Orbeva
Privacy Policy
Last updated: June 2026
⚠️ Draft for review. This describes Orbeva's actual data practices accurately, but you should have it reviewed by counsel before relying on it for production / Plaid's production application.
Orbeva ("we", "us") helps you understand your own money. This policy explains what we collect, why, and the choices you have.
What we access
- Account & balance data, transactions, and investment holdings from the financial institutions you choose to connect, via Plaid.
- Your email and password (passwords are stored only as a salted hash — we never see your actual password).
We connect to your banks in read-only mode. We never request, and cannot perform, money movement — no transfers, no trades, no payments.
How your data is protected
- Your Plaid access tokens — and sensitive financial fields — are encrypted at rest (AES-256-GCM, per-customer keys).
- Each customer's data is logically isolated. We do not commingle your data with other users' in any view.
- Traffic is served over HTTPS, with HTTP Strict Transport Security enforced.
How long we keep your data
- Account & financial data (transactions, balances, holdings): kept while your account is open, so your history and trends stay available. Deleted when you delete your account or disconnect the source bank.
- Sign-in sessions: expire 30 days after sign-in.
- One-time codes (SMS/email): expire within 5–10 minutes; sign-in links within 7 days.
- Tax documents you upload: only the most recent 20 are retained, encrypted at rest; you can delete any at any time.
- Operational logs are kept short-term for security and reliability and are redacted of personal identifiers.
- Backups held by our infrastructure providers roll off on their standard schedule (typically within ~30 days) after data is deleted from the live service.
How we use it
Solely to show you your own picture — net worth, cash flow, spending patterns, recurring charges, savings goals, and a weekly summary — and to operate and improve the service. We do not sell your data or share it for advertising.
Plaid
We use Plaid Inc. to connect to your bank. When you link an account, Plaid collects and processes your financial data and handles your bank credentials directly — Orbeva never sees them — in accordance with the Plaid End User Privacy Policy. By connecting a financial account through Orbeva, you consent to Plaid's collection and use of your information as described in the Plaid End User Privacy Policy.
Email
We send transactional email (sign-in links, invites) and, if enabled, your weekly brief, via our email provider. You can opt out of the weekly brief at any time.
Your choices
- Disconnect a bank anytime in the app — this revokes the Plaid connection and deletes the data sourced from it.
- Delete your account yourself, anytime, from Settings — this revokes every bank connection at Plaid and permanently erases all of your data from the live service (transactions, balances, holdings, tax documents, support history, sign-in identities). You can also email us to do it for you.
Security incidents
If we ever become aware of a breach affecting your personal data, we will notify affected users without undue delay and consistent with applicable law, describing what happened and the steps we are taking. Report a suspected vulnerability to security@orbeva.ai.
Not financial advice
Orbeva is decision-support and informational only. It is not investment, tax, or legal advice. Confirm important decisions with a qualified professional.
Contact
Questions or deletion requests: privacy@orbeva.ai.