In plain terms
Plain language: we collect only what we need to run the app, we never sell your data, your bank data stays in your country, and you can export or delete everything any time.
Quick summary
Lefover is a budgeting app that helps you understand how much money you can safely spend. We take your privacy seriously, and we’ve written this policy in plain language so you can actually read it.
In short:
- We collect only what we need to run the app (your identity, your bank data via Plaid, some device info for crash reporting).
- We don’t sell your data. We don’t share it for advertising. We don’t analyze it for any purpose other than providing Lefover.
- Your data is stored in your country (US data stays in the US, Canadian data stays in Canada).
- You can export or delete your data at any time.
- If your subscription ends without payment, or you receive a refund, your bank connection is disconnected right away, and we keep your account for 90 days so you can come back. After 90 days, the account and its data are permanently deleted.
- We use a small list of trusted service providers to run the app — they’re listed in our separate Subprocessors document.
This policy has force of law. If you have questions, contact us at [email protected].
1. Who we are
This Privacy Policy describes how Lefover LLC (“Lefover,” “we,” “us,” “our”) collects, uses, shares, and protects information when you use the Lefover mobile application and the lefover.com website.
Legal entity: Lefover LLC, an Ohio limited liability company Mailing address: 4682 Cold Springs Ct, Columbus, OH 43220, United States Contact: [email protected]
2. What this policy covers
This policy covers the Lefover mobile application (iOS and Android), the lefover.com website, and any related services we operate (collectively, the “Service”).
This policy does not cover:
- Third-party services you choose to connect to Lefover (such as your bank)
- Third-party apps or websites that may link to or from Lefover
- Services operated by Plaid, Apple, Google, RevenueCat, or any other subprocessor we use — each of those has its own privacy policy
3. The information we collect
We collect only what we need to run the Service. Here is everything:
3.1 Information you provide directly
- Your email address, from Google Sign-In or Apple Sign-In when you create an account
- Your name, if your Google or Apple account shares it with us
- Your country (you pick this during onboarding)
- Your support messages, if you contact us through the in-app support feature
- Preferences you set, such as your buffer amount, notification preferences, and language
3.2 Information from your connected bank accounts (via Plaid)
When you link a checking account using Plaid, we receive the following from Plaid on your behalf:
- Account identifiers (anonymized account IDs — not account numbers)
- Institution information (which bank, routing information is not stored)
- Account balances (current and available)
- Transaction history (merchant names, amounts, dates, descriptions, pending status)
- Ongoing transaction updates as new transactions post to your accounts
Plaid is the primary holder of your raw banking data. Plaid has its own privacy policy and security practices — we recommend reading them at https://plaid.com/legal/. You authorize us to use Plaid on your behalf when you link an account.
We do not receive or store:
- Your banking login credentials
- Your account numbers
- Your routing numbers
3.3 Information we derive from your data
Lefover runs algorithms on the data we receive to produce:
- Classifications of your transactions (fixed bill / regular spending / one-off)
- Detected recurring bills and their expected dates
- Detected income sources and cadences
- Your “leftover” — how much you can safely spend
- Your “spending baseline” — a measure of typical daily spending
This derived data is part of your account and protected the same as the source data.
3.4 Automatically collected information
When you use the Service, we automatically collect:
- Device information. Device type, operating system, and app version, used for crash reporting on our own infrastructure.
- Crash reports and error data. Captured if the app crashes or encounters an error, logged on Lefover’s own infrastructure. We scrub personal and financial data from these logs before they are stored.
- IP addresses — when you connect to our servers (for security and abuse prevention)
- Session activity — to keep you logged in and maintain your app experience
We do not collect:
- Your location beyond your country selection
- Your contacts
- Your photos, camera, or microphone
- Any data from other apps on your device
- Advertising identifiers (we don’t run ads)
3.5 Information from Apple and Google
When you subscribe through Apple’s App Store or Google Play, Apple or Google notifies us (via RevenueCat) about:
- Your subscription status (active, canceled, renewed)
- Your subscription tier (monthly, annual)
- Payment status events
We do not receive your payment method, full billing address, or credit card details. Apple and Google process the payment directly.
3.6 Our marketing website
The lefover.com marketing website does not use any advertising trackers, third-party analytics, or non-essential cookies. We honor Do Not Track and Global Privacy Control signals automatically (because we don’t track users in any form). Only essential cookies — used to remember your language preference or similar basic functions — may be set.
4. How we use your information
We use your information only to provide the Lefover Service. Specifically:
- To run the budgeting features — calculate your leftover, detect bills, identify recurring income, classify transactions
- To communicate with you — send notifications you’ve configured, respond to support requests, send important account communications
- To maintain and improve the Service — fix bugs, improve performance, develop features based on aggregated (non-identifying) usage patterns
- To keep the Service secure — detect abuse, prevent fraud, enforce our terms
- To comply with legal obligations — respond to lawful requests, fulfill tax and accounting requirements
- To process subscription billing — through Apple, Google, and RevenueCat
4.1 AI-powered insights
For your monthly and yearly reports, we use Anthropic’s Claude API to generate narrative insights (for example, “Your dining out spending was higher this month than usual”). When we use the Claude API:
- We send aggregated and anonymized data — amounts, patterns, and summary statistics
- We do not send raw merchant names, specific transaction descriptions, or any personally identifiable information
- Anthropic does not use data from API calls to train its models
4.2 What we do NOT do with your information
- We do not sell your data to anyone, ever.
- We do not share your data for advertising purposes.
- We do not use your data to train AI models (beyond ephemeral use of Claude API as described above, where no training happens).
- We do not share your data with employers, credit bureaus, or financial institutions unless required by law.
- We do not use your data to build profiles for marketing to you or others.
- We do not allow other Lefover users to see your data.
5. Where your information is stored
Your data is stored in the country you select during onboarding:
- United States users: data stored in the New York region of our infrastructure provider (DigitalOcean).
- Canadian users: data stored in the Toronto region.
We maintain separate, isolated infrastructure per country. We do not copy or replicate your financial data across regions.
Some operational data — such as support ticket records, audit logs of administrator actions, and marketing website content — is stored in our central infrastructure (United States). This data does not include your transaction history or bank account balances.
As we expand to additional countries in the future, we will expand our regional infrastructure to maintain data residency.
6. Who we share your information with
We share your information only with the specific service providers we need to operate Lefover. These service providers (called “subprocessors”) process data on our behalf, under contract, with the same privacy and security obligations we have to you.
Our full list of subprocessors is maintained in a separate document: Lefover Subprocessors.
In summary, we use service providers for:
- Banking data (Plaid)
- Subscription management (RevenueCat, Apple, Google)
- AI-generated report insights (Anthropic)
- Infrastructure hosting, databases, storage (DigitalOcean)
- Push notifications (Expo Push Notifications service; Apple Push Notification service and Firebase Cloud Messaging are the underlying delivery transports Expo uses)
- Transactional email (Postmark)
- Authentication (Google Sign-In, Sign in with Apple)
We do not share your information with any party that isn’t listed in our subprocessors document.
6.1 Legal disclosures
We may disclose your information if we reasonably believe we are required to by law, legal process, or government request, including:
- Responding to subpoenas, court orders, or legal process
- Cooperating with law enforcement investigations
- Enforcing our Terms of Use
- Protecting the safety of our users or the public
- Protecting our legal rights
When legally permitted, we will attempt to notify you before disclosing your information.
6.2 Business transfers
If Lefover is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the new owner. We will notify you (by email or through the app) if this happens, and you will have the opportunity to delete your account before the transfer.
7. How long we keep your information
- While your account is active: we retain your data as long as your account is active.
- After you delete your account: your data enters a 7-day soft-delete window, during which you can recover your account by logging in. After 7 days, your data is hard-deleted from our production systems.
- Backups: backup systems may retain your data for up to 30 days after hard deletion, after which backups containing your data expire and are overwritten.
- If your subscription becomes inactive (the trial ends without payment, or you receive a refund): we disconnect your bank connections immediately and your account data is kept for 90 days. You can resubscribe any time within 90 days to restore access (you will relink your bank connections). After 90 days, your account and all its data are permanently and irreversibly deleted. See the inactive-account policy (below).
