Privacy and security

Private and safe, like it should be

We treat your personal and financial data the way we want ours treated: carefully, transparently, and with respect.

This page summarizes our approach to privacy and security in plain language. For legal details, see our Privacy Policy.

On this page

Access

You control your data

You can export your transactions, categories, and notes at any time from Settings in the Greenback app.

Greenback team members only access your account data when it is necessary to deliver support or resolve a specific issue that you request. For product improvement and operations, we rely on aggregated and anonymized information.

Security

Encryption and secure connections

We use strong encryption (for example, 256‑bit at rest) and TLS for data in transit. Your information is protected while stored and while it moves between your device and our servers.

We never see or store your bank login credentials. Connections to financial institutions are made via trusted aggregators such as Plaid or Finicity, or directly via OAuth where available. OAuth credentials are never visible to us.

If you choose to forward emails (for example, Venmo receipts), Greenback processes only those messages. You can stop forwarding anytime or restrict what you send.

Retention

Delete your account, delete your data

You can delete your Greenback account anytime from Settings or by contacting support@greenbackapp.com. When you delete your account, we remove your linked financial data and account data from our systems, except where we must retain limited information to comply with law, resolve disputes, protect Greenback and our users, or enforce agreements. Where no obligations apply, data is removed from active systems and backups within 60 days.

Deleting your Greenback account does not cancel an App Store or Play Store subscription. Manage your subscription from your device settings before or after account deletion.

Infrastructure

Modern, compliant cloud foundation

Greenback runs on reputable cloud infrastructure (for example, Google Cloud Platform) used by leading financial companies. The cloud provider maintains industry‑standard security, privacy, and compliance controls such as ISO/IEC 27001/27017/27018, SOC 1/2/3, PCI DSS, and CSA STAR. These certifications apply to the cloud platform itself.

Operationally, we use multi‑factor authentication (MFA) for internal systems and manage company devices with security controls. We also conduct regular application penetration testing and address findings as needed.

Privacy

What you do in Greenback stays in Greenback

Our focus is building tools that help you improve your finances. We do not sell your personal data to third parties for advertising.

We prioritize clarity and control, so you always understand how your data is used. We keep this page current and will notify you if our practices significantly change. For questions, reach us at support@greenbackapp.com.

FAQ

Frequently asked questions

How do I export my transactions?

Open the Greenback app → Settings → Export data. Choose your format and timeframe.

Can Greenback see my bank credentials?

No. We do not see or store your banking passwords. Connections are handled by trusted aggregators or via OAuth.

How do I delete my account?

In the app, go to Settings → Account → Delete account. You can also email support@greenbackapp.com.

Will deleting my account cancel my subscription?

No. Manage your App Store or Play Store subscription from your device settings.

Where is my data stored?

In secure cloud infrastructure with encryption at rest and in transit.

Need more help?

We’re here to help with any questions about privacy, security, or your account.

Contact support

Data lifecycle

How your data flows through Greenback

A high‑level overview of collection, transport, storage, use, and deletion.

  • Collection

    You connect accounts via trusted providers or OAuth. We never store banking credentials.

  • Transport

    Data travels over TLS. Requests are authenticated and rate‑limited.

  • Storage

    Encrypted at rest with strict access controls and monitoring.

  • Use

    Processed for features you enable and product improvements using aggregated, anonymized analytics.

  • Deletion

    You can delete your account at any time. Data is removed from active systems and backups within standard windows.