Privacy Policy & Terms of Service

Last updated: February 17, 2026

Privacy Policy

1. Information We Collect

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password (encrypted with BCrypt hashing)
  • OAuth Data: When you sign in with Google, we receive your email address and basic profile information. We do not access your Gmail, Drive, or other Google services.
  • Financial Data via Plaid: Account balances, transaction history, holdings, investment positions from your connected financial institutions
  • Usage Data: IP address, browser type, device information, pages visited, feature usage

IMPORTANT: We NEVER store your banking usernames or passwords. Plaid handles all bank authentication directly—your credentials are transmitted securely to Plaid and your financial institution, never passing through our servers.

2. Financial Data via Plaid

When you connect a financial account, we use Plaid Technologies, Inc. to securely access your financial data. Plaid is a trusted financial technology provider used by thousands of apps.

How Plaid Works:

  • You authenticate directly with your bank through Plaid's secure interface
  • Plaid retrieves your financial data (balances, transactions, holdings) with your explicit consent
  • Plaid provides us with an encrypted access token (not your credentials) to retrieve your data
  • We store this access token encrypted in our database to refresh your financial data

What Data Plaid Shares With Us:

  • Account Information: Account names, types (checking, savings, investment, credit card), last 4 digits of account numbers
  • Balances: Current and available balances for all connected accounts
  • Transactions: Date, amount, merchant name, category for recent transactions (typically 90 days to 2 years)
  • Investment Holdings: Securities held, quantities, cost basis, market values (for brokerage/retirement accounts)

Your Control Over Plaid Connections:

  • You can disconnect any linked account at any time from your dashboard
  • Disconnecting an account revokes our access token and deletes associated financial data
  • Plaid connections require reauthorization every 12 months for security
  • You can also revoke Plaid's access directly at my.plaid.com

Plaid's Security: Plaid is SOC 2 Type II certified and ISO 27001 compliant. They encrypt all data in transit (TLS 1.2+) and at rest (AES-256). Review Plaid's privacy policy at plaid.com/legal.

3. How We Use Your Information

We use the information we collect to provide and improve our wealth management platform:

  • Portfolio Tracking: Aggregate balances across all your accounts to calculate net worth and asset allocation
  • Performance Analytics: Track portfolio performance over time, calculate returns, and generate historical valuation snapshots
  • Multi-Entity Organization: Support complex ownership structures (LLCs, trusts, S-Corps) and track accounts across entities
  • Automated Reporting: Generate statements, tax documents, and portfolio summaries
  • Service Communications: Send account updates, security alerts, system notifications, and respond to support requests
  • Platform Improvements: Analyze aggregated, anonymized usage patterns to enhance features and fix bugs
  • Compliance & Security: Detect fraud, enforce our Terms of Service, comply with legal obligations

DISCLAIMER: Our platform provides informational tools only and does NOT constitute investment advice, tax advice, or financial planning services. Always consult licensed professionals before making financial decisions.

4. How We Protect Your Data

We implement industry-leading security measures to protect your financial information:

  • Encryption at Rest: AES-256 encryption for all database storage (Amazon Aurora MySQL with AWS KMS). Sensitive fields (tax IDs, account numbers, Plaid access tokens) are encrypted at the application level with Rails Active Record Encryption.
  • Encryption in Transit: TLS 1.2+ for all connections. HTTP traffic is automatically redirected to HTTPS at the load balancer.
  • Password Security: BCrypt hashing with salt for password-based accounts. OAuth-only users don't have passwords stored.
  • Network Isolation: Our database runs in isolated private subnets with no direct internet access. Only our application servers in private subnets can connect.
  • Infrastructure Security: Hosted on AWS ECS Fargate with security groups enforcing least-privilege access. VPC flow logs monitor rejected traffic.
  • Secrets Management: Sensitive credentials (database passwords, API keys, OAuth secrets) are stored in AWS Secrets Manager, never in code.
  • Access Controls: Role-based admin permissions, account lockout after 5 failed login attempts, Google reCAPTCHA v3 on authentication endpoints.
  • Security Headers: Content Security Policy, X-Frame-Options, X-Content-Type-Options to prevent XSS and clickjacking attacks.

