Skip to content
OneTruth

OneTruth

Privacy

Your money, your data, never anyone else's. This page summarizes what we collect, what we don't, and how to control everything.

Last updated: April 30, 2026

The promise

OneTruth is built around a simple promise: the data you give us is yours, used only to power your experience, and never sold or shared with anyone — ever, no exceptions, no asterisks.

  • No third-party analytics SDKs (no Google Analytics, no Mixpanel, no Amplitude, no Segment).
  • No advertising SDKs (no Facebook Pixel, no AdMob, no Branch).
  • No behavioral tracking. We measure the app's health, not your actions.
  • No device fingerprinting. Your phone's IDFA is never read.

What we collect

  • Account information: the accounts you choose to link via Plaid (balances + transactions).
  • App content: the bills, notes, documents, goals, and workspaces you create.
  • Identity: your sign-in identifier from Apple, Google, or email, plus your email address.
  • Diagnostics: anonymous crash reports and performance metrics. No personally identifying information.

How it's stored

  • Encrypted at rest using AES-256.
  • All connections use TLS 1.3 in transit.
  • Per-row Row-Level Security ensures one user can only ever read their own data.
  • Backups are encrypted and stored in a different region than the primary.

How AI works

When the AI assistant can answer your question on-device, it does. On iPhone 15 Pro and newer, Apple Intelligence runs locally; on other devices, our on-device models do the same work. For requests that need cloud help, only the question text and the relevant context are sent — never your raw transactions, never your account credentials.

Your rights

  • Export. Settings → Privacy → Export my data generates a single ZIP of everything we have on you, in human-readable JSON.
  • Delete. Settings → Privacy → Delete my account permanently removes your data within 24 hours, and from backups within 30 days.
  • Correct. All your data is editable inside the app.

Sharing data with third parties

We share data only with the vendors required to run the service — Plaid (bank linking), Apple (sign-in + push notifications), Resend (transactional email), and Supabase (database hosting). Each is bound by data processing agreements; none of them are permitted to use your data for their own purposes.

Children's privacy

OneTruth is not intended for use by anyone under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it within 24 hours.

Changes to this policy

We'll email every active user 30 days before any change that weakens your privacy. Cosmetic changes (rewording, fixing typos) are made silently.

Contact

Questions, requests, or concerns: support@onetruth.app. A real human reads every message.