Privacy Policy

Last updated: May 29, 2026 · Effective date: May 29, 2026

This Privacy Policy describes how NEWPOINT LABS LLC ("newpointlabs.com," "we," "us," or "our") collects, uses, shares, and protects information about you when you download, access, or use the newpointlabs.com mobile application for iOS and Android (the "App") and related services, including our marketing website (collectively, the "Services"). By using the Services you agree to this Policy. If you do not agree, do not use the Services.

1. Who we are

newpointlabs.com is a personal-finance application that helps you understand your spending, set budgets, and track recurring payments. For the purposes of the EU/UK GDPR and the California Consumer Privacy Act ("CCPA"), the operator of the Services is the data controller and "business" with respect to personal information processed in connection with the App.

2. Information we collect

2.1 Information you provide

• Account information. When you register we collect your email address, display name (optional), and authentication credentials managed through Google Firebase Authentication (including "Sign in with Apple" or "Sign in with Google" identifiers if you use those methods).
• Profile & budget preferences. Budget targets, selected spending categories, and notification preferences you configure in-app.
• Support communications. Messages you send to our support email, including any information you voluntarily include.

2.2 Financial information collected via Plaid

When you link a bank account, you are directed to a secure flow operated by Plaid Inc. ("Plaid"). You enter your credentials directly with your financial institution through Plaid — newpointlabs.com never sees or stores your bank username or password. With your authorization Plaid shares the following information with us:

• Masked account numbers, account name, account type, balances.
• Institution name and logo.
• Transaction history, including date, amount, merchant, original description, and Plaid-supplied category.
• Plaid-derived identifiers required to re-fetch data on your behalf (access tokens, item IDs).

Plaid's collection and use of your information is governed by the Plaid End User Privacy Policy, which you should review separately.

2.3 Device, app, and usage data

• Device information. Device model, operating system and version, app version, language, time zone, crash logs, and a resettable advertising identifier (if permitted by the operating system).
• Usage information. Screens viewed, features used, errors encountered, and performance metrics. We use this to diagnose bugs and improve the product.
• Push tokens. If you enable notifications, we store the push-notification token provided by Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM).

We do not collect precise geolocation. We do not access your contacts, photos, microphone, or camera.

2.4 Information from app stores

When you purchase a subscription through the Apple App Store or Google Play Store, Apple or Google shares limited information with us such as a transaction identifier, subscription status, and renewal date. We do not receive your payment card details, which remain solely with Apple or Google.

3. How we use information

We use the information described above to:

• Create and maintain your account and authenticate you.
• Retrieve, categorize, and display your transactions, balances, and recurring payments.
• Detect and surface upcoming bills and subscriptions.
• Deliver budget alerts and push notifications that you enable.
• Operate your subscription, including free trials, renewals, and cancellations.
• Diagnose bugs, improve performance, and develop new features.
• Prevent fraud, abuse, and unauthorized access.
• Comply with applicable laws, court orders, and lawful requests from regulators.

We do not use your financial information for advertising, profiling unrelated to the App, or to train third-party advertising or generative-AI models.

4. Legal basis for processing (EEA and UK users)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases:

• Performance of a contract — to provide the Services you requested.
• Legitimate interests — to improve the Services, secure our systems, and prevent fraud, where those interests are not overridden by your rights.
• Consent — for push notifications, optional analytics where required, and for connecting your bank account through Plaid. You may withdraw consent at any time.
• Legal obligation — to comply with laws and regulatory requirements.

5. How we share information

We share information only with the limited categories of recipients below. We do not sell or "share" your personal information for cross-context behavioral advertising (as those terms are defined under the CCPA/CPRA), and we have not done so in the preceding 12 months.

• Service providers acting on our behalf, bound by written agreements and confidentiality obligations:
  • Plaid — bank-account linking and transaction retrieval.
  • Google Firebase — authentication, crash reporting, push messaging, and cloud storage.
  • Apple Push Notification service — iOS push delivery.
  • Cloud infrastructure providers — hosting and data storage.
  • Analytics providers — product analytics (in aggregated or pseudonymized form).
  • Customer-support tools — only if you contact us.
• Apple and Google — when you subscribe, cancel, or request a refund through their stores, they process the transaction and share the resulting status with us.
• Legal and safety — to comply with valid legal process, protect our rights and users, and investigate fraud.
• Corporate transactions — if we are involved in a merger, acquisition, or asset sale, your information may be transferred subject to this Policy.
• With your direction or consent — when you explicitly ask us to share information with a third party.

