offline access and  personalization.

1.3 No Collection of Sensitive Data

We do not collect sensitive information beyond what is necessary for the App’sfunctionality. This means we do not collect Social Security numbers, driver’slicense numbers, precise geolocation data, biometric data, genetic data, or informationabout race, ethnicity, religion, or sexual orientation.

2. How We Use Your Information

We use your personal information to deliver the App’s services, enhance yourexperience, and comply with legal obligations. Below, we explain how eachcategory of information is used.

2.1 Purposes of Use

  • Identifiers: We use your name, email, and device ID to create and manage your account, authenticate your identity during sign-in, personalize your experience (e.g., displaying your name in the App), link data across sessions and  devices, and respond to support or privacy requests.
  • Financial Information: We use bank account numbers, transaction details, and balances to analyze your spending patterns, automate savings contributions  (e.g., Auto Top-Up), track progress toward financial goals, and provide AI chatbot responses about your financial activity.
  • Commercial Information: We use subscription plans, payment method details, and billing history to process payments, manage renewals, maintain your account status, and prevent fraudulent transactions.
  • User-Generated Information: We use financial goals, habits, budgets, income settings, and AI chatbot interactions to enable goal creation, habit tracking, budgeting, and personalized chatbot responses. This data powers the App’s core functionality and helps you visualize your financial progress.
  • Internet or Network Activity: We use session-level data and usage metrics to  optimize App performance (e.g., reducing load times), troubleshoot technical issues, and conduct internal analytics to improve features and user experience.
  • Device Information: We use iOS version, device model, and identifiers to ensure the App is compatible with your device, personalize settings (e.g., theme preferences), and enhance security by detecting unauthorized access.
  • Inferences:  We use derived insights, such as spending trends or savings progress, to  provide tailored recommendations, enhance AI chatbot responses, and improve user engagement with relevant features.

2.2 Additional Uses

We also use your information for the following purposes:

  • Security and Fraud Prevention: To detect and prevent unauthorized access, fraud, or abuse of the App, such as identifying suspicious account activity.
  • Legal Compliance: To comply with applicable laws, including CCPA, tax regulations, financial reporting requirements, or court orders.
  • Internal Business Purposes: To develop new features, conduct research, or analyze aggregated trends using anonymized data, ensuring no identifiable information is used.
  • Customer Support: To respond to your inquiries, troubleshoot technical issues, or process CCPA requests efficiently.

2.3 No Marketing Use

We do not use your personal information for direct marketing, advertising, orprofiling for commercial purposes. All data processing is strictly tied to theApp’s functionality and your user experience, ensuring your information is usedonly to support your financial goals.

3. How We Share Your Information

We do not sell your personal information, as defined under CCPA (§ 1798.140(t)), andwe do not share it for purposes unrelated to the App’s services. Below, wedescribe the limited scenarios in which we share your information.

3.1 Third-Party Service Providers

We share personal information with trusted service providers to operate the App.These providers are contractually obligated to protect your data and use itonly for the purposes we specify. The service providers and their roles are asfollows:

  • Plaid: Plaid enables secure connection to your bank accounts to retrieve transaction     data, such as account numbers, transaction details, and balances. This     supports spending analysis and savings automation. Plaid’s privacy practices are governed by its policy at https://plaid.com/legal.
  • Amazon Web Services (AWS): AWS hosts and stores all App data on secure U.S.-based servers. This includes all categories of personal information collected. AWS’s security policies are available at https://aws.amazon.com/compliance.
  • Apple: Apple authenticates users and processes subscription payments. We share  your name, email, and payment details with Apple for these purposes. Apple’s privacy policy applies, available at https://www.apple.com/legal.
  • Google: Google authenticates users for sign-in. We share your name and email with Google during authentication. Google’s privacy policy applies, available at https://policies.google.com.

3.2 Aggregated and Anonymized Data

We may create aggregated or anonymized datasets, such as average savings rates byage group, for internal business purposes like improving the App or conductingmarket research. These datasets cannot be used to identify you and are notconsidered personal information under CCPA. We do not share aggregated datawith third parties, except in anonymized form for research or industry reports,if applicable.

3.3 Legal and Safety Disclosures

We may disclose your personal information in specific circumstances:

  • Legal Obligations: To comply with applicable laws, regulations, or legal processes, such as responding to subpoenas, court orders, or tax audits.
  • Safety and Rights: To protect the rights, property, or safety of Eira, our users, or the public, such as investigating fraud or responding to security threats.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to a successor entity, provided they maintain equivalent privacy protections.

3.4 No Third-Party Analytics

We do not use third-party analytics services, such as Google Analytics orMixpanel. All analytics are performed by Eira’s proprietary backend, ensuringyour data remains under our control and minimizing external exposure.

3.5 No Sale of Personal Information

We do not sell your personal information to third parties for monetary or othervaluable consideration. We do not engage in data monetization practices, suchas sharing data for advertising or marketing. For transparency, we provide a“Do Not Sell My Personal Information” link in the App and on our website, eventhough this right does not apply.

4. Your Privacy Rights Under CCPA

If you are a California resident, the CCPA grants you specific rights regardingyour personal information. Residents of other states with similar privacy laws,such as Virginia or Colorado, may have comparable rights, which we will honorto the extent required.

4.1 Your Rights

You have the following rights under CCPA:

  • Right to Know: You may request, up to twice per 12-month period, a disclosure of the categories of personal information we collect, the sources of collection, the business purposes for collection, the categories of third     parties with whom we share data, and the specific pieces of personal information we hold about you.
  • Right to Delete: You may request deletion of your personal information. This right is subject to exceptions, such as data needed to complete transactions, comply with legal obligations, or protect against fraud.
  • Right to Opt-Out of Sale: You may opt out of the sale of your personal  information. Since we do not sell personal information, this right does not apply, but we provide a “Do Not Sell My Personal Information” link for     transparency.
  • Right  to Non-Discrimination: We will not discriminate against you for exercising  your CCPA rights. This means we will not deny services, charge different prices, or reduce service quality based on your privacy choices.

4.2 How to Submit a Request

To exercise your CCPA rights, you can submit a request through the following methods:

  • In-App: Navigate to Settings > Privacy > Submit CCPA Request in the App.
  • Email: Send a request to privacy@eira.co (mailto:privacy@eira.co) with your name,     email, and details of your request.

We will verify your identity by matching your email address, device ID, or otheraccount details. For requests for specific pieces of information, we mayrequire additional verification, such as a signed declaration. We will acknowledgeyour request within 10 business days and provide a substantive response within45 days, extendable by an additional 45 days for complex requests. If we cannotverify your identity, we will deny the request and explain the reason.

Requestsare free of charge, but we may impose a reasonable fee or deny requests if theyare excessive, repetitive, or manifestly unfounded, as permitted by CCPA (§1798.145(h)).

4.3 Authorized Agents

You may designate an authorized agent to submit CCPA requests on your behalf. Theagent must provide proof of authorization, such as a signed letter from you,and verify their own identity. We may contact you directly to confirm theagent’s authority.

4.4 Right to Know Disclosures

In the past 12 months, we have:

  • Collected: Identifiers, Financial Information, Commercial Information, User-Generated Information, Internet or Network Activity, Device Information, and Inferences.
  • Shared for Business Purposes: Identifiers, Financial Information, Commercial     Information, and User-Generated Information with Plaid, AWS, Apple, and     Google for operational purposes.
  • Sold: No personal information.

4.5 Accessibility

We provide this Privacy Policy in a machine-readable format and ensure it isaccessible to users with disabilities, in compliance with CCPA and the Americanswith Disabilities Act (ADA). If you need an alternative format, contact us atsupport@eira.co (mailto:support@eira.co).

5. Data Storage and Security

We implement robust measures to protect your personal information from unauthorizedaccess, loss, or misuse.

5.1 Storage

All data is stored on Amazon Web Services (AWS) servers located in U.S. regions,such as us-east-1 or us-west-2, to comply with U.S. data residencyrequirements. Certain data, such as user preferences and goal settings, isstored locally on your iOS device to enable offline access and personalization.Locally stored data is encrypted and accessible only by the App.

