How does ArcaTrust work?

Connect your bank accounts via Plaid (read-only, no credentials stored), set up your budget, and invite your family. ArcaTrust does the rest — syncing transactions, tracking spending, forecasting cash flow, and keeping everyone on the same page.

Is my financial data secure?

Yes. We use Plaid for bank connections (the same service used by Venmo, Robinhood, and most major fintech apps), 256-bit encryption at rest and in transit, and we never store your bank credentials. We also don't sell your data — that's not our business model.

How is this different from other budget apps?

Most apps are built for one person. ArcaTrust is built for households. That means unlimited members at one price, role-based permissions (kids see different things than adults), shared budgets and goals, and a kids mode for financial education. It's the difference between a personal tool and a family operating system.

What happens after I join the waitlist?

We'll email you the moment access opens — likely within the next few weeks. There's no obligation; if you decide ArcaTrust isn't for you, just don't sign up. We won't email you again unless you ask.

Can I import data from my current budget app?

Yes — we support CSV import for transactions, and we're adding direct import from common formats (OFX, QFX) over the coming months.

Does this work if I'm single or not in a family?

Absolutely. The household-first design doesn't exclude individuals — it just means you get features (like role-based permissions and shared goals) you don't have to use. If your situation changes — partner, kids, shared finances — ArcaTrust grows with you without you switching apps.

← Back to ArcaTrust

Privacy Policy

Last updated: April 2026 · Contact: info@arca-trust.com

1. Introduction

ArcaTrust ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our household finance management platform. We encourage you to read this policy carefully. If you do not agree with the terms of this policy, please do not access the application.

2. Information We Collect

Account Information: Name, email address, and password hash provided during registration. If you use Google OAuth, we receive only your name and email address.

Financial Data via Plaid: Bank account information, balances, and transaction history accessed via Plaid's read-only API connections. We receive transaction details (merchant names, amounts, dates) and account balances — NOT your bank login credentials, which are handled entirely by Plaid.

Manually Entered Data: Budgets, savings goals, liabilities, property details, equity compensation grants, estate planning documents, and other financial information you enter directly.

AI Conversation History: Prompts and responses from the AI Coach feature, stored for your active session to maintain context. Conversations are not permanently retained.

Usage Analytics: Pages visited, features used, device type, browser type, and operating system. Used for service improvement only.

IP Address & Location: IP address and approximate geographic location, used solely for security monitoring and fraud detection.

3. Information We Do Not Collect

We do NOT collect: bank login credentials (handled entirely by Plaid), Social Security numbers, tax returns or government-issued ID numbers.

4. How We Use Your Data

We use the information we collect to:

Provide, maintain, and improve the ArcaTrust service
Sync your financial accounts via Plaid
Generate AI-powered insights, categorization, and recommendations
Send service-related notifications, email digests, and alerts (with your consent)
Process payments via Stripe
Detect fraud and protect account security
Respond to your inquiries and support requests

We NEVER sell your data to third parties. We NEVER serve advertisements. We NEVER share your data with third parties for marketing purposes.

5. Third-Party Services

We share data only with the following service providers, strictly for service delivery:

Plaid: Bank account connectivity (read-only access). Plaid Privacy Policy
Stripe: Secure payment processing. Stripe Privacy Policy
Anthropic: AI features — your data is processed for generating responses but is NOT used to train AI models. Anthropic Privacy Policy
Google Cloud: Hosting infrastructure — all data encrypted at rest and in transit
Google OAuth: Optional sign-in — only your email address and name are received

We do not share your data with any other third parties, data brokers, or advertisers.

6. How We Protect Your Data

We implement industry-standard security measures including:

AES-256-GCM encryption for sensitive data at rest (Plaid tokens, credentials)
TLS 1.2+ encryption for all data in transit
Secure hashing (SHA-256) for refresh tokens and authentication
Role-based access controls with five permission tiers
Comprehensive audit logging for all security-relevant events
Tiered rate limiting and brute-force protection on all API endpoints
Account lockout after 5 failed login attempts
Read-only bank connections via Plaid — we cannot move money or initiate transactions
Row-level security (RLS) in our database to prevent cross-tenant data access
Regular security assessments and automated vulnerability scanning

We host on Google Cloud Platform, which maintains SOC 2 Type II certification. Bank credentials are never stored by ArcaTrust — all bank connections are handled securely through Plaid. Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure.

7. Cookies and Tracking

ArcaTrust uses essential cookies and localStorage for authentication (JWT tokens), theme preferences, and feature settings. We do not use advertising cookies, tracking pixels, or third-party analytics that identify individual users. We may use anonymous, aggregated usage data to improve the service.

8. Data Retention and Deletion

Active accounts: Data is retained as long as the account is active
Cancelled accounts: Data is retained for 90 days after cancellation, then permanently deleted
Deleted accounts: All personal and financial data is permanently removed within 30 days
Billing records: Retained for 7 years as required by applicable tax and financial regulations

You may export your data at any time via the CSV export feature. You may request complete data deletion at any time from Settings.

9. Your Rights

You have the right to:

Access your data at any time via the in-app data export feature
Request deletion of your account and all associated data
Opt out of non-essential communications
Request a portable copy of your data (GDPR and CCPA compliant)
Revoke Plaid access to your financial accounts at any time

To exercise any of these rights, contact us at info@arca-trust.com.

10. CCPA / State Privacy Rights

If you are a California resident, you have the right to:

Know what personal information is collected about you
Request deletion of your personal information
Opt out of the sale of your personal information (we do not sell your data)
Not be discriminated against for exercising your privacy rights

To exercise these rights, contact info@arca-trust.com. We will respond to verified requests within 45 days.

11. Children's Privacy

ArcaTrust is not directed to individuals under 18 years of age. We do not knowingly collect personally identifiable information from children under 18. The Kids Mode feature is designed for use by parents to manage allowances and education for their children — the parent maintains the account and enters data on behalf of the child. Children should not create their own ArcaTrust accounts. If we learn we have collected personal information from an individual under 18, we will delete that information promptly. If you believe a child under 18 has provided us personal information, please contact us at info@arca-trust.com.

12. International Data Transfers

ArcaTrust is hosted in the United States on Google Cloud Platform. If you access ArcaTrust from outside the United States, your data will be transferred to and processed in the United States. By using ArcaTrust, you consent to this transfer. We implement appropriate safeguards to protect your data in accordance with applicable data protection laws.

13. Security Breach Notification

In the event of a data breach that affects your personal or financial information, we will notify affected users via email within 72 hours of discovering the breach, as required by applicable law. The notification will include:

The nature and scope of the breach
The types of data affected
Steps we are taking to address the breach
Recommended actions you should take to protect yourself
Contact information for questions

14. Analytics

ArcaTrust collects anonymized usage analytics to improve the service, including: pages visited, features used, session duration, device type, and browser type.

We do NOT use third-party advertising trackers. We do NOT sell or share analytics data with advertisers. We do NOT build advertising profiles from your financial data.

15. Automated Decision-Making

ArcaTrust uses AI and automated processes for transaction categorization, spending insights, and budget recommendations. These automated decisions are advisory only — they do not restrict your access to features or affect your account status. You may override any automated categorization or recommendation at any time.

16. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the service at least 30 days before the changes take effect. Your continued use of ArcaTrust after changes are posted constitutes your acceptance of the updated policy.

17. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

Email: info@arca-trust.com

ArcaTrust · Salt Lake City, UT