What The Wampum Is
The Wampum is a personal financial coordination application. It connects to your bank accounts through Plaid to read balances and transactions, then organizes that information to help you understand what you can safely spend. The Wampum does not hold money, initiate transfers, or act as a financial institution.
What Data We Collect
- Account balances and transaction history from linked bank accounts (via Plaid)
- Your email address and display name for authentication
- Envelope configurations and budget preferences you set within the app
- Category tags you assign to transactions
What Data We Do Not Collect
- Bank usernames or passwords (all bank access is through Plaid's tokenized link flow)
- Social security numbers or government IDs
- Analytics, telemetry, or tracking data
- Data from third-party advertising or marketing networks
There are no third-party scripts on this application. No analytics. No tracking pixels. No advertising.
How We Use Your Data
Your financial data is used exclusively to:
- Calculate your spendable balance
- Categorize and trace transactions
- Detect recurring charges
- Fund and track budget envelopes
- Generate outlook projections and financial summaries
Your data is never sold, shared with third parties, used for marketing, or used to make lending or credit decisions.
How We Store Your Data
- All data is stored in Supabase (PostgreSQL) with row-level security (RLS) enabled on every table
- Plaid access tokens are stored encrypted and are never exposed to the client application
- All data in transit is encrypted using TLS 1.2 or higher
- All data at rest is encrypted by the database provider
- Database backups use Supabase point-in-time recovery
Access Controls
- Authentication is required to access any financial data
- Multi-factor authentication is supported
- Row-level security ensures users can only access their own data at the database level
- API keys and secrets are stored in environment variables, never in client code
- The co-pilot role (optional shared access) is explicitly granted by the user and revocable at any time
Third-Party Services
- Plaid — bank account linking and transaction data. Subject to Plaid's privacy policy
- Supabase — database and authentication infrastructure
- Netlify — application hosting
No other third-party services receive your data.
Data Retention and Deletion
Your data is retained as long as your account is active. You may request full deletion of your account and all associated data at any time by contacting us. Upon deletion:
- All financial data is permanently removed from our database
- Plaid access tokens are revoked
- Backups containing your data are purged within 30 days
Your Rights
You have the right to:
- Export all your data as JSON at any time
- Delete your account and all data
- Revoke bank connections at any time
- Revoke co-pilot access at any time
- Know exactly what data is stored (this policy is the complete list)
Consent
By connecting a bank account through Plaid Link, you consent to the collection and processing of your financial data as described in this policy. You may withdraw consent at any time by disconnecting your accounts or deleting your profile.