Privacy Policy

Project Millionaire is a single-user, owner-operated personal net-worth tracking application. The sole end-user is the developer and operator of the application. There is no public sign-up, no multi-tenant onboarding, and no third-party user base.

• Financial account data retrieved from Plaid: account names, balances, holdings, securities, and account metadata for accounts the operator has explicitly linked.
• Plaid-issued access tokens used to refresh that data on subsequent syncs.
• User-supplied entries (manual asset and liability rows added via the dashboard).

No personal contact data, browsing history, IP addresses, device fingerprints, or third-party analytics telemetry is collected.

Data is used solely for the operator's own net-worth calculation and historical trend analysis displayed within this application. It is not used for advertising, profiling, machine-learning training against third-party models, or any other purpose.

No data is sold, rented, or shared with marketers, advertisers, or analytics providers. Two service providers process data on behalf of the application:

• Plaid — the data source for financial accounts. See Plaid's privacy policy at plaid.com/legal.
• Neon — the managed Postgres provider where data is stored. See Neon's privacy policy at neon.tech/privacy-policy.

• Plaid access tokens are encrypted at rest before persistence using AES-128 (Fernet symmetric encryption). Encryption keys are stored in environment-only secrets and are never source-controlled or logged.
• All data in transit is encrypted with TLS 1.2 or higher (HTTPS to Plaid; TLS with SCRAM channel binding to the Postgres database).
• The application backend runs on Render with TLS-terminated edge; the Postgres database runs on Neon with full-disk encryption at rest and managed key rotation.
• Webhook events received from Plaid are JWT-signature verified against the request body hash before any state mutation.
• Multi-factor authentication is enabled on every administrative account that can access the data (GitHub, Render, Vercel, Neon, Plaid Dashboard).

Account balances, holdings, and historical snapshots are retained indefinitely to support the operator's own net-worth trend analysis — the application's primary purpose.

The application exposes an authenticated DELETE /api/plaid/items endpoint that immediately purges all linked Plaid items, encrypted access tokens, account records, holdings, and historical balance and holding snapshots. The shared securities catalog (containing no user-specific information) is preserved.

As both data subject and data controller, the operator can at any time access, export, correct, or delete all data stored by the application via direct database access and the deletion endpoint referenced above.

If the application's scope ever expands beyond single-user use, this policy will be revised before any third-party user is onboarded, and Plaid will be notified for re-review.

cajetanrodrigues88@gmail.com