Back to Home

Privacy Policy

A personal finance product, not an ad network.

Your finances. Your data. Our responsibility.

Denareon Inc. operates denareon.com and related apps. We collect only what we need to run your financial dashboard — and we draw clear lines on what we will never do with it.

No data sales

We do not sell or rent your personal or financial information to brokers or advertisers.

Read-only bank links

We never store your bank password. Connections are brokered through established partners.

No in-app ad trackers

Marketing analytics stay off authenticated routes. Your dashboard is not a tracking surface.

You are in control

Disconnect institutions, enable Eye Privacy, use biometrics, or delete your account in Settings.

Last updated: June 13, 2026

US Financial Disclosure (GLBA)

Federal law requires a standardized overview of data sharing for financial customers.

View GLBA Privacy Notice

At a glance

The essentials — full legal language is in the sections below.

What we use data for

  • Run your dashboard, budgets, net worth, and planning features
  • Sync read-only data from institutions you authorize
  • Process subscriptions and send account or security emails
  • Detect fraud, abuse, and unauthorized access
  • Improve onboarding with scrubbed first-party metrics (see Analytics below)
  • Comply with legal obligations

What we never do

  • Sell or rent personal or financial data
  • Store your banking login credentials
  • Run ad-network pixels or session replay in the signed-in app
  • Use identified third-party product analytics (PostHog-style surveillance)
  • Build advertising profiles from your financial activity
  • Load marketing trackers on authenticated routes

How Denareon is different

Categories, not competitors — how we approach privacy by design.

Typical patternDenareon
Revenue modelFree tiers funded by data partnerships or adsSubscription / Pro — no selling your financial data
In-app analyticsFull-funnel SDKs with user IDs and session replayScrubbed first-party activation events; admin-only visibility
Marketing siteRetargeting pixels and cross-site ad profilingCookieless Umami on public pages only
Bank connectionsSame aggregators, opaque downstream useRead-only; consent recorded; disconnect anytime in Settings
AI featuresOpaque training on financial conversationsUser-initiated requests to named cloud providers; disclosed below

Analytics in plain English

We separate marketing measurement from product telemetry on purpose. This is the only place we explain both systems.

Umami — public marketing pages only

Cookieless pageview analytics plus a limited sign-up funnel (landing viewed, CTA clicked, sign-up page viewed, submitted, error). Properties are restricted to non-PII fields: UTM source/medium/campaign, locale, device class, placement, and error codes. No emails, names, tokens, or full URLs. Not loaded inside the signed-in application.

Activation events — signed-in product

First-party onboarding and reliability metrics stored in our database after server-side scrubbing. Examples: onboarding progress, checkout milestones, first account connection. Blocked before storage: emails, names, IPs, user agents, account IDs, balances, institution names, transaction IDs, descriptions, and full URLs. Visible to Denareon operators only — not shared with Umami or ad platforms.

We do not deploy session replay, identified third-party product analytics, in-app ad networks, or marketing trackers on authenticated routes.

Who helps us run the service

Vendors that process data on our behalf, under contractual confidentiality and security obligations. This list may evolve; material changes appear in this policy.

  • RailwayApplication hosting, PostgreSQL database, object storage
  • Plaid, Stripe, Teller, TrueLayer, Belvo, SnapTradeRead-only financial and brokerage connectivity
  • Stripe, RevenueCat, Apple / GooglePayments and mobile subscriptions
  • ResendTransactional email (account and security messages only)
  • Firebase Cloud MessagingPush notifications you opt into
  • UmamiCookieless, aggregated analytics on public marketing pages only
  • Google (Gemini), xAI (Grok)AI inference when you invoke AI features
  • Upstash RedisCaching and rate limiting
  • IP geolocationSign-in risk alerts and fraud prevention

Your controls

Practical actions you can take today — no support ticket required.

Disconnect accounts

Settings → Connections removes linked institutions and revokes provider tokens.

Eye Privacy

Blur sensitive balances when the app is idle or someone might glance at your screen.

Device biometrics

Face ID or Touch ID locks the app locally — we never store raw biometric templates.

Delete account

Settings → Account → Delete Account starts removal; most data is purged within 30 days.