Privacy Policy

Last updated: 20 June 2026

Who we are

Harvey is the data controller for the personal data described here. Contact: privacy@harveymoney.app.

What we collect

• Account data: name, email, authentication identifiers.
• Financial data: transactions, balances, and categories retrieved from your linked bank accounts via Plaid.
• Usage data: chat messages with Harvey AI, goals, and recurring bills you create.
• Technical data: IP address, browser, device — used for security and analytics.

How we use it

• To provide the Harvey service (legitimate interest / contract).
• To generate AI insights and answer your questions (contract).
• To process payments via Stripe (contract).
• To improve and secure the service (legitimate interest).

Who we share with

• Plaid — connects to your bank. We never see your banking credentials.
• Stripe — processes subscription payments. We never see your full card number.
• Supabase — securely hosts your data.
• AI providers (Google, OpenAI via Lovable AI Gateway) — process anonymised summaries to generate insights and chat responses.

How long we keep it

As long as your account is active, plus up to 7 years for financial records where required by US tax and recordkeeping rules. You can delete your account at any time.

Your rights

You have the right to access, correct, delete, or export your data, and to object to processing. California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information (Harvey does not sell your data). Email privacy@harveymoney.app to exercise any of these rights.

Security

Data is encrypted in transit (TLS) and at rest. Access is restricted via Row-Level Security so only you can see your data.

Cookies

We use essential cookies to keep you signed in. Optional analytics cookies are only set with your consent.