Trust

Your data is yours.

On-device first. End-to-end encrypted at rest. Never sold. Audit log on every action. Export anytime. Delete anytime.

On-device first

Your financial data, your work, your shared plans live primarily on your iPhone. The cloud is a sync layer for your other devices and your invited co-deciders, not a surveillance layer for us.

Encrypted at rest

Every Supabase row is encrypted with AES-256. Backups are encrypted. Sensitive vault items (Plaid credentials, account numbers) get a second layer with per-user envelope keys.

Never sold, never advertised against

We make money the calm way: subscriptions. We don't run ads. We don't sell anonymized data. We don't hand your data to model trainers. Your data is the product YOU bought, not the product WE sell.

What we collect (and what we don’t)

Plain English. The full legal version lives at /privacy.

Item	We collect?	Why / why not
Email address	Yes	Sign in + sync across devices
Apple/Google ID (if used to sign in)	Yes	Authentication only — never linked to ads
Your financial data (balances, bills, splits)	Yes	The whole product. Lives encrypted.
Crash + diagnostic logs (anonymized)	Yes	So we can ship a less-buggy app
Your contacts	No	We don't read your contact book. Ever.
Your location	No	Money doesn't ask. Together asks only for explicit features (e.g. find my house) and never stores history.
Photos / camera roll	No	Receipt scans are processed on-device with the Vision framework; image data never leaves your phone unless you explicitly share it.
Browsing data outside OneTruth	No	We can't see anything you do outside our apps.
Your data, sold to anyone	No	Not now. Not ever. We're a subscription business.

Where your data lives

Supabase (US-East)

Your synced data lives in Supabase Postgres in AWS us-east-1. Row-level security (RLS) gates every table — even our own engineers can't read your data without going through the same auth as you.

Your iCloud (your control)

Local backups go through your iCloud, encrypted with your Apple ID. We never see them. Migrating to a new iPhone restores everything from your iCloud + a fresh sign-in.

Your iPhone keychain

Auth tokens, vault keys, and biometric-protected credentials live in the iOS Keychain — Apple's hardware-backed secure enclave. Not in our database, not in our logs.

Your rights

You own your data. We just hold it for you.

Export anytime

Account → Danger zone → Export your data. We email you a ZIP with everything we have on you in machine-readable JSON + CSV.

Delete anytime

Account → Danger zone → Delete your account. Two-step confirmation by email. Cancellations cascade to web subscriptions automatically (Apple subs require manual cancellation in Settings).

Audit