Privacy Policy | Arcana Pulse

Information We Collect

—Account information — When you register, we collect your name, email address, and a hashed copy of your password. We never store your password in plaintext.
—Financial data — We collect transaction records, account balances, and bank linkage metadata you provide or authorize via Plaid. This data is used exclusively to power your financial dashboard and AI analysis.
—Usage data — We log page visits, feature interactions, and API requests to improve the product and detect abuse. Logs are retained for 90 days.
—Device & network data — IP address, browser user agent, and approximate geolocation (country/city level) are collected for security, rate limiting, and fraud prevention.

—To provide, maintain, and improve the Arcana Pulse platform and its AI-powered financial intelligence features.
—To authenticate your identity, protect your account from unauthorized access, and send security alerts.
—To generate AI-driven insights, forecasts, and budget recommendations — all processed server-side and never shared with third-party advertisers.
—To send transactional emails (verification, password reset, security alerts). We do not send marketing emails without explicit opt-in.
—To comply with legal obligations and enforce our Terms of Service.

—We do not sell your data. We have no advertising business model and no financial incentive to share your personal or financial information with third parties.
—Plaid — We use Plaid to connect your bank accounts. Plaid has its own privacy policy and end-user agreement. Your bank credentials are never transmitted to or stored by Arcana.
—Dwolla — We use Dwolla to process fund transfers. Transaction data required for transfer processing is shared with Dwolla under their privacy policy.
—Infrastructure providers — We use Appwrite for database hosting and Sentry for error monitoring. These providers process data under data processing agreements with strict confidentiality obligations.
—Legal requirements — We may disclose information if required by law, court order, or to protect the rights, property, or safety of our users or the public.

—Your account and financial data is retained for the life of your account and up to 7 years after deletion, as required by financial regulations.
—Audit logs are retained for 2 years to support security reviews and compliance requirements.
—Usage logs and error reports are retained for 90 days.
—You may request deletion of your account and associated data at any time. Deletion requests are processed within 30 days, subject to legal retention requirements.

—Access — You may request a copy of all personal data we hold about you.
—Correction — You may request correction of inaccurate or incomplete data.
—Deletion — You may request deletion of your account and data, subject to legal retention obligations.
—Portability — You may export your transaction data in CSV format at any time from the Transactions page.
—Opt-out — You may opt out of non-essential communications at any time.
—California residents have additional rights under CCPA. EU/UK residents have additional rights under GDPR. To exercise any of these rights, contact us at privacy@arcanapulse.com.

—We use AES-256-GCM encryption for sensitive fields at rest. All data in transit is encrypted using TLS 1.3.
—Passwords are hashed with bcrypt (cost factor 12) before storage. We never store plaintext credentials.
—Multi-factor authentication (TOTP) is available and encouraged for all accounts.
—We conduct regular security reviews and maintain an audit log of all sensitive operations.
—Despite these measures, no system is perfectly secure. We will notify affected users promptly in the event of a data breach.

—Essential cookies — We use session cookies to maintain your authenticated state. These are strictly necessary and cannot be disabled.
—Preference cookies — We store UI preferences (theme, filters) in localStorage. These contain no personal data.
—Analytics — We do not use third-party analytics cookies (e.g., Google Analytics). Any analytics we perform are server-side and privacy-preserving.
—You can clear cookies and localStorage at any time through your browser settings. Clearing session cookies will log you out.

—We may update this Privacy Policy from time to time. We will notify you of material changes via email and by displaying a notice in the application at least 30 days before changes take effect.
—Continued use of Arcana Pulse after changes take effect constitutes acceptance of the updated policy.

—For privacy-related questions, requests, or concerns, contact us at privacy@arcanapulse.com or by mail at: Arcana Sovereign Intelligence Group, Attn: Privacy Team, [Address placeholder pending legal review].