We believe that you should have access to and control over your data. You can download all your transactional data, including categories and notes, from your Copilot app Settings
We employ a number of security measures to help keep your data safe, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. In other words, your data is encrypted while it is being stored and while interacting with our servers. And we do not see or store your bank login credentials because we partner with trusted data aggregators, like Plaid and Finicity, to connect to your financial institutions. Copilot works with third party vendors who adhere to industry security standards. You can read more about Plaid and Finicity’s security policies on their websites.
Copilot’s direct OAuth integrations for Capital One and Coinbase meet the same data security requirements. OAuth allows us to connect directly with your bank rather than importing your account and transaction data via an aggregator. We do not see or store your OAuth login credentials either.
If you choose to integrate Venmo, we do not have direct access to your Venmo account. Instead, we simply process the emails you forward to us. Remember that you can stop forwarding us your emails at any time, or even restrict what emails you decide to forward.
You can delete your Copilot account at any time from the Settings menu, or by sending a request via in-app chat or to email@example.com. If you delete your account, we do not keep any of your linked financial data or Copilot account data (email address, budgets, etc.), except in the limited circumstances where required by law, to resolve disputes, protect Copilot and our users, and enforce our agreements. Where Copilot has no such obligations, the data will be completely removed from all our internal systems, including backups, within 60 days.
Deleting your Copilot account and canceling your app subscription are two separate actions, as subscriptions are managed by Apple.
Copilot’s infrastructure is built on the Google Cloud Platform (GCP), which is used by leading financial companies worldwide. GCP adheres to industry standard security, privacy and compliance controls, including:
We use Multi-Factor Authentication (MFA) on all internal systems and incorporate MFA support and mobile device management into our company devices.
We also know that security isn’t a “set it and forget it” sort of thing, which is why we regularly conduct application penetration tests to identify and, as needed, mitigate vulnerabilities or risks in our systems.
Our only focus is on building tools that help you improve your finances. We respect your privacy, so we give you transparency and control over your data and keep it private. We don’t like it when we start seeing online ads for things we recently bought, so we do not sell your personal data to third parties so that they can advertise products to you.
We’ll keep this page up-to-date and let you know if anything big changes with our practices. We’re also available if you have any questions or concerns. You can always contact us through in-app chat or at firstname.lastname@example.org.