Privacy Policy

Effective Date: July 23, 2025

OS Financial LLC ("Luna Money," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services (collectively, the "Service").

1. Information We Collect

Information You Provide

  • Account information (name, email address, phone number)
  • Financial account credentials (securely exchanged via Plaid)
  • Profile information and preferences
  • Communications with our support team
  • Feedback and survey responses

Information Collected Automatically

  • Device information (type, operating system, unique identifiers)
  • Device fingerprints for push notification management and security
  • Browser characteristics (type, version, capabilities)
  • Usage data (features used, time spent, interactions)
  • IP address and approximate location
  • Session data and user activity patterns
  • App performance and crash data via Sentry (includes browser info, performance metrics)
  • Analytics data via Google Analytics (anonymized)
  • User agent strings and referrer information
  • Two-factor authentication data (TOTP secrets and backup codes when enabled)

Financial Information via Plaid

We use Plaid to connect your financial accounts. We receive:

  • Account balances and details
  • Transaction history
  • Account and routing numbers (for verification only)
  • Financial institution information
Important: We never receive or store your banking username or password. Plaid handles the secure credential exchange.

2. How We Use Your Information

We use your information to:

  • Provide and maintain our Service
  • Process transactions and manage your subscription
  • Analyze your financial data to provide insights and recommendations
  • Send you notifications about your account and finances
  • Respond to your comments, questions, and support requests
  • Send promotional communications (with your consent)
  • Monitor and analyze usage patterns to improve our Service
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

3. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information with:

Service Providers

  • Plaid: Financial data aggregation
  • Stripe: Payment processing
  • Firebase: Database and authentication
  • Firebase App Check with reCAPTCHA v3: Bot protection and API security
  • Vercel: Application hosting
  • OpenAI: AI-powered insights (anonymized data only)
  • Mailgun: Email communications
  • Resend: Alternative email delivery service
  • Twilio: SMS notifications
  • Sentry: Error monitoring (collects browser info, performance metrics)
  • Google Analytics: Usage analytics (fully anonymized, no personal data)
  • Google Cloud Secret Manager: Secure storage of encrypted access tokens
  • Redis/Upstash: Session caching and performance optimization

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred with advance notice.

4. Analytics and Anonymization

We take your privacy seriously. All analytics data we collect is fully anonymized:

  • Google Analytics uses anonymized IP addresses and no personal identifiers
  • We do not track individual users across sessions
  • Analytics data cannot be linked back to your personal information
  • We only collect aggregate usage patterns to improve our Service
  • Error reports sent to Sentry are stripped of personal information
Your Privacy Guaranteed: We never use analytics to identify, track, or profile individual users. All analytics data is anonymous and used solely to improve Luna Money's features and performance.

5. Data Security

We implement enterprise-grade security measures including:

  • 256-bit AES encryption at rest and TLS 1.3 in transit
  • Multi-factor authentication options
  • Regular security audits and monitoring
  • Secure infrastructure with Firebase and Vercel
  • Rate limiting and fraud detection
  • Regular automated backups

6. Data Retention

  • Active accounts: Data retained while account is active
  • Financial records: 7 years per IRS requirements
  • Deleted accounts: Personal data removed within 90 days
  • Plaid tokens: Automatically deleted after 90 days of inactivity
  • Session data: Automatically cleared after inactivity
  • Backups: Retained for 90 days
  • Security logs: 2 years
  • Analytics data: Aggregated and anonymized, retained indefinitely

7. Your Rights and Choices

Access and Portability

You can request access to your data or export it by emailing privacy@lunamoney.io. We'll process your request within 30 days.

Correction

You can update your personal information through your account settings.

Deletion

You can request account deletion by emailing privacy@lunamoney.io. We will delete your personal data within 90 days, except for data we must retain for legal purposes.

Marketing Communications

You can opt-out of marketing emails by clicking "unsubscribe" in any marketing email or updating your preferences in the app.

Data Breach Notification

In the event of a data breach that may compromise your personal information, we will notify affected users within 72 hours via email and in-app notification.

8. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information (we do not sell personal information).

9. GDPR Compliance

While our Service is currently US-only, we respect international privacy standards. If you are accessing our Service from the European Union, you have additional rights under GDPR including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To exercise these rights, please contact us at privacy@lunamoney.io.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

11. International Users

Our Service is currently available only to users in the United States and Puerto Rico. All data is processed and stored in the United States.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date."

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

OS Financial LLC
502 W 7th St Ste 100
Erie, PA 16502
Email: privacy@lunamoney.io
Support: support@lunamoney.io

© 2025 OS Financial LLC. All rights reserved.