6. Plaid and your bank data

Bank account linking is powered by Plaid. By connecting an account you authorize:

• Plaid to access your account and transaction information from your financial institution.
• Plaid to share that information with newpointlabs.com solely to power the features you have requested.
• newpointlabs.com to refresh your data periodically while your account is connected.

You can disconnect any bank at any time from Profile → Connected Banks in the App. When you disconnect, we revoke the corresponding Plaid access token and instruct Plaid to delete the access credential. We retain the historical transactions we had already fetched so your past reports remain available, unless you ask us to delete them.

Plaid's handling of your information is governed by the Plaid End User Privacy Policy. If you want Plaid to delete data it holds about you, visit my.plaid.com.

7. Apple and Google platform data

Purchases of newpointlabs.com subscriptions are processed by Apple (for iOS/iPadOS) or Google (for Android). Apple or Google is the seller of record for these transactions. Your payment information is provided to, and stored by, Apple or Google — not newpointlabs.com. We receive a transaction receipt and subscription status from the platform to activate and maintain your subscription. Apple's and Google's respective privacy policies apply to the information they collect.

8. Data retention

We retain personal information for as long as your account is active, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Typical retention periods:

• Account data: until you delete your account, then removed within 30 days.
• Linked-bank access tokens: until you disconnect the bank, then revoked immediately.
• Transaction history: while your account is active; deleted on account deletion.
• Support tickets: up to 24 months after resolution.
• Financial and tax records (e.g. subscription receipts): up to 7 years as required by law.

9. Data security

We use industry-standard safeguards to protect your data, including TLS 1.2+ in transit, AES-256 encryption at rest for sensitive fields, scoped service credentials, least-privilege access controls, continuous security logging, and periodic third-party review. No system is perfectly secure; if we discover a breach that affects your personal information we will notify you and the competent authorities as required by law.

10. Your privacy rights

Depending on where you live, you may have the following rights. To exercise them, email us at newpoint.itgroup@gmail.com. We will verify your identity before acting on your request and we will respond within the timeframes required by applicable law.

10.1 Rights available globally

• Access a copy of the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated personal information.
• Disconnect any linked financial institution at any time from inside the App.
• Withdraw consent (e.g. disable push notifications or disconnect Plaid).

10.2 EEA, UK, and Swiss users (GDPR)

You additionally have the right to data portability, to object to or restrict processing based on our legitimate interests, and to lodge a complaint with your local supervisory authority.

10.3 California users (CCPA/CPRA)

You have the right to know what personal information we collect, use, disclose, and (if applicable) sell or share; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of sale or sharing for cross-context behavioral advertising (we do not sell or share); the right to limit use of sensitive personal information; and the right to be free from discrimination for exercising these rights. You may authorize an agent to act on your behalf.

10.4 Other U.S. state privacy laws

Residents of Colorado, Connecticut, Virginia, Utah, Texas, and other states with comprehensive privacy laws may also have rights of access, correction, deletion, portability, and opt-out of targeted advertising, profiling, and sale. We honor these rights in the same manner described above.

11. Children's privacy

The Services are not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe we have collected information from a child, please contact us and we will delete the account.

12. International data transfers

Your information may be processed in the United States and other jurisdictions that may have different data protection laws from your country. When we transfer personal information from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum.

13. Third-party links and services

The Services may link to third-party websites or apps we do not control. Their privacy practices are their own and we encourage you to review them.

14. Changes to this Policy

We may update this Policy from time to time. When we do, we will update the "Last updated" date at the top. If we make material changes we will provide additional notice (for example, an in-app message or email). Your continued use of the Services after an update means you accept the revised Policy.

15. Contact us

If you have questions about this Policy or want to exercise any of your rights, please contact us:

Email: newpoint.itgroup@gmail.com

Postal address:
7901 4TH ST N
STE 300
ST. PETERSBURG, FL 33702

If you are not satisfied with our response you may contact your local data-protection authority or, in the UK, the Information Commissioner's Office.