RoundsPrivacy Policy
Rounds Financial (“Rounds,” “we,” “us,” or “our”) operates the Rounds web and mobile applications. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.
By using Rounds, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account Information: Name and email address when you sign in with Google.
- Financial Account Information: When you choose to link financial accounts through Plaid, we receive read-only information about your debt and liability accounts, including account names, balances, interest rates, minimum payments, and account types.
1.2 Information Collected Through Plaid
When you connect your financial accounts, our third-party service provider Plaid collects and transmits the following information to us on a read-only basis:
- Liability account details (account name, type, balance, interest rate, minimum payment)
- Account identification information (masked account numbers)
- Account status and payment history
Rounds uses Plaid solely to read liability account information so we can display your debts and calculate payoff projections. Rounds does not use Plaid to initiate payments, transfers, or any movement of funds.
Plaid’s use of your information is governed by the Plaid End User Privacy Policy. We encourage you to review it.
Important: Rounds never receives or stores your bank login credentials. Plaid handles all credential exchange directly with your financial institution.
1.3 Information Collected Automatically
- Usage Data: Pages visited, features used, and interaction patterns within the application.
- Device Information: Browser type, operating system, and device identifiers.
- Log Data: IP addresses, access times, and referring URLs.
2. How We Use Your Information
We use the information we collect to:
- Provide Our Services: Display your debt accounts, calculate payoff projections, track PSLF eligibility, and generate financial insights.
- Perform Calculations: Run round-up and payoff projection calculations on your linked account data when you enable these features. Rounds does not move, transfer, or process funds.
- Improve Our Services: Analyze usage patterns to improve functionality and user experience.
- Communicate With You: Send service-related notifications, updates, and support responses.
- Ensure Security: Detect, prevent, and address fraud, abuse, and technical issues.
We do not use your financial data to:
- Sell to third parties
- Target advertising
- Build consumer profiles for external use
3. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
3.1 Service Providers
We share information with third-party service providers who perform services on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Plaid | Read-only access to linked liability account data | Account credentials (handled by Plaid directly), account identifiers, liability account data |
| Supabase | Authentication and application database | Name, email, authentication tokens, and application data (encrypted at rest and in transit) |
| Google Cloud Platform | Backend compute and messaging infrastructure | Application data processed by backend services (encrypted at rest and in transit) |
| PostHog | Product analytics and usage measurement | Usage events, device and browser metadata, pseudonymous identifiers |
3.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
3.3 Business Transfers
If Rounds is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
4. Data Storage and Security
- Application data is stored in Supabase’s managed PostgreSQL database within the United States. Backend services run on Google Cloud Platform within the United States.
- Data is encrypted in transit using TLS 1.2 or higher.
- Data is encrypted at rest using AES-256 encryption.
- Access to production systems requires multi-factor authentication.
- We follow the principle of least privilege for all system access.
5. Data Retention
- Account Data: We retain your personal and financial information for as long as your account is active or as needed to provide you with our services.
- Transaction Records: Payoff and transaction records are retained for reconciliation and your reference.
- After Deletion: When you delete your account, we delete your personal data and associated financial records from our systems. Some data may be retained in encrypted backups for a limited period or as required by law.
6. Your Rights and Choices
6.1 Access and Portability
You may request a copy of the personal information we hold about you by contacting us at the email address below.
6.2 Correction
You may request correction of inaccurate personal information.
6.3 Deletion
You may request deletion of your account and associated data at any time. To delete your account:
- Use the account deletion feature within the application, or
- Contact us at the email address below.
Upon deletion, we will remove your data from active systems and revoke any connected Plaid access tokens.
6.4 Disconnect Financial Accounts
You may disconnect linked financial accounts at any time through the application. This revokes Rounds’ access to your account data through Plaid. You may also revoke access directly through Plaid Portal.
6.5 Opt-Out
You may opt out of non-essential communications at any time.
7. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You may request details about the categories and specific pieces of personal information we have collected.
- Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
- No Sale of Personal Information: We do not sell personal information as defined by the CCPA.
To exercise these rights, contact us using the information in Section 11.
8. Children’s Privacy
Rounds is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly.
9. Third-Party Links
Our application may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the application and updating the “Last Updated” date. Your continued use of Rounds after changes are posted constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights regarding your personal information, contact us at:
Email: matt@roundsfi.com