Privacy Policy

Account information. When you register, we collect your email address, username, and optionally your first and last name.

Financial institution data via Plaid.If you connect a bank or brokerage account, we use Plaid Technologies, Inc. to facilitate that connection. Through Plaid we receive read-only data including account balances, holdings, securities, and account metadata (account name, type, institution name). We do not receive your banking credentials — those are entered directly into Plaid's secure interface and are never transmitted to us.

International broker data via Zerodha Kite Connect.If you connect a Zerodha account, we redirect you to Zerodha's official login page to complete an OAuth flow. We receive a session access token from Zerodha which we use to fetch your holdings and margin data. This token is encrypted at rest using AES-256-GCM and stored in our database. Your Zerodha credentials are entered directly on Zerodha's infrastructure and are never transmitted to us.

Manually imported data. If you choose to import portfolio data via CSV or JSON upload, or enter account balances manually, we store that data on your behalf exactly as you provide it. If you configure an import reminder, we store your chosen interval and send a reminder email at that cadence until you remove the import.

Usage and preference data. We store your in-app preferences (accent colour, card glow level) and portfolio value snapshots to power historical charts. We do not collect device identifiers, advertising IDs, or behavioural analytics.

Audit log. We maintain a log of key account events (e.g. account connected, password changed) for your security. These records are visible only to you.

We use the information we collect solely to:

• Provide, maintain, and improve the Uplift service;
• Display your portfolio holdings, balances, and net worth;
• Generate historical portfolio value snapshots for charting;
• Authenticate you and secure your account;
• Respond to support requests;
• Comply with applicable laws and regulations.

We do not sell, rent, or share your personal or financial data with third parties for advertising or marketing purposes.

Plaid. Upliftuses Plaid to connect to US financial institutions. By linking an account you also agree to Plaid's End User Privacy Policy. Plaid access tokens are stored encrypted and are accessible only by our server-side infrastructure. They are never exposed to client-side code or transmitted to any third party other than Plaid itself.

Teller. Upliftuses Teller Connect to access US financial institutions not covered by Plaid, including Capital One. When you connect an account, you are redirected to your bank's login page. The resulting access token is encrypted at rest using AES-256-GCM. Teller uses mutual TLS (mTLS) for all API calls — your credentials are never transmitted to or stored by Uplift. By linking an account via Teller you also agree to Teller's End User Privacy Policy.

Zerodha Kite Connect. Upliftuses the Zerodha Kite Connect API to fetch holdings from Indian equity and commodity markets. When you connect a Zerodha account, you are redirected to Zerodha's official OAuth login page. The resulting session token is encrypted at rest using AES-256-GCM and stored in a dedicated credentials store, accessible only to server-side processes. Zerodha session tokens are valid for one trading day and are automatically invalidated by Zerodha at end of day. By linking a Zerodha account you also agree to Zerodha's Terms of Service.

You may disconnect any linked broker or institution at any time from Settings → Broker Connections or Settings → Brokerage & Bank Connections. Disconnecting permanently deletes the associated access token from our database and revokes our access to that account.

Your data is stored in Supabase, a managed database platform with SOC 2 Type II certification, encrypted at rest (AES-256) and in transit (TLS 1.2+). Row-level security policies ensure each user can only access their own data. Access tokens for financial institutions are restricted to server-side processes and cannot be queried by end users.

While we implement industry-standard safeguards, no method of transmission or electronic storage is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password and to notify us immediately of any suspected unauthorized access.

We retain your account data for as long as your account is active. Portfolio value snapshots are retained for up to 60 days on a rolling basis. Audit log entries are retained for up to 90 days.

If you delete your account, we will delete or anonymize all associated personal data within 30 days, except where retention is required by applicable law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request correction of inaccurate data. Most profile data can be updated directly in Settings.
• Deletion. Request deletion of your account and associated data.
• Portability. Export your portfolio data at any time from Settings → Export Data in JSON, CSV, or PDF format.
• Objection / Restriction. Object to or request restriction of certain processing activities.

To exercise any of these rights, contact us at privacy@useuplift.app. We will respond within 30 days.

If you are a California resident, you have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To submit a request, contact us at privacy@useuplift.app.

Uplift is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

Your data may be processed and stored in the United States and other countries where our service providers operate. By using Uplift you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

We use the following sub-processors:

• Plaid Technologies, Inc. — US financial institution connectivity
• Teller, Inc. — extended US financial institution connectivity (Capital One and others)
• Zerodha Broking Ltd. (Kite Connect) — Indian broker connectivity
• Resend, Inc. — transactional email delivery
• Supabase, Inc. — database, authentication, and storage
• Vercel, Inc. — application hosting and edge delivery

Each sub-processor is bound by data processing agreements and applicable privacy regulations.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page and, where appropriate, by sending an email to the address associated with your account. Your continued use of Uplift after any changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: