Privacy Policy

How we handle your data at Plutus

Last updated: February 2026

The short version

We know privacy policies can be long. Here are the key things you should know:

  • You choose how your data gets into Plutus — enter transactions manually or optionally connect your bank accounts via Plaid. We never store your banking credentials.
  • We never sell your personal or financial data to anyone.
  • Payments are handled by Paddle, our merchant of record. We never see or store your full card details.
  • Your data is encrypted in transit and at rest.
  • You can export or delete your data at any time.

1. What This Policy Covers

This Privacy Policy explains how Telotek Ltd ("Plutus", "we", "us", or "our") collects, uses, shares, and protects your information when you use our website, web application, and related services (collectively, the "Service").

By using Plutus, you agree to the collection and use of information as described in this policy. If you do not agree with any part of this policy, please do not use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and a securely hashed version of your password. If you sign in with Google, we receive your name, email address, and profile picture from your Google account. We never store your Google password. If you enable two-factor authentication, we store the encrypted TOTP secret associated with your authenticator app.

Financial Data

Plutus supports two ways of managing your financial data: manual entry and optional bank account connections.

Manual entry. You can enter all transactions, budgets, categories, and account balances directly. No bank connection is required to use Plutus.

Bank connections (optional). If you choose to connect a bank account, we use Plaid to securely retrieve your account balances and transaction history. When you connect an account through Plaid:

  • Your banking credentials are entered directly into Plaid's secure interface — Plutus never sees or stores your bank login details
  • Plaid provides us with read-only access to your account balances and transaction data
  • We store the transaction data and balances Plaid provides in order to deliver the Service
  • You can disconnect a linked account at any time from within Plutus

By connecting a bank account, you acknowledge that Plaid's privacy policy applies to their handling of your data. All financial data — whether entered manually or imported via Plaid — is stored securely and is only accessible to you (and any household members you choose to share it with).

Household Data

If you create or join a household, we store membership information, roles, and shared financial data associated with that household. All members of a household can see the shared budgets and transactions within it.

Usage Data

We collect information about how you interact with Plutus, including the features you use, pages you visit, actions you take, and the time and frequency of your activity. This helps us understand how people use Plutus and where we can improve.

Device & Technical Data

When you access Plutus, we automatically collect certain technical information, such as your IP address, browser type and version, operating system, device type, screen resolution, and referring URL.

Payment Data

Payments for Plutus are processed by Paddle, our merchant of record. Paddle handles all payment processing, tax calculation, and invoicing. We receive your subscription status, plan details, and billing country from Paddle, but we never see or store your full credit card number, bank account details, or other sensitive payment information.

Communications

If you contact us for support, send us feedback, or respond to our emails, we collect the content of those communications along with your email address and any other information you choose to provide.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Plutus service
  • Process your subscription payments through Paddle
  • Send transactional emails such as password resets, billing receipts, and account notifications
  • Provide customer support and respond to your requests
  • Send product updates, tips, and in-app notifications
  • Analyse usage patterns to improve features and user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms of service

We will not use your financial data — whether entered manually or imported via Plaid — for any purpose other than providing you with the Plutus service. We do not use your data to build advertising profiles or serve ads.

4. How We Share Your Information

Service Providers

We work with trusted third-party services to operate Plutus. These providers only have access to the information necessary to perform their specific functions and are contractually obligated to protect your data:

  • Paddle — Payment processing, tax handling, and invoicing
  • Plaid — Bank account connections and financial data aggregation (only if you choose to link a bank account)
  • Neon — Database hosting (PostgreSQL)
  • Vercel — Application hosting and deployment
  • Resend — Transactional email delivery
  • Upstash — Caching and rate limiting (Redis)
  • Novu — In-app and push notifications
  • Sentry — Error monitoring and performance tracking

Household Members

If you belong to a shared household in Plutus, other members of that household can see shared budgets, transactions, and categories. Your personal account details (such as your email or password) are never shared with other household members.

Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, or protect the personal safety of users or the public.

Business Transfers

If Plutus is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

We Never Sell Your Data

To be completely clear: we do not sell, rent, or trade your personal information or financial data to third parties. Ever.

5. Data Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it:

  • All data is encrypted in transit using TLS/SSL
  • Data at rest is encrypted using industry-standard encryption
  • Passwords are securely hashed and never stored in plain text
  • Two-factor authentication (2FA) is available for your account, using time-based one-time passwords (TOTP)
  • We use secure, HTTP-only cookies for session management
  • Access to production systems is restricted and monitored
  • We regularly review and update our security practices

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to keeping your data as safe as reasonably possible.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service.

If you choose to delete your account, we will remove your personal data and financial records within 30 days. Some information may be retained for longer if necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

Anonymised, aggregated data that cannot be used to identify you may be retained indefinitely for analytical and product improvement purposes.

7. Cookies & Tracking

Essential Cookies

We use essential cookies to keep you signed in and to maintain your session. These cookies are strictly necessary for Plutus to function and cannot be disabled.

Analytics & Error Tracking

We use Sentry to monitor application errors and performance. Sentry collects technical information about errors you may encounter (such as stack traces, browser type, and the page URL) to help us identify and fix issues. This data does not include your financial information.

We may also use analytics cookies to understand how visitors interact with our website. This helps us improve our service and identify areas that need attention. Analytics data is aggregated and does not personally identify you.

Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing ones. Please note that disabling essential cookies may prevent you from using certain features of Plutus.

We do not use cookies for advertising purposes, and we do not allow third-party advertising networks to set cookies through our Service.

8. Your Rights

Depending on your location, you may have the following rights regarding your data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Ask us to correct any inaccurate or incomplete data
  • Deletion — Request that we delete your account and personal data
  • Export — Download your data in a portable format
  • Opt out — Unsubscribe from marketing communications at any time
  • Restrict processing — Ask us to limit how we use your data in certain circumstances
  • Object — Object to our processing of your data where we rely on legitimate interests

For EEA and UK Residents (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data includes your consent, the performance of our contract with you, and our legitimate interests in operating and improving our Service.

For Other Jurisdictions

If you are located in another jurisdiction with data protection laws (such as California, Canada, Australia, or Brazil), you may have similar rights under your local laws. We are committed to honouring those rights. Please contact us if you have questions about how your local laws apply.

To exercise any of these rights, please contact us at privacy@plutusfinance.app. We will respond to your request within 30 days.

9. Children's Privacy

Plutus is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with their data, please contact us at privacy@plutusfinance.app.

10. International Data Transfers

Plutus is operated from the United Kingdom, but our service providers may process your data in different countries around the world. When your data is transferred outside of your home country, we ensure that appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms, to protect your information in accordance with this Privacy Policy and applicable law.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a notice within the Plutus app or by sending you an email.

We encourage you to review this policy periodically. Your continued use of Plutus after any changes indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please get in touch:

Email: privacy@plutusfinance.app

Entity: Telotek Ltd

We aim to respond to all enquiries within 30 days.