Privacy Policy — SLATE
SLATE Privacy Policy
Slate Technologies
Effective: March 21, 2026
1. Introduction
Slate Technologies ("SLATE," "we," "us," or "our") operates the SLATE iOS application — a personal finance app that helps users understand and pay off credit card debt. This Privacy Policy explains what personal and financial information we collect, how we use it, how we protect it, and the rights you have over your data.
By downloading or using SLATE, you agree to this Privacy Policy. If you do not agree, please do not use the app.
Contact: privacy@slateapp.com
Mailing address: Slate Technologies, Salt Lake City, UT
2. Information We Collect
2.1 Information You Provide
- Account information: Email address, password (stored as a hash — never in plaintext), and optionally your name.
- Onboarding responses: Your financial goals and intent (e.g., "pay off debt," "understand money") — used to personalize your experience.
- Manual entries: APR values you enter if your bank doesn't provide them automatically.
2.2 Financial Information (via Plaid)
SLATE uses Plaid Inc. to connect to your financial accounts. When you connect accounts, we receive and store:
- Bank and credit card account names and masked account numbers (last 4 digits only — we never receive or store your full account number)
- Current balances and credit limits
- Transaction history (merchant name, amount, date, category)
- Credit liability data (APR, minimum payment due, payment due date)
- Recurring transaction data (to detect subscriptions)
We never receive your bank username, password, or security questions. These credentials are entered directly in Plaid's secure interface and are never transmitted to SLATE's servers.
Read-only access only. SLATE cannot move money, make payments, or take any action on your accounts. Our Plaid integration is scoped to read-only data retrieval only.
2.3 Automatically Collected Information
- Usage data: Which app features you use, when you use them, and how often — used to improve the product. This data is anonymized (no PII) and stored only in our internal analytics system.
- Device information: App version, iOS version, and device model — used for debugging and crash resolution.
- Crash reports: Technical error logs sent to Apple's Xcode Organizer. These do not contain financial data.
- Push notification tokens: Your device's APNs token, used to deliver alerts and insights you have opted into.
2.4 AI Coaching Data
When you use the AI Coach feature, your messages and a summary of relevant account data are sent to the Anthropic API to generate responses. SLATE sends anonymized debt summaries — not raw transaction data or personal identifiers. Anthropic does not retain your data beyond the API call under their Zero Data Retention policy. We do not store your AI chat history beyond your active session unless you choose to view conversation history in the app.
3. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the SLATE service | Account data, financial data | Contract performance |
| Calculate debt payoff plans and interest | Balance, APR, transaction data | Contract performance |
| Generate AI behavioral insights | Anonymized spending summaries | Contract performance |
| Deliver push notifications you've opted into | Device token, notification content | Consent |
| Improve the app | Anonymized usage events | Legitimate interest |
| Comply with legal obligations | Account data (as required) | Legal obligation |
| Respond to support requests | Email, account data | Legitimate interest |
We do not use your data for advertising. We do not sell, rent, or share your personal or financial data with advertisers or data brokers. Ever.
4. How We Share Your Information
We share data only with the third-party vendors who operate our infrastructure, strictly for the purpose of providing the SLATE service:
| Vendor | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and backend hosting | All app data (encrypted at rest) |
| Plaid Inc. | Bank account connectivity | OAuth tokens; account access only |
| Anthropic | AI Coach responses | Anonymized debt summaries |
| RevenueCat | Subscription management | App Store receipt; anonymous user ID |
| Apple (APNs) | Push notification delivery | Device token; notification payload |
All vendors are bound by data processing agreements. None are permitted to use your data for purposes beyond their service function.
We do not share your data with any other third parties.
5. Data Retention
We retain your data only for as long as your account is active, plus a 30-day grace period following account deletion. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account and profile data | Active account + 30 days |
| Financial data (balances, transactions) | Active account + 30 days |
| Plaid access tokens | Until you disconnect the account |
| Anonymized analytics events | 24 months |
| Authentication logs | 12 months rolling |
| Edge Function / server logs | 7 days (no financial data in logs) |
| Automated database backups | 30-day rolling window |
When you delete your account, all personal and financial data is permanently and irreversibly deleted from our systems. Plaid access tokens are revoked via Plaid's API at the time of deletion. This process completes within 30 days of your request.
6. Your Rights
6.1 California Residents (CCPA/CPRA)
California residents have the following rights under the California Consumer Privacy Act:
- Right to Know: Request a disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information. We will delete your data within 45 days of a verified request.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out: We do not sell or share your personal information, so there is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
- Right to Data Portability: Request your data exported in JSON format.
To exercise your rights: Use Settings → Delete Account within the app, or email privacy@slateapp.com with subject "Privacy Request." We will acknowledge your request within 5 business days and complete it within 45 days.
6.2 All Users
Regardless of location, all SLATE users may:
- Delete their account and all associated data at any time via Settings → Delete Account
- Disconnect any linked bank account at any time via Settings → Connected Accounts
- Opt out of push notifications at any time via iOS Settings
- Request a copy of their data by emailing privacy@slateapp.com
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between the SLATE app and our servers uses TLS 1.2 or higher. Apple's App Transport Security (ATS) is enforced — no unencrypted HTTP connections are permitted.
- Encryption at rest: All data stored in our Supabase database is encrypted at rest using AES-256 (AWS EBS encryption).
- iOS Keychain: Session tokens are stored in the iOS Keychain with
kSecAttrAccessibleWhenUnlockedThisDeviceOnly— they are not backed up to iCloud and cannot be accessed without device authentication. - Row-Level Security: Our database enforces row-level security policies — no query can access data belonging to another user.
- Plaid credentials never touch our servers: Your bank credentials are entered directly in Plaid's secure interface. We receive only the access token Plaid issues, which is itself stored encrypted.
- Biometric lock: Optional Face ID / Touch ID app lock prevents unauthorized access if someone has physical access to your device.
No security system is perfect. If you believe your account has been compromised, contact us immediately at privacy@slateapp.com.
8. Children's Privacy
SLATE is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will immediately delete their account and all associated data. If you believe a child has created a SLATE account, contact us at privacy@slateapp.com.
9. Third-Party Links
SLATE may contain links to third-party websites or services (such as Plaid's terms). This Privacy Policy does not apply to those third-party services. We encourage you to review their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and notify you via push notification or email if the changes are material. Your continued use of SLATE after changes constitutes acceptance of the updated policy.
11. Contact Us
For any privacy questions, data requests, or concerns:
Email: privacy@slateapp.com
Subject line for deletion requests: "Data Deletion Request"
Subject line for data access requests: "Privacy Request"
Response time: 5 business days acknowledgment; 45 days fulfillment
Mailing address:
Slate Technologies
Salt Lake City, UT
This Privacy Policy was prepared to satisfy Apple App Store Guidelines §5.1, Plaid's Developer Agreement data requirements, and the California Consumer Privacy Act (CCPA).