NinoIQ
PrivacyTermsSign in

Privacy Policy

Effective date: March 22, 2026

NinoIQ (“we,” “us,” or “our”) operates a household financial intelligence platform that helps users understand their complete financial picture. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our web application at ninoiq.com (the “Service”).

By using NinoIQ, you agree to the collection and use of your information as described in this policy. If you do not agree with any part of this policy, please do not use the Service.

1. Information We Collect

Account Information

When you create a NinoIQ account, we collect your email address. We use passwordless authentication (magic link) provided by Supabase, so we do not collect or store passwords. If you choose to set up password authentication, your password is securely hashed and managed by Supabase Auth.

Financial Account Data

When you connect financial accounts through Plaid, we receive and store:

  • Account names, types (checking, savings, credit, investment, loan), and masks (last four digits)
  • Current and available balances
  • Account holder name as reported by your financial institution
  • Institution name and identifiers
  • Transaction history including amounts, dates, merchant names, and categories
  • Investment holdings including security names, quantities, and values

We do not receive or store your bank login credentials. Plaid handles all direct authentication with your financial institutions.

Household Information

During onboarding, you provide a household name and may invite other members by email. This information is stored to organize your financial data by household.

Usage Data

We collect standard web analytics data including pages visited, feature usage patterns, browser type, and device information. This data is used to improve the Service and is not sold to third parties.

2. How We Use Your Information

We use the information we collect to:

  • Generate your household balance sheet, including net worth calculations across all connected accounts
  • Produce spending analysis and categorization of your transactions
  • Create financial briefings that summarize your household’s financial position
  • Track investment holdings and portfolio allocation
  • Calculate financial assumptions such as retirement projections and savings rates
  • Send you account-related notifications and alerts
  • Authenticate your identity and manage your account
  • Improve and develop new features for the Service

We do not sell, rent, or trade your personal or financial information to third parties for marketing purposes. We do not use your financial data to make lending or credit decisions.

3. Third-Party Services

NinoIQ integrates with the following third-party services to operate:

Plaid

We use Plaid Inc. to connect your financial accounts. When you link an account, Plaid facilitates the connection between your financial institution and NinoIQ. Plaid’s use of your data is governed by the Plaid End User Privacy Policy. We store a secure access token from Plaid that allows us to retrieve your account data; we do not store your bank credentials.

Supabase

We use Supabase for authentication and database services. Your email address and authentication state are managed by Supabase Auth. Your financial data is stored in a Supabase-hosted PostgreSQL database. Supabase encrypts all data at rest using AES-256 encryption and enforces TLS for all data in transit.

Vercel

The NinoIQ application is hosted on Vercel. Vercel processes web requests and may collect standard server logs including IP addresses and request metadata. Vercel does not have access to your financial data, which is stored in Supabase.

4. Data Storage and Security

We take the security of your financial data seriously and implement industry-standard protections:

  • Encryption at rest: All data stored in our database is encrypted using AES-256 encryption via Supabase.
  • Encryption in transit: All data transmitted between your browser, our servers, and third-party services is encrypted using TLS (Transport Layer Security).
  • Access controls: Database access is restricted through Supabase Row Level Security (RLS) policies. Users can only access data belonging to their own household.
  • Token security: Plaid access tokens are stored encrypted in our database and are never exposed to the client-side application.

While we implement robust security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach.

5. Data Retention and Deletion

What We Retain

We retain your financial account data for as long as your account is active and your financial institutions remain connected. Specifically:

  • Account balances: Current balances are refreshed regularly and historical snapshots are retained for the lifetime of your account to support balance sheet tracking.
  • Transaction data: Transactions are retained for as long as your account is active to support spending analysis and financial briefings.
  • Plaid access tokens: Stored for as long as the linked account remains connected. Tokens are revoked and deleted when you disconnect an account.
  • Authentication records: Your email and authentication data are retained for as long as your account exists.

User-Initiated Deletion

You can delete your data in the following ways:

  • Disconnect individual accounts: Use the Accounts page in the dashboard to disconnect a linked financial institution. This revokes the Plaid access token and removes all associated account and transaction data from our database.
  • Request full account deletion: Email info@ninoiq.com to request complete deletion of your account and all associated data.

Deletion Process

When you request account deletion, we will:

  1. Revoke all Plaid access tokens associated with your account, severing the connection to your financial institutions
  2. Delete all financial data (accounts, balances, transactions, holdings) from our Supabase database
  3. Remove your household membership and associated records
  4. Delete your authentication record from Supabase Auth

Deletion requests are processed within 30 days. Some data may persist in encrypted database backups for up to 90 days after deletion, after which backups are rotated and the data is permanently destroyed.

Automatic Deletion

If a Plaid access token becomes invalid (for example, if you revoke access through your bank), we will mark the linked account as disconnected. Data associated with disconnected accounts is retained for 90 days to allow reconnection, after which it is automatically deleted.

6. Your Rights

You have the following rights regarding your data:

  • Access: You can view all financial data we hold about you directly in the NinoIQ dashboard at any time.
  • Correction: If any financial data appears incorrect, you can disconnect and reconnect the affected account to refresh the data from your institution, or contact us for assistance.
  • Deletion: You can request deletion of your data as described in Section 5 above.
  • Data portability: You can request an export of your financial data in a machine-readable format (JSON) by contacting us at info@ninoiq.com.
  • Withdraw consent: You can disconnect your financial accounts or delete your account at any time.

To exercise any of these rights, use the controls available in the NinoIQ dashboard or email us at info@ninoiq.com. We will respond to all requests within 30 days.

7. Cookies and Local Storage

NinoIQ uses cookies and browser local storage for the following purposes:

  • Authentication: Supabase Auth sets secure, HttpOnly cookies to maintain your login session. These are essential for the Service to function and cannot be disabled.
  • Preferences:We may store user interface preferences (such as dismissed notifications) in your browser’s local storage.

We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking or ad networks.

8. Children’s Privacy

NinoIQ is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at info@ninoiq.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 30 days before the changes take effect. Your continued use of NinoIQ after the effective date of a revised policy constitutes your acceptance of the updated terms.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

info@ninoiq.com