Access

We believe that you should have access to and control over your data. You can download all your transactional data, including categories and notes, from your Copilot Money app Settings.

Your personal Copilot Money financial account data, such as budgets and transactions, is only accessed by the Copilot Money team when necessary to provide the Copilot Money services, like when you request support for a data issue, and in other instances with your consent. 

We employ a number of security measures to help protect your data, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. In other words, your data is encrypted while it is being stored and while interacting with our servers. And Copilot Money itself does not see or store your bank login credentials because we partner with trusted data aggregators, like Plaid and Mastercard Data Connect, to connect to your financial institutions. Copilot works with industry-leading open banking vendors Plaid and Mastercard Data Connect so that you can connect your financial accounts to Copilot Money. You can read more about Plaid’s and Mastercard Data Connect’s security policies on their websites.

Copilot’s direct OAuth integrations for Capital One, Coinbase, Apple Card (FinanceKit), and Public adhere to industry standard data security requirements. OAuth allows us to connect directly with your bank rather than importing your account and transaction data via an aggregator. We do not see or store your OAuth login credentials either.

If you choose to integrate Venmo through Copilot Labs, we do not have direct access to your Venmo credentials or account. Instead, we simply process the emails you forward to us. Remember that you can stop forwarding us your emails at any time, or even restrict what emails you decide to forward. For additional details, please see our Venmo Integration FAQ. 

If you choose to integrate Amazon through Copilot Labs, we do not have direct access to your Amazon credentials. Instead, we open Amazon's website directly on your device, where you log in yourself. Depending on your app version, we then either send your login session from your device's keychain to our backend to retrieve your order information, or navigate Amazon's orders pages directly on your device and send us the resulting order information. In both cases, your Amazon credentials are never shared with or stored by Copilot, and you can disconnect your Amazon account at any time. For additional details, please see our Amazon Integration FAQ.

Retention

When you are logged in to the app, you can delete your Copilot account at any time from the Settings menu, or you can reach out to us by sending a request via in-app chat. You can also email your deletion request to privacy@copilot.money, and we will verify your account ownership before processing the request. Please see our Privacy Policy for additional information on how we respond to such requests. 

If you delete your account, we do not keep information that you entered or integrated into Copilot through your account, such as financial account, transaction, and budget-related information, except in the circumstances described in our Privacy Policy, such as where we are required by law to retain certain data. Otherwise, the data will be removed from all Copilot systems.

If you subscribe to Copilot directly through us (via Stripe), deleting your Copilot account will automatically cancel your subscription.

If you subscribe to Copilot through Apple, deleting your Copilot account and canceling your app subscription are two separate actions, as subscriptions are managed by Apple.

• You can cancel your app subscription from Settings prior to deleting your account. Go to Copilot Settings → Subscription → Manage your Subscription and you’ll be taken to the App Store to complete the cancellation.

If you forget to cancel your subscription before deleting your account, you can still do so by going to your mobile device’s Settings → Purchases → Subscriptions → Copilot.

Infrastructure

Copilot’s infrastructure is built on the Google Cloud Platform (GCP), which is used by leading financial companies worldwide. GCP adheres to industry standard security, privacy and compliance controls, including:

• ISO/IEC 27001, 27017 and 27018

• SOC 1/2/3

• PCI DSS

• CSA STAR

Please note that these are GCP certifications and that Copilot is not certified at the moment.

We use Multi-Factor Authentication (MFA) on all internal systems and incorporate MFA support and mobile device management into our company devices.

We also know that security isn’t a “set it and forget it” sort of thing, which is why we regularly conduct application penetration tests to identify and, as needed, mitigate vulnerabilities or risks in our systems.

What you do in Copilot, stays in Copilot

Our focus is on building tools that help you improve your finances. We respect your privacy, so we give you transparency and control over your data and keep your financial information private. Because we don’t like it when we start seeing online ads for things we recently bought, our advertising activities are focused on spreading the word about Copilot to more people.  We do not advertise based on or sell financial information that you enter or integrate into the app, such as your budget information, financial transactions and goals, account balance and holdings, and investment activities and interests. That means that the purchases you make, budgets you set, and companies you invest in do not play a role in our advertising practices. Read our Privacy Policy to learn more about our advertising practices.

Transparency above all else

Our Privacy Policy comprehensively details our data practices, but we understand that legal documents aren’t everyone’s favorite thing to read. That’s why we have this page to provide you with a straightforward summary of how we think about your data.

Please check this page for updates on our practices. We’re also available if you have any questions or concerns. You can always contact us through in-app chat or at privacy@copilot.money.