Privacy Policy

Last updated: October 2025

At UpdraftFi, your financial data stays on your device by default. This policy explains what we collect, what stays local, and what happens if you enable optional features.

What We Collect (By Default)

Account Information

Email address and name from your Google account for authentication.

Subscription Status

Your billing plan and subscription status (Free or Pro tier).

Usage Information

Basic analytics to improve our service (no personal financial details).

Technical and Diagnostic Data

Error logs, system diagnostics, and user identifiers (including email addresses) for troubleshooting, support purposes, and service quality improvements.

What Stays Local on Your Device

By default, all your financial data stays in your browser (IndexedDB):

  • Your wallet addresses
  • Your asset values and portfolio balances
  • Your snapshot history
  • All custom assets you create

This data never touches our servers unless you explicitly enable automatic snapshots (see below).

Optional: If You Enable Automatic Snapshots

If you choose to enable automatic snapshots, we need to store your encrypted wallet addresses on our servers so we can fetch your portfolio on a schedule when you're offline.

What We Store

Encrypted wallet addresses (AES-256-GCM encryption with server-side keys).

Why We Need This

To fetch your portfolio automatically on a schedule (e.g., daily) even when you're not logged in or online.

Security

Your wallet addresses are NOT stored in plaintext. Accessing them would require database access, encryption key access, AND writing specific decryption code.

For more details, see our Security page.

What We Never Store

  • Private keys or seed phrases (ever)
  • Banking passwords or credentials
  • Social security numbers or tax IDs
  • Personal identification documents

How We Use Your Data

Service Delivery

To provide and maintain your account, process transactions, and deliver core features.

Communications

We may contact you regarding service issues, account problems, technical errors, security alerts, or important service updates. This ensures we can provide proactive support when issues affect your account.

Troubleshooting and Support

We log user identifiers (including email addresses) when errors occur to help us diagnose issues, provide support, and improve service reliability. This allows us to proactively reach out if your account experiences problems.

Data Security

We use industry-standard encryption, secure cloud infrastructure (Supabase), and read-only blockchain connections. All data is encrypted at rest and in transit.

Error logs and diagnostic data are stored securely and accessed only by authorized personnel for support and troubleshooting purposes.

Data Storage & Encryption

On Your Device (Default)

By default, your financial data stays in your browser's local storage (IndexedDB). This data is not encrypted for performance and usability. Your device's lock screen and browser sandboxing provide protection.

On Our Servers (If You Enable Automatic Snapshots)

Infrastructure Layer: All database storage is encrypted at rest by default via Supabase/AWS, protecting against physical disk theft and hardware disposal.

Application-Layer Encryption: Wallet addresses are encrypted using AES-256-GCM with server-side keys to enable scheduled portfolio fetching even when you're offline. This data is NOT stored in plaintext. Accessing it would require database access AND encryption key access AND writing specific decryption code.

For more details about our encryption architecture, see our Security page.

Your Rights

  • Export your data anytime
  • Delete your account and all data
  • Access and correct your information
  • Opt out of analytics (contact us)

Contact Us

Questions about privacy? Contact us at updraftfi@gmail.com