Infrastructure Compliance: Our platform is hosted on AWS infrastructure that maintains SOC 2, ISO 27001, and FedRAMP certifications. While AMP inherits these infrastructure protections, AMP itself has not undergone independent SOC 2 certification.

5. Third-Party Data Sharing

We DO NOT sell your personal information or financial data to anyone.

We share data with the following trusted service providers who are contractually bound to protect your information:

  • Plaid Technologies, Inc. — Financial account aggregation. Plaid accesses your banking credentials to retrieve account data on our behalf. Certifications: SOC 2 Type II, ISO 27001. Privacy Policy: plaid.com/legal
  • Amazon Web Services (AWS) — Cloud hosting (ECS Fargate, Aurora MySQL, S3, SES email). Certifications: SOC 2 Type II, ISO 27001, FedRAMP. AWS does not have access to unencrypted financial data.
  • Google LLC — OAuth authentication only. When you sign in with Google, we receive your email and basic profile information. We do NOT share your financial data with Google.

Additional Disclosures:

  • Legal Obligations: We may disclose your information if required by law, court order, subpoena, or to protect our rights and the safety of our users.
  • Business Transfers: If AMP is acquired or merged with another company, your data may be transferred to the new entity. You will be notified 30 days in advance with the option to delete your account.

No Advertising Partners: We do not share your data with advertising networks or marketing companies.

6. Your Rights

You have the following rights regarding your personal and financial data:

  • Access: View all your data through your dashboard. Request a full export of your account data in CSV or PDF format by contacting us.
  • Correction: Update your account information, entity details, and portfolio holdings directly in the app. Contact us for assistance with corrections.
  • Deletion: Request deletion of your account and all associated data at any time. Account data is retained for 30 days (recovery period), then permanently deleted. Financial data from Plaid is retained for 90 days for legal/tax purposes.
  • Portability: Export your portfolio data in CSV or PDF format from your dashboard or by contacting us.
  • Revoke Plaid Access: Disconnect any linked financial account from your dashboard. This immediately revokes our Plaid access token and triggers deletion of associated transaction history.
  • Opt-Out of Communications: Unsubscribe from marketing emails (we don't currently send marketing emails). You cannot opt out of critical service emails (password resets, security alerts).

Plaid Reauthorization: For security, Plaid connections expire after 12 months and require reauthorization. You'll receive an email notification 7 days before expiration.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request details about the categories and specific pieces of personal information we've collected about you in the last 12 months, including sources, purposes, and third parties we've shared it with.
  • Right to Delete: Request deletion of your personal information, subject to legal exceptions (e.g., tax records retention requirements).
  • Right to Opt-Out of Sale: We DO NOT sell your personal information, so there is nothing to opt out of.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

Categories of Personal Information We Collect (CCPA):

  • Identifiers: Name, email, IP address
  • Commercial Information: Financial account details, transaction history, portfolio holdings
  • Internet Activity: Pages visited, features used, device information
  • Financial Information: Tax IDs (encrypted), account numbers (last 4 digits), balances

To exercise your CCPA rights, contact us at contact@amp.finance. We will verify your identity before processing requests.

8. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: All data is retained while your account is active and you continue using our services.
  • Account Deletion: When you delete your account, we retain your data for 30 days in case you change your mind (recovery period). After 30 days, your account information and entity data are permanently deleted.
  • Financial Data: Transaction history and portfolio valuations are retained for 90 days after account deletion to comply with potential tax reporting and legal obligations.
  • Plaid Access Tokens: Immediately revoked and deleted when you disconnect an account or delete your AMP account. We cannot access your financial institution data once the token is revoked.
  • Backup Copies: Encrypted backups are retained for 90 days for disaster recovery purposes. Deleted data is purged from backups after this period.
  • Audit Logs: System logs (IP addresses, login attempts, admin actions) are retained for 1 year for security and compliance purposes. These logs do not contain financial data.

Early Deletion: If you want your data deleted immediately without the 30-day recovery period, contact us at contact@amp.finance with your request.

