Privacy Policy

Last updated: March 27, 2026

OpenFi ("we," "our," or "the app") is a personal finance application for macOS. This Privacy Policy explains what data we collect, how it's used, and your rights.

Our Core Principle: Local-First

OpenFi is designed so your financial data stays on your device. Your transactions, balances, categories, goals, and reports are stored in a local database on your Mac — not on our servers.

What Data Stays on Your Device

The following data is stored exclusively on your Mac and never transmitted to our servers:

• Bank account balances and transaction history
• Spending categories and your personalized taxonomy
• Financial goals, budgets, and monitors
• Email receipts and match results
• AI-generated reports and Oracle chat history
• Investment positions and portfolio data
• Net worth calculations and cash flow analysis

What Data Is Shared with Third Parties

To provide core functionality, OpenFi communicates with the following services:

Plaid (Bank Connectivity)

• What's shared: Your bank login credentials (entered directly in Plaid's secure interface — we never see them). Once connected, Plaid sends OpenFi your transaction history (up to 730 days), account balances, and account metadata (account name, type, last four digits of the account number).
• What's NOT shared with OpenFi: Your bank username and password are never sent to OpenFi — they are entered into Plaid's interface and used by Plaid to authenticate with your bank on your behalf.
• Why: To connect your bank accounts and download transactions. Brokerage holdings are imported via CSV upload, not through Plaid.
• Server-side retention: Plaid access tokens are stored in your Mac's Keychain. For subscription-tier users, a copy is also stored in our Firestore database (admin-only access) so the server can sync your transactions in response to webhook notifications. Other Plaid data (transactions, balances) is stored only in your local database on your Mac.
• Right to revoke: You can disconnect a bank in OpenFi's Accounts view at any time. You can also revoke access directly at https://my.plaid.com, Plaid's consumer portal, which shows every app connected to your accounts.
• Plaid's End User Privacy Policy: https://plaid.com/legal/#end-user-privacy-policy (governs Plaid's handling of your data).
• Note: Plaid settled a $58M class action in 2022 regarding data practices. We use Plaid because it's the industry standard for bank connectivity in the US, but we want you to be aware.

Google Gemini API (AI Features)

• What's shared: Different AI features send different data. Across all features, the following may be sent to Google's Gemini API:
  • Transaction merchant names (raw and cleaned), amounts, and dates
  • For some features, your current account balances (Oracle answering "what's my balance?")
  • Your category taxonomy and prior category corrections, used as context for categorization
  • Your onboarding interview answers, used to generate a personalized category taxonomy
  • The full text of any Oracle question you type (e.g., "how much did I spend on tacos last quarter?")
  • The full text of forwarded receipt emails when receipt matching is enabled (may include line items, billing names, and addresses)
• What's NOT shared: Bank login credentials, full account numbers, routing numbers, and Plaid access tokens are never sent to Gemini.
• Why: To power AI-driven categorization, natural language financial queries, and report generation.
• What OpenFi sees server-side (subscription tier only): If you use the subscription tier, your Gemini requests pass through our authenticated Firebase Cloud Function proxy. The proxy is necessary to attach our billed API key and to enforce per-user rate limits. We log request metadata (user ID, model, response status, token counts) but do not retain prompt or response bodies beyond what's required to deliver the response. BYOK users' Gemini requests go directly from their device to Google and never touch our servers.
• Data usage by Google: OpenFi uses the Gemini Developer API (generativelanguage.googleapis.com). Google's data-use rules depend on whether the API key calling Gemini has billing enabled, not on which endpoint is used.
  • BYOK on Google AI Studio's free tier: Google may use your inputs to improve their models and human reviewers may see them. We recommend BYOK users enable billing on their Google AI Studio API key to receive paid-tier protections.
  • BYOK with billing enabled, or our subscription tier: Per Google's Gemini API additional terms for paid services, inputs and outputs are not used to train Google's models and are not subject to human review for service improvement.
  • The specific data-use commitments above reflect Google's published policy at the time this document was last updated; please consult the linked terms below for the current authoritative language.
• Their terms: Gemini API Additional Terms (this is the governing agreement; Vertex AI / Google Cloud Terms of Service do not apply because OpenFi does not use Vertex AI).

Firebase (Authentication & Sync Notifications)

• What's shared: Your email address (for authentication), payment status, and sync notification triggers.
• What's NOT shared: Your financial data. Firebase stores only your account status, not your transactions or balances.
• Why: To manage your account, verify your purchase, and trigger transaction syncs when your bank has new data.

Stripe (Payments)

• What's shared: Your payment information (processed entirely by Stripe — we never see your card number).
• Why: To process your purchase or subscription payment.
• Their privacy policy: https://stripe.com/privacy

Yahoo Finance (Stock Prices)

• What's shared: Stock ticker symbols from your investment portfolio.
• What's NOT shared: Your holdings, quantities, or account information.
• Why: To fetch current stock prices for portfolio valuation.

Analytics

OpenFi collects minimal, privacy-respecting analytics stored locally on your device:

• Which features you use (e.g., Oracle, Reports, Goals)
• Whether you completed onboarding
• Error counts (no error details or financial data)

This data is stored in your local database and is not transmitted to our servers. It helps us improve the app if you choose to share feedback.

Data Security

• Encryption at rest: Your database is protected by macOS FileVault (full-disk encryption) and App Sandbox (app isolation).
• Credentials: API keys and bank connection tokens are stored in the macOS Keychain, which is hardware-backed on Apple Silicon Macs.
• Network security: All connections to third-party services use HTTPS/TLS encryption.

Your Rights

• Export your data: Use File > Export Data to download your transactions, accounts, and net worth history as CSV files at any time.
• Delete your data: Uninstalling the app removes all local data. To delete your account and server-side data (authentication, payment records), contact us at privacy@tryopenfi.com.
• Revoke bank access: You can disconnect bank accounts at any time in the Accounts view. You can also revoke access directly through Plaid's consumer portal at https://my.plaid.com, which shows all apps connected to your accounts and lets you disconnect any of them.

Children's Privacy

OpenFi is not intended for use by children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the app or by email.

Contact

For privacy questions or data deletion requests:

• Email: privacy@tryopenfi.com