BLO VAULT PRIVACY POLICY
Last Updated: April 4, 2026

BLO VAULT ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your information when you use our mobile application (the "App"). BLO VAULT is operated by an independent developer.

AT A GLANCE
- Plaid: You connect banks through Plaid. Transaction and balance data are stored primarily on your device in an encrypted database.
- No central copy of your raw transaction history: We do not store your full raw financial ledger on our servers.
- Supabase: Used as a secure proxy; only encrypted Plaid access tokens and minimal non-financial metadata are stored there.
- AI: Analysis runs on-device (Gemma / Cactus SDK). We do not send your financial ledger to cloud LLM providers.
- Subscriptions: Apple, Google, and/or RevenueCat process payments under their policies.
- Diagnostics: If enabled, Sentry may receive crash/performance data with client-side scrubbing of identifiable user fields.
- You can wipe local data with Panic Delete in Settings.

1. SCOPE
This policy applies to the BLO VAULT App on iOS, Android, and macOS. It does not apply to third-party flows (Plaid Link, your bank, or app stores).

2. DATA COLLECTION AND USE
BLO VAULT uses Plaid Inc. to connect your financial accounts. Financial data is stored exclusively on your mobile device in an AES-256 encrypted local database (SQLCipher). We do not store your full raw transaction history on our central servers.

3. LOCAL AI PROCESSING
All financial analysis and AI inference are performed on your device using the Gemma (Cactus SDK) engine. We do not upload your transaction content to a remote inference service.

4. THIRD-PARTY SERVICE PROVIDERS
We do not sell your personal information. Service providers include:
- Plaid Technologies, Inc. — linking and financial data access
- Supabase — authentication, Edge Functions, encrypted token storage
- RevenueCat — subscription entitlements
- Apple / Google — in-app purchases and platform services
- Sentry — optional crash and performance diagnostics

5. AUTHENTICATION AND SESSION
Face ID, Touch ID, or device PIN via the operating system. We do not receive or store biometric templates.

6. SUBSCRIPTION AND PURCHASE DATA
Purchases are processed by Apple, Google, and/or RevenueCat under their policies.

7. HOW WE USE INFORMATION
To operate and improve the App; link and refresh accounts; enforce tiers; fix crashes; comply with law; and respond to your inquiries.

8. DATA RETENTION AND DELETION
On-device data remains until you delete it (Panic Delete or uninstall). Encrypted tokens on Supabase remain until you remove linked items or revoke access.

9. DATA SECURITY
AES-256 encryption at rest; OS secure storage for key material; HTTPS (TLS) for data in transit; certificate public-key pinning on critical API endpoints.

10. YOUR RIGHTS
Depending on where you live, you may have rights to access, delete, or correct personal information. See our full policy at blovault.com or contact us below.

California (CCPA/CPRA): You may request to know, delete, and correct your data. We do not sell personal information. See /ccpa.txt for opt-out details.

11. CHILDREN'S PRIVACY
BLO VAULT does not knowingly collect personal information from anyone under 13.

12. CHANGES TO THIS POLICY
We may update this policy and will post the new version in the App and on our public page.

13. CONTACT
info@blovault.com

For privacy requests, include enough detail to verify and process your request. We will respond within timeframes required by applicable law.