Privacy policy.

When you create an account, we collect your email address and a password (hashed, never stored in plain text). We do not collect your name, address, phone number, or other personal identifiers unless you voluntarily provide them.

Arden uses a third party — Plaid Inc.— to gather your data from financial institutions. Connecting a bank or brokerage account is optional; if you choose to connect one, Plaid securely accesses your financial institution on our behalf. Through Plaid, we receive:

• Account information — account names, types (checking, savings, credit card, brokerage, retirement), and current balances
• Transaction history — dates, payees, amounts, and merchant categories for up to two years of history
• Investment holdings — ticker symbols, share quantities, cost basis, and end-of-day prices for connected brokerage and retirement accounts
• Liability metadata— for connected loans and credit cards: APR, minimum payment, statement balance, and payment due dates

We do not receive or store your bank login credentials. Plaid handles authentication directly with your financial institution.

We use Finnhubto display real-time stock and ETF prices. Finnhub receives ticker symbols only — no personal or financial account information is shared with Finnhub.

You may manually enter transactions, budget categories, investment holdings, tracking accounts (vehicles, real estate), and financial goals. This data is stored only in your account and is not shared with any third party.

We collect standard server logs (IP addresses, browser type, pages visited) for security monitoring and service improvement. We do not run advertising trackers, behavioral profiling, or cross-site tracking on any Arden surface — not the marketing site, not the app, not the docs. No Google Analytics, no Plausible, no Mixpanel, no Segment, no PostHog. Operational telemetry below is the only thing we run on top of standard server logs.

Across every Arden surface (marketing site, app, docs), we collect operational telemetry to keep the service fast and reliable. This is technical telemetry, not behavioral analytics — the tools below never see your transactions, balances, or anything you typed; only that pages loaded and how fast.

• Vercel Analytics— aggregate, anonymous page-view counts. No cookies, no cross-site tracking, no user identifiers. Runs on Vercel, our hosting provider.
• Vercel Speed Insights — Web Vitals timing data (page load time, time to interactive, layout stability) per route, sampled anonymously. Used to identify slow pages and verify performance improvements ship correctly.

Neither service receives your financial data, your inputs, or any content from your account. They observe page-level timing only. If you’d prefer to opt out of operational telemetry, email support@ardenmoney.com.

When the app crashes or throws an unhandled exception, a stack trace and the route where the error occurred are sent to Sentryso we can diagnose and fix the bug. Before each report leaves our servers, a scrubber removes anything that looks like an email address, currency amount, JWT, or Plaid access token. Error reports are retained for 30 days and then deleted. This is error monitoring, not behavior analytics; Sentry never sees what you click, type, or transact unless the page crashed at that moment. If you’d prefer not to have error reports generated from your session, email support@ardenmoney.com.

Your financial data is stored in an encrypted database on our servers. All data is associated with your user account and is not accessible to other users.

• In transit— all connections use HTTPS/TLS encryption
• At rest— database storage is encrypted
• Plaid tokens— access tokens for your bank connections are stored encrypted and are never exposed to the browser

Access to production systems is restricted to authorized personnel only. We use authentication on all API endpoints and verify Plaid webhook signatures using JWT verification to prevent unauthorized data injection.

We retain your financial data for as long as your account is active and you maintain connected bank accounts. Transaction history is kept to support budget calculations, reports, and trend analysis.

You may delete your account at any time. When you delete your account:

• All your financial data (transactions, budgets, holdings, tracking accounts) is permanently deleted from our servers
• Your Plaid bank connections are revoked — we call Plaid’s item removal API to ensure your tokens are invalidated
• Server logs containing your IP address are retained for up to 90 days for security purposes, then deleted

You can disconnect (unlink) individual bank accounts from Settings at any time. Disconnecting revokes the Plaid access token for that institution. Previously synced transactions remain in your account unless you manually delete them or the account.