Privacy Policy

The short version: We do not sell your data. Ever.

Your financial information, identity information, and personal details are used solely to personalize your experience on Circe. They are never sold, never shared with advertisers, and never used for any purpose other than giving you better guidance.

1. Information We Collect

We collect information you provide directly when creating an account and completing the onboarding process. This includes: Account information: Your name, email address, and password. Financial information: Income, savings balances, investment accounts, debt balances, monthly expenses, and financial goals. This information is stored in our Supabase database (PostgreSQL on AWS infrastructure in the United States) and is transmitted to OpenAI when Circe generates personalized chat responses. See sections 4 and 5 for details. This information is used solely to personalize your financial guidance. Bank connection data (optional): If you choose to connect a financial account through Plaid, we receive read-only account information — account names and types, balances, transactions, and, where available, loan and credit details such as interest rates and payment due dates. Connecting accounts is optional; you can enter your balances manually instead. See section 7. Identity information (optional): Gender identity, sexual orientation, race and ethnicity, neurodivergence, and disability status. This information is entirely optional and is used only to provide intersectionally-aware financial guidance through the Circe Index. Usage information: How you interact with the platform, which features you use, and general usage patterns. This helps us improve Circe.

2. How We Use Your Information

We use the information we collect to: — Provide, personalize, and improve the Circe platform — Generate personalized financial guidance through the Circe Index — Calculate financial projections, salary benchmarks, and savings plans tailored to your situation — Send you important updates about your account or the platform — Respond to your questions and support requests — Improve our AI models and guidance quality (using anonymized, aggregated data only) We do not use your information for advertising, marketing to third parties, or any purpose not directly related to providing you with financial guidance.

3. Identity Information — Special Protections

Identity information — including gender identity, sexual orientation, race and ethnicity, neurodivergence, and disability status — receives special protections: This information is entirely optional. You can use Circe fully without providing any identity information. It is used only within the Circe Index to calibrate salary benchmarks, retirement projections, and financial guidance to reflect documented real-world disparities. It is never shared with third parties, never used for advertising or profiling, never sold, and never used for any purpose other than personalizing your guidance. You can delete or change this information at any time from your profile settings.

4. Data Storage and Security

Your financial data and profile information is stored in Supabase, a PostgreSQL database hosted on AWS infrastructure in the United States. Passwords are hashed using bcrypt with a cost factor of 12 before storage. We never store plain text passwords. Even Circe's team cannot see your password. Financial data you enter is transmitted securely over HTTPS and stored in our database. It is never stored in your browser after the Supabase migration. We implement reasonable technical and organizational measures to protect your information. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time. If you connect a bank account through Plaid, the access token that permits ongoing read access is encrypted at rest using AES-256-GCM and is never exposed to your browser; see section 7 for what bank data we collect and how long we keep it. When you use Circe's AI chat or guidance features, your profile context is transmitted to our servers and to our AI providers (OpenAI) to generate personalized responses. This data is transmitted securely over HTTPS. We implement reasonable technical and organizational measures to protect your information. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

5. AI Processing and Third Parties

Circe uses OpenAI's API to power its AI guidance features. When you interact with Circe's chat or use AI-powered tools, relevant portions of your profile (income, goals, values, and optionally identity information) are transmitted to OpenAI's API to generate personalized responses. OpenAI's data usage is governed by their privacy policy and API data usage policies. We use the API in a manner consistent with OpenAI's privacy-protective API terms. Aside from the service providers described in this policy — OpenAI for AI guidance, and Plaid if you choose to connect a bank account (section 7) — we do not share your data with third parties except as required by law.

6. Paystub Uploads

Circe offers an optional paystub upload feature in onboarding and in your profile settings. When you choose to upload a paystub (PDF or image), the following happens: — The file is transmitted over HTTPS to our server. If it is a PDF, the text layer is extracted on our server and only the extracted text is forwarded to OpenAI's API; the original PDF is not sent. If it is an image, it is forwarded to OpenAI's API for vision-based extraction. — Only a small set of financial fields is extracted (gross income, take-home, 401k contribution percentage, filing status, and similar). — Once the fields have been extracted, the file is discarded. We do not save, cache, or archive the uploaded file on our servers or in our database. — You always see an "Is this right?" confirmation screen with the extracted numbers before anything is written to your profile. You can edit or discard any value before saving. — Uploading a paystub is entirely optional. You can always type your income details manually instead. — We recommend removing or redacting sensitive identifiers (Social Security number, bank account number, home address) from the file before uploading. Circe does not need these fields and will not extract them.

7. Bank Connections (Plaid)

Circe offers an optional feature to securely connect your bank, credit card, loan, and investment accounts using Plaid, a third-party financial data provider. Connecting accounts is entirely optional — you can use Circe fully by entering your balances manually. When you connect an account through Plaid: — You enter your credentials directly with Plaid or your bank's own login (OAuth). Circe never sees or stores your bank username or password. — Plaid provides Circe with read-only access to account information: account names and types, balances, transactions, and, where available, loan and credit details such as interest rates and payment due dates. Circe cannot move money. — The Plaid access token that lets us refresh your data is encrypted at rest using AES-256-GCM and is never exposed to your browser. — This data is used only to populate your balances, net worth, debt picture, and spending context — the same purposes as data you enter manually. — You can disconnect any institution at any time from your profile. When you disconnect, we revoke Plaid's access and delete that institution's accounts and transactions. Deleting your account does the same for all connected institutions. — While an account stays connected, we retain transaction history for a rolling 24-month window and automatically prune older transactions. Balances reflect the most recent sync. Your use of Plaid is also governed by Plaid's own privacy policy, available at plaid.com/legal. We use Plaid in a manner consistent with its end-user privacy terms.

8. Market Data

Circe displays market data (S&P 500, Nasdaq) sourced from public APIs. This data is not personalized and does not involve your personal information.

9. Your Rights and Choices

You have the right to: — Access the information we hold about you — Correct inaccurate information in your profile — Delete your account and all associated data — Disconnect any linked financial account, which revokes Plaid's access and deletes that institution's data — Opt out of any data collection beyond what is necessary to provide the service — Remove or change identity information at any time To exercise any of these rights, you can update your information directly in your profile settings, or contact us directly.

10. Children's Privacy

Circe is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Your continued use of Circe after changes are posted constitutes your acceptance of the revised policy.

12. Contact

If you have questions about this Privacy Policy or how we handle your information, please contact us. We are committed to transparency and will respond to privacy inquiries promptly.

© 2026 Circe · Your data is yours.