This Privacy Policy explains how SummIt collects, uses, discloses, and protects information when you use the SummIt website, mobile apps, dashboard, API, and related services.
SummIt is a personal finance workspace. Because the service can contain sensitive financial information, this policy is written around the data the app actually handles: account login data, profile and onboarding details, manual finance records, connected bank data from Plaid, local preferences, and messages sent to the in-product assistant.
Information We Collect
Account information. When you create or sign in to an account, SummIt processes your email address, Firebase user identifier, display name, profile photo URL if available, and authentication session details.
Profile and onboarding information. You may provide your name, occupation, purpose for using SummIt, default currency, starter categories, starter budgets, and starter subscriptions.
Workspace information. The service stores the finance records you create or edit, including categories, budgets, income entries, expense entries, subscription names, subscription notes, amounts, currencies, dates, category rules, classifications, and related metadata.
Connected financial account information. If you choose to connect an account through Plaid, SummIt receives and stores information needed to power the connected-account features, such as institution name, account name, display name, account type and subtype, partial account mask, balances, transaction dates, amounts, currencies, merchant or counterparty names, descriptions, payment channel, Plaid personal finance categories, pending status, transaction identifiers, and related Plaid metadata. SummIt does not receive your bank login credentials through Plaid Link.
Assistant messages. If you use Samet, the in-product assistant, SummIt processes the messages you send and may send relevant workspace context to the assistant provider so the assistant can answer questions or perform the requested workspace action.
Device, usage, and technical information. SummIt and its service providers may process IP address, browser type, device type, operating system, app version, timestamps, request logs, error logs, and similar technical information needed to operate, secure, debug, and improve the service.
Local storage. The app stores necessary local preferences and session data, such as theme choice, selected workspace month, Firebase authentication persistence, and short-lived Plaid redirect state in browser session storage.
Sources Of Information
We collect information directly from you, from Firebase Authentication when you sign in, from Plaid and your financial institution when you authorize a bank connection, from your device or browser, and from service providers that help operate the service.
How We Use Information
Create, authenticate, maintain, and secure your account.
Provide the dashboard, charts, budgets, subscriptions, activity views, account settings, and related app features.
Sync connected bank transactions and balances, classify transactions, detect likely duplicates, and keep connected account status current.
Let Samet answer workspace questions and create, update, or delete records when you ask it to do so.
Save preferences such as theme, selected month, and default currency.
Respond to support, privacy, security, and legal requests.
Monitor, debug, secure, and improve the service.
Comply with law, enforce terms, prevent misuse, and protect rights, safety, and security.
Plaid And Connected Accounts
Connecting a financial account is optional. When you connect an account, Plaid collects information directly from you and your financial institution and shares authorized account and transaction data with SummIt so the service can display and classify it.
You can disconnect a Plaid connection in account settings. Disconnecting removes the local Plaid item, connected account records, Plaid transactions, and Plaid-created linked income or expense records associated with that connection. It does not automatically delete manual records you created separately.
Plaid's own privacy policy and end user terms also apply to Plaid's handling of your information.
AI Assistant
Samet is designed to help with your SummIt workspace. The assistant can receive your chat messages and relevant workspace data, and it can use app tools to create, update, or delete categories, incomes, expenses, and subscriptions when you request those changes.
Do not send passwords, bank credentials, government identifiers, health information, or other information that is not needed for the finance task. Assistant responses may be incomplete or incorrect, and you should review any change before relying on it.
How We Disclose Information
We disclose information to service providers that help us run SummIt, including authentication providers, database and hosting providers, bank-linking providers, AI providers, app platform providers, and image/logo providers. These providers may process information only as needed to provide their services to us, subject to their own contracts and policies.
We may disclose information if required by law, legal process, or a valid government request; to enforce our terms; to protect users, SummIt, or others; or as part of a merger, acquisition, financing, restructuring, or similar business transaction.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. If that changes, we will update this policy and provide any required choices.
Third-Party Services
SummIt relies on third-party services that may independently process information under their own policies. These may include Firebase or Google for authentication, Plaid for account linking and financial data access, OpenAI for assistant functionality, database and hosting providers, Expo or app platform services, and Logo.dev for optional brand or institution logos.
When a remote logo image is requested, the image provider may receive request metadata such as your IP address, browser or device information, and the requested image domain.
Retention
We keep account, profile, and workspace information for as long as your account is active or as long as needed to provide the service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and preserve backup integrity.
Plaid redirect state stored in browser session storage is intended to be short-lived and expires after about 30 minutes. Local preferences remain on your device until changed, cleared, or removed by the app or operating system.
Backups, logs, and records needed for security or legal reasons may remain for a limited period after deletion from active systems.
Your Choices And Rights
You can update profile details, default currency, manual records, categories, subscriptions, and connected-account display names in the app.
You can delete individual categories, incomes, expenses, and subscriptions where the app supports deletion.
You can disconnect a Plaid connection in account settings.
You can request access, correction, export, deletion, or other privacy rights by contacting us. We may need to verify your identity before completing a request.
Depending on where you live, you may have rights to know, access, correct, delete, port, restrict, or object to certain processing, and to avoid discrimination for exercising privacy rights.
Sensitive Information
Financial account information and transaction history can be sensitive. We use this information to provide the finance tracking features you request, maintain security, and comply with legal obligations. We do not use sensitive personal information to infer characteristics for unrelated advertising.
Security
SummIt uses technical and organizational measures intended to protect information, including authenticated API requests, Firebase token verification, access controls, encrypted storage of Plaid access tokens, and Plaid webhook signature verification.
No method of transmission or storage is completely secure. You are responsible for keeping your account credentials safe and for using trusted devices and networks.
Children
SummIt is not intended for anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided personal information to SummIt, contact us so we can review and delete it where appropriate.
International Use
SummIt is designed primarily for users in the United States and Canada. Information may be processed in the United States and in other locations where our service providers operate.
Changes To This Policy
We may update this Privacy Policy when our practices, services, or legal obligations change. The updated policy will be posted with a new updated date. If changes are material, we will provide additional notice where required.
Contact
For privacy requests or questions, contact us.