5.2 Security Measures

We employ industry-standard security practices, including:

  • Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3 to prevent unauthorized access.
  • Access Controls: We use role-based access controls (RBAC) to limit data access to authorized personnel. Access is logged and audited regularly to ensure  accountability.
  • Security Program: Our comprehensive security program includes regular vulnerability  assessments, penetration testing, employee training on data protection, and incident response protocols to address potential breaches.
  • No Third-Party Analytics: All analytics are performed by Eira’s proprietary backend, reducing external data exposure and enhancing privacy.
  • Bank Data Security: Plaid uses bank-grade security to protect your financial information, and we do not store your bank login credentials.

5.3 Data Breach Notification

In the unlikely event of a data breach, we will notify affected users and relevantauthorities, such as the California Attorney General, within 72 hours, asrequired by applicable law. We will provide details about the breach, its impact,and mitigation steps, and take prompt action to secure affected systems andprevent further harm.

6. Third-Party Services

The App integrates with third-party services to provide its functionality. Theseservices may collect or process your personal information, subject to their ownprivacy policies.

6.1 Third-Party Services Used

  • Plaid: Plaid connects to your bank accounts to retrieve financial information, such as account numbers, transaction details, and balances. This enables spending analysis and savings automation. Plaid’s privacy policy is available at https://plaid.com/legal.
  • Amazon Web Services (AWS): AWS hosts and stores all App data on secure U.S.-based  servers. This includes all categories of personal information collected. AWS’s security policies are available at https://aws.amazon.com/compliance.
  • Apple: Apple authenticates users and processes subscription payments. We share your name, email, and payment details with Apple for these purposes. Apple’s privacy policy is available at https://www.apple.com/legal.
  • Google: Google authenticates users for sign-in. We share your name and email with Google during authentication. Google’s privacy policy is available at https://policies.google.com.

6.2 Limitations

We do not control third-party services and are not liable for their performance, security,or data practices. You assume the risk of using these services through the Appand agree to their respective terms and privacy policies. We have agreementswith these providers to ensure they protect your data and comply with applicablelaws, including CCPA.

6.3 No Other Third Parties

We do not share your data with other third parties, such as advertisers, databrokers, or marketing partners, ensuring your information remains secure andprivate.

7. Data Retention

Weretain your personal information only as long as necessary to provide the App’sservices, fulfill legal obligations, or resolve disputes.

7.1 Retention Periods

For active accounts, we retain your data to support App functionality, such astracking goals and providing chatbot responses. If your account is inactive for12 months, we may delete or anonymize your data, except as required for legalpurposes, such as tax records. Upon your request to delete your account orexercise your CCPA right to delete, we will delete or anonymize your datawithin 30 days, subject to exceptions outlined below. Data in our backups maybe retained for up to 90 days before permanent deletion. Backup data isencrypted and inaccessible except for recovery purposes.

7.2 Exceptions

We may retain certain data beyond the above periods if required to comply withlegal obligations, such as tax audits or financial regulations, resolvedisputes, enforce our Terms and Conditions, or protect against fraud orsecurity threats.

8. Children’s Privacy

The App is not intended for users under 18, and we do not knowingly collectpersonal information from children under 16. If we learn that a child under 16has provided personal information, we will delete the information immediately,terminate the associated account, and notify the parent or guardian, ifidentifiable. If you are a parent or guardian and believe your child hasprovided data to the App, contact us at privacy@eira.co.

9. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our data practices, theApp’s features, or legal requirements.

9.1 Notification

For material changes, such as new data collection practices, we will notify you atleast 30 days in advance through in-App notifications, email (if provided). For minor changes, such as clarifications or formatting updates, we will post theupdated policy without advance notice.

9.2 Acceptance

Your continued use of the App after the effective date of the updated Privacy Policyconstitutes acceptance of the changes. If you do not agree, you must stop usingthe App and delete your account.

10. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Eira Co.
Email: privacy@eira.co (for privacy/CCPA requests) or support@eira.co (for general inquiries)
Website: https://eira.co
Address: 12 East 86th St, New York, NY, USA
Phone: (267) 597-6664 EIRA (available Monday–Friday, 9:00 AM–5:00 PM EST)

 

Last updated: 20 June, 2025