9. Cookies and Sessions

We use cookies to provide our services and maintain your login session:

  • Session Cookies: Secure, HTTP-only cookies to maintain your logged-in state. These cookies are deleted when you close your browser or log out.
  • Persistent Cookies: "Remember Me" functionality (if enabled) stores an encrypted token for 2 weeks.
  • Functional Cookies: Sidebar collapse state, theme preferences (stored in localStorage, not transmitted to servers).

We do NOT use:

  • Third-party advertising cookies
  • Social media tracking pixels
  • Cross-site tracking or fingerprinting

For more details, see our Cookie Policy.

10. Children's Privacy

AMP Finance is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us immediately at contact@amp.finance and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or new features. Material changes will be notified via email to your registered email address at least 30 days in advance. We will also update the "Last updated" date at the top of this page. Continued use of our services after changes take effect constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account before they take effect.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

contact@amp.finance

Terms of Service

1. Acceptance of Terms

By accessing or using Amp Finance, you agree to be bound by these Terms of Service and our Privacy Policy. If you do not agree, do not use our services.

2. Description of Service

Amp Finance provides AI-powered financial portfolio tracking and analysis tools. IMPORTANT: Our service is for informational purposes only and does NOT constitute investment advice, tax advice, or financial planning services. Always consult licensed professionals before making investment decisions.

3. Account Responsibilities

You are responsible for:

  • Providing accurate, current, and complete account information
  • Maintaining the security of your password and account
  • All activities that occur under your account
  • Notifying us immediately of unauthorized access

You must be at least 18 years old to use our services.

4. Acceptable Use Policy

You agree NOT to:

  • Reverse engineer, decompile, or disassemble our software
  • Use automated scripts, bots, or scrapers to access our services
  • Upload viruses, malware, or malicious code
  • Impersonate others or provide false information
  • Violate any applicable laws or regulations
  • Share your account credentials with third parties

5. Intellectual Property

All content, features, and functionality (including software, algorithms, text, graphics, logos) are owned by Amp Finance and protected by copyright, trademark, and other intellectual property laws. You may not copy, modify, or distribute our content without written permission.

6. Subscription & Payment

  • Billing Cycles: Monthly or annual subscriptions
  • Auto-Renewal: Subscriptions renew automatically unless canceled 24 hours before renewal
  • Payment Methods: Credit card, debit card (processed via Stripe)
  • Refunds: No refunds for partial months. Cancel anytime to avoid future charges.
  • Price Changes: We may change pricing with 30 days notice to existing subscribers

7. Disclaimers & Limitations of Liability

Services provided "AS IS": We make no warranties, express or implied, regarding accuracy, reliability, or availability. We do not guarantee:

  • Uninterrupted or error-free service
  • Accuracy of AI-generated insights or recommendations
  • Specific investment outcomes or returns
  • Compatibility with all devices or browsers

Limitation of Liability: To the maximum extent permitted by law, Amp Finance shall not be liable for indirect, incidental, consequential, or punitive damages, including loss of profits, data, or investment losses. Our total liability is limited to the amount you paid us in the 12 months prior to the claim.

8. Indemnification

You agree to indemnify and hold harmless Amp Finance, its officers, employees, and agents from any claims, losses, damages, liabilities, and expenses (including legal fees) arising from your use of our services or violation of these Terms.

9. Termination

We may suspend or terminate your account immediately if you:

  • Violate these Terms of Service
  • Engage in fraudulent activity
  • Fail to pay subscription fees
  • Provide false or misleading information

Upon termination, your right to use our services ceases immediately. You may request data export within 30 days of termination.

10. Governing Law & Dispute Resolution

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of law principles. Any disputes shall be resolved through binding arbitration in accordance with the American Arbitration Association rules. You waive the right to participate in class actions.

11. Changes to Terms

We reserve the right to modify these Terms at any time. Material changes will be notified via email 30 days in advance. Continued use after changes constitutes acceptance of the new Terms.

12. Contact Information

For questions about these Terms, contact us at:

legal@amp.finance

← Back to Home