Privacy Policy

Oversikt LLC (“Oversikt,” “we,” “us,” or “our”) provides financial planning software. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the rights you have to control your data.

If you have questions about this policy or how we handle your data, email us at hello@oversikt.io.

1. Summary

• We collect financial account data you connect through Plaid or Quiltt, your account information, and product usage data.
• We do not sell your personal data to anyone.
• We do not share your data with third-party AI providers for them to train their models.
• We may use de-identified transaction data — with personal identifiers stripped — to improve Oversikt's own categorization and recommendation systems. You can opt out.
• We share limited data with service providers who help us run Oversikt (listed in Section 5).
• You can access, correct, delete, or export your data at any time. You can also opt out of AI-powered features.
• Oversikt is based in the United States and available only to U.S. residents at this time.

2. Who this policy covers

This policy applies to anyone who uses oversikt.io, the Oversikt iOS app, or any related service we provide (“Services”).

Oversikt is not intended for use by individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided personal data to us, contact hello@oversikt.io and we will delete it.

3. Information we collect

Account information you provide

When you create an Oversikt account, we collect:

• Email address
• Name (optional)
• Password (stored as a salted hash, never in plain text)
• Subscription and billing information (processed by Stripe; see Section 5)

Financial information via Plaid and Quiltt

When you connect a bank, credit card, loan, or investment account, we receive:

• Account names, types, and balances
• Transaction history (dates, amounts, merchants, categories)
• Loan balances and interest rates (if applicable)
• Investment holdings (if applicable, and only if you connect an investment account)

Plaid and Quiltt (which routes to Finicity and applies FinGoal enrichment) handle your bank credentials directly. We never see or store your bank login.

Financial plan data you create

• Goals (for example: pay off debt, build wealth, save for a specific target)
• Budgets and category allocations
• Annual expense plans
• Property and entity information (if you track real estate)
• Notes and annotations

Product usage information

• Pages visited, buttons tapped, features used
• Session duration and frequency
• Device type, operating system, browser (for compatibility)
• General location derived from IP address (country / region, not precise coordinates)
• Error reports and crash diagnostics

We do not collect precise geolocation. We do not use tracking cookies for advertising.

Support correspondence

If you email us or use in-app feedback, we retain those messages so we can respond to you and improve the product.

4. How we use your data

We use your data only for the following purposes:

• Deliver the service. Display your financial data, generate budgets, calculate goal progress, and produce insights you've asked us to generate.
• Improve the service. Understand which features work, find bugs, and prioritize fixes.
• Communicate with you. Send account-related messages, subscription notifications, and (if you opt in) product updates.
• Generate AI-powered recommendations (see Section 6 for details and your opt-out right).
• Process payments. Handle subscriptions through Stripe.
• Comply with law. Respond to lawful legal process, prevent fraud, and enforce our Terms.

We do not use your data for:

• Targeted advertising (we don't run ads)
• Selling to data brokers or marketing firms
• Sharing with third-party AI providers for them to train their models (see Section 7)

5. Third parties we share data with

We share limited data with service providers that help us operate Oversikt. Each is contractually required to use the data only for the service they provide to us, and each is required to maintain appropriate data security and privacy practices.

• Quiltt — financial data orchestration layer that routes bank connections across multiple aggregators and applies transaction enrichment. Shares: End User financial account data; anonymous usage metrics. Quiltt does not retain or sell your data and acts as a processor on our behalf.
• Finicity (Mastercard) — primary bank account aggregator used via Quiltt. Shares: End User bank credentials (handled directly by Finicity, never visible to Oversikt); account and transaction data.
• FinGoal — transaction enrichment via Quiltt (merchant normalization, category suggestions, merchant logos). Shares: transaction descriptions and amounts. No account balances, account numbers, or personally identifying information are sent to FinGoal.
• Plaid — bank, card, loan, and investment account connections for accounts linked before our migration to Quiltt, and for institutions where Plaid provides better connectivity.
• Stripe — subscription billing and payment processing. Shares: email, name, billing details, subscription status.
• Anthropic (Claude API) — powers AI-generated recommendations and insights. Shares: anonymized financial context for the current user's active session; not retained by Anthropic and not used for model training.
• PostHog — product analytics. Shares: usage events, page views, device/browser type; personal identifiers limited to user ID and email.
• Loops — transactional and product emails. Shares: email address, name, subscription status.
• Vercel — application hosting. Shares: request logs (IP address, URL, timing; no body content with financial data).
• Neon — database hosting. Shares: all application data, encrypted at rest and in transit; hosted in U.S. data centers.
• Sentry — error tracking to help us find and fix bugs. Shares: error messages, stack traces, user ID; personally identifiable fields stripped before transmission.