- Support tickets and related messages: retained for 2 years after ticket resolution.
- Audit logs of administrator actions: retained for 2 years (required for security and compliance).
- Anonymized aggregate statistics: retained indefinitely (not personal data once aggregated).
- Legal retention: in some cases, we must retain certain data for longer due to legal or accounting requirements.
7.1 Inactive accounts
When your subscription becomes inactive (your trial ends without payment, or you receive a refund), we disconnect your bank connections immediately and the app returns you to the subscription screen. We keep your account and all its data for 90 days from that point, so you can resubscribe and pick up where you left off. Resubscribing within 90 days restores access (you will relink your bank connections). If you do not resubscribe within 90 days, your account and all its data are permanently and irreversibly deleted.
8. Your rights
You have rights over your information. Lefover supports the following, regardless of where you live:
8.1 Universal rights
- Right to access — you can request a copy of your data. In-app export is available under Settings.
- Right to correction — you can correct inaccuracies in your profile information through in-app settings. Transaction data is sourced from Plaid; corrections to bank data should go through your bank.
- Right to deletion — you can delete your account and associated data at any time via Settings.
- Right to data portability — when you export your data, you receive it in a standard, portable format.
- Right to stop using Lefover — you can cancel your subscription and delete your account at any time, with no questions asked.
8.2 If you live in California
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you additionally have:
- Right to know what personal information we collect, use, disclose, and sell or share. This policy answers that.
- Right to delete your personal information (covered by right to deletion above).
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing — We do not sell or share personal information for cross-context behavioral advertising. No opt-out is needed because we don’t do this.
- Right to limit use of sensitive personal information — You can contact us at [email protected] to limit how we use your sensitive information beyond what’s required to provide the Service.
- Right to non-discrimination — we will not discriminate against you for exercising any of these rights.
8.3 If you live in Canada
Under Canadian federal and provincial privacy laws (including PIPEDA and provincial analogs):
- Right to access your personal information
- Right to request correction of inaccurate information
- Right to withdraw consent for certain processing (note: we need to process your data to run the Service, so withdrawing consent may mean you can no longer use Lefover)
- Right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights
8.4 If you live in the European Union, United Kingdom, or European Economic Area
Lefover does not currently operate in these regions. When we expand, this policy will be updated with GDPR-specific rights (access, rectification, erasure, restriction, portability, objection, and the right not to be subject to automated decision-making).
8.5 How to exercise your rights
Most rights can be exercised directly in the app:
- Export or delete your data: Settings → Account → Export or Delete
- Update your preferences: Settings
For any other request, email us at [email protected]. We will respond within 30 days (or 45 days for complex requests, with notification).
We may need to verify your identity before processing requests to protect your data.
9. Children’s privacy
Lefover is not intended for users under 18, and we do not knowingly collect information from children.
- Children under 13 (United States): we do not knowingly collect information from children under 13. If you believe a child under 13 has provided information to us, please email [email protected] and we will delete it.
- Users under 18: Lefover requires users to be at least 18 years old to form a binding subscription agreement. Minors should not use Lefover.
10. Security
We work hard to protect your information:
- Encryption in transit — all connections to our servers use TLS (HTTPS)
- Encryption at rest — your stored data is encrypted on our servers
- Access controls — only authorized Lefover personnel can access systems that hold user data, and access is logged
- Two-factor authentication — all administrator access is protected by TOTP-based two-factor authentication
- Regional isolation — your data does not cross borders
- Least-privilege principle — we grant the minimum access needed for each system to do its job
- Secure on-device token storage — authentication tokens on your mobile device are stored in your device’s secure keystore (iOS Keychain or Android Keystore), not in general app storage
- Regular security reviews — we monitor our systems and update our security practices over time
10.1 Biometric authentication (Face ID, Touch ID, fingerprint)
Lefover offers an optional biometric lock for the mobile app. When enabled, the app prompts you to authenticate with Face ID, Touch ID, or your device’s fingerprint/face unlock each time you open it. This prevents someone else holding your unlocked device from viewing your financial data.