Quiltt, Finicity, FinGoal, and Plaid are considered sub-processors and service providers under Connecticut's data privacy law.

We may add service providers in the future. If we do, we will update this policy and the Last updated date and, for material changes that affect how your data is processed, notify existing users as described in Section 13.

We do not sell your personal data to anyone. We do not share data with advertisers or data brokers.

6. Artificial intelligence features

Oversikt uses the Anthropic API (Claude) to generate some recommendations, including:

• Monthly Review action items
• Dashboard insights
• Goal pace and recalibration suggestions

When you use these features, we send a structured prompt to Anthropic that includes relevant financial context for you (for example, your goal type, recent spending categories, debt balance). We send the minimum data necessary to generate a useful recommendation.

Your data is not used to train Anthropic's AI models. Anthropic processes the prompt only to return a response and does not retain it for model training.

Your right to opt out of AI features

Under Connecticut law, you have the right to opt out of automated processing that produces a legal or similarly significant effect on you. You can disable AI-powered features in Settings → AI-powered financial analysis at any time.

When you opt out:

• We stop sending your data to Anthropic
• Action items, insights, and goal recalibration suggestions are disabled
• Core tracking features (budgets, transactions, categorization) continue to work normally

7. How we use data with AI and machine learning systems

Oversikt uses both third-party AI services and our own machine learning systems. We're explicit about the difference because they have different implications for your data.

Third-party AI services (Anthropic / Claude)

We use the Anthropic API to generate recommendations and insights (described in Section 6). When you use these features:

• We send the minimum data necessary to generate a useful response, structured as a prompt that includes financial context relevant to the recommendation.
• Anthropic does not retain your prompts and does not use them to train their models. This is a contractual commitment from Anthropic to all API customers.
• We do not share data with any other third-party AI provider for them to train their models.

Our own machine learning systems

To improve transaction categorization and the quality of our recommendations over time, we may use information about how you and other users interact with Oversikt to train our internal machine learning systems. Specifically:

• What we may use: transaction descriptions, amounts, categories, and your corrections when you re-categorize a transaction. Aggregate patterns of how budgets and goals are structured. Outcomes of recommendations we surfaced.
• What we strip first: personal identifiers (your name, email, account numbers, account balances, specific dates tied to your identity) are removed before any data is used for model training. We use only the de-identified signal.
• What we never train on: your raw account balances, your specific income amounts tied to your identity, your bank credentials (which we never have anyway), or any data from a user who has opted out.
• Where the models run: training and inference happen in our own infrastructure. De-identified training data is never sent to third-party AI providers.

This is how the product gets smarter at categorizing complex transactions over time — a Whole Foods purchase that's actually for a rental property, a Home Depot run that should be tagged to a specific Schedule E entity, a transfer that's actually estimated taxes. The model learns from corrections users make, but learns from the pattern, not the person.

Your right to opt out

You can opt out of having your de-identified data contribute to our internal model training at any time:

• From within Oversikt: Settings → Privacy → “Use my data to improve Oversikt's models.” Toggle off.
• By email: hello@oversikt.io with subject “Opt out of model training.”

Opting out:

• Stops your data from being included in any future training runs
• Does not affect your access to AI-powered features (those use Anthropic, which does not train on your data regardless)
• Does not retroactively remove your data from models already trained — retraining cycles run quarterly and your opt-out takes effect at the next cycle

Why we use de-identified data this way

General-purpose AI models trained on consumer data don't perform well on the financial complexity our users actually have — entities, properties, variable income, multiple goals. The only way to build a categorization system that handles complex households well is to train it on data from complex households. We do this with the minimum personal identifiers necessary (de-identified, aggregated) and we give you control over whether your data participates.

8. How long we keep your data

• Account information (email, name) — while your account is active, plus 30 days after deletion.
• Financial account and transaction data — while your account is active, deleted within 30 days of account deletion.
• Billing and subscription records — 7 years (required for tax and accounting).
• Product usage and analytics — 18 months, then deleted or anonymized.
• Error logs — 90 days.
• Support correspondence — 2 years.
• Consent and opt-out records — 5 years (to demonstrate compliance).

If you delete your Oversikt account, we remove your data from our primary systems within 30 days. Billing records and consent logs are retained as required by law.

9. Your rights

Connecticut residents (and residents of other states with similar laws) have the following rights:

• Access. Request a copy of the personal data we hold about you.
• Correction. Ask us to correct inaccurate data.
• Deletion. Ask us to delete your account and associated data.
• Portability. Receive your data in a machine-readable format.
• Opt out of sale or targeted advertising. (We do not sell data or run targeted ads, but you have this right regardless.)
• Opt out of profiling with significant effect. Disable AI-powered features in Settings.
• Appeal. If we decline a request, you can appeal by emailing hello@oversikt.io with “Privacy Appeal” in the subject.

How to exercise your rights

• From within Oversikt: Settings → Account includes controls for exporting, deleting, and managing your data.
• By email: hello@oversikt.io with the subject line “Privacy Request.”

We will respond within 45 days. If we need more time, we'll let you know and explain why.

You can also contact the Connecticut Attorney General's office if you believe we have not honored your rights. Visit portal.ct.gov/AG for details.

10. How we protect your data

• Encryption in transit. All connections to Oversikt use TLS 1.2 or higher.
• Encryption at rest. Your data is encrypted when stored in our database.
• Access controls. Only authorized personnel can access production systems, and every access is logged.
• Credential security. Passwords are stored as salted hashes; bank credentials are never visible to us because they are handled by Plaid or Finicity.
• Minimum-necessary principle. We collect only data we need for disclosed purposes.
• Monitoring. We track errors and security events to detect and respond to issues quickly.

No system is perfectly secure. If a security incident affects your data, we will notify you as required by law.

11. Children

Oversikt is not intended for users under 18 and we do not knowingly collect information from minors. If you believe a minor has provided information to us, contact hello@oversikt.io.

12. International users

Oversikt is available only to U.S. residents. If you are outside the U.S., please do not use the Services or provide personal data to us.

13. Changes to this policy

When we make material changes to this Privacy Policy, we will:

• Update the Last updated date at the top of this page
• Notify existing users by email and via an in-app notification
• Provide a reasonable period for you to review the changes before they take effect

If you continue to use Oversikt after a material change, you accept the updated policy. If you do not agree, you can delete your account at any time.

14. Contact us

Questions, requests, or concerns?

Email: hello@oversikt.io
Mail: Oversikt LLC, Connecticut, United States

For Connecticut residents, you can also contact the Connecticut Attorney General: portal.ct.gov/AG.

LLM training disclosure

This disclosure is required under Connecticut Public Act 25-113. It can be referenced directly at oversikt.io/privacy#llm-training.

Third-party large language models (Anthropic Claude): Oversikt does not share your personal financial data with Anthropic or any other third-party AI provider for the purpose of training their large language models. Data sent to Anthropic to generate real-time recommendations is processed under Anthropic's API terms, which prohibit the use of API inputs for model training.

Oversikt's own machine learning models: Oversikt may use de-identified transaction data, user corrections, and aggregate usage patterns to train internal machine learning systems that improve transaction categorization and recommendation quality over time. Personal identifiers are stripped before data is used for training. You can opt out of having your data contribute to internal model training at any time via Settings → Privacy.

For full details on how we use both third-party AI and our own machine learning systems, see Section 7 above.