What you should know:
- Your biometric data never leaves your device. When you use Face ID, Touch ID, or fingerprint unlock with Lefover, your actual biometric information (face map, fingerprint data) is processed entirely by your phone’s operating system using Apple’s and Google’s secure hardware. Lefover never receives, stores, transmits, or has access to any biometric data.
- Lefover only sees a yes/no result. The app asks your device “is this the authorized user?” and receives only a true/false response from the OS. We never see the biometric itself.
- You can enable or disable it anytime. The toggle lives in Settings. We’ll offer to set it up during onboarding, but you can skip that and enable it later (or never).
- It’s optional. If you don’t want to use biometric authentication, the app works normally — it just won’t be locked when opened.
- It’s local to each device. If you install Lefover on a second device, you’ll set up biometric separately there. Your choice on one device doesn’t carry to another.
If your device doesn’t have biometric hardware or you haven’t enrolled biometrics at the OS level, Lefover simply skips this feature. We don’t require it and don’t require a backup PIN.
No security system is perfect. If we become aware of a security incident affecting your information, we will notify you as required by law and take reasonable steps to mitigate harm.
11. International data transfers
We operate Lefover in each country’s local infrastructure. When you use Lefover:
- Your financial data stays in your country of residence
- Support ticket messages you send also stay in your country
- Some limited operational data (administrative records, content you view on our marketing site) is processed in the United States
If you are a Canadian user, your data is stored in Canada and processed by Canadian infrastructure. When a Lefover administrator accesses your data for support, they do so by connecting to Canadian infrastructure — your data does not travel across borders.
12. Cookies and tracking
12.1 Mobile application
The Lefover mobile application does not use cookies. The app stores limited data on your device for the Service to function — this includes your authentication token, preference cache, and transaction data cache. This local data is not shared with anyone.
12.2 Marketing website (lefover.com)
The marketing website does not use advertising cookies, analytics cookies, or any third-party tracking. We may set essential cookies for basic website functionality (such as remembering your language preference), but we do not track you across sessions or websites.
We honor Do Not Track (DNT) and Global Privacy Control (GPC) browser signals. Because we don’t track users, these signals have no practical effect — we already don’t do the things they ask us not to do.
13. Automated decision-making
Lefover does not make significant automated decisions about you that produce legal or similarly significant effects. Our algorithmic classification of transactions (as bills, regular spending, or one-off) is used to display information to you — you always have the ability to override our classifications in the app.
Our AI-generated report insights are informational and do not affect any decisions about you.
14. Changes to this policy
We may update this Privacy Policy as our Service evolves or as laws change.
14.1 Material changes
If we make material changes — changes that meaningfully affect how we handle your information — we will:
- Email you at the email address associated with your account, at least 30 days before the changes take effect
- Display an in-app banner requiring your acknowledgment before you continue using the app
- Update the “Effective date” and “Last updated” dates at the top of this policy
You can always review the most recent policy at lefover.com/privacy.
14.2 Minor changes
For minor changes (typos, clarifications, or changes that don’t materially affect your rights), we will simply update the “Last updated” date at the top.
14.3 Your choices if you disagree with changes
If you disagree with material changes, you can delete your account before the changes take effect. Continuing to use the Service after changes take effect means you accept the updated policy.
15. Contact us
Questions about this Privacy Policy? We actually read our email — please reach out.
Email: [email protected]
Mail: Lefover LLC 4682 Cold Springs Ct Columbus, OH 43220 United States
For California residents, you can also contact us at [email protected] with CCPA requests.
For Canadian residents, if you have concerns we cannot resolve, you can contact the Office of the Privacy Commissioner of Canada.
16. Governing law
This Privacy Policy is governed by the laws of the State of Ohio, without regard to its conflict of laws principles. For disputes, please see our Terms of Use.
Thanks for reading. We know privacy policies can feel like a chore. We wrote this one in plain language because we believe you should understand exactly what happens to your data when you use Lefover.
If anything in this policy is unclear, please reach out. We’ll do better.
— The Lefover team
This document should be reviewed by a qualified attorney before launch. Areas requiring particular attention:
- Jurisdiction-specific rights language (§8)
- Children’s privacy disclosures (§9)
- Data transfer and residency language (§11)
- Automated decision-making disclosures (§13)
- Policy change notification procedures (§14)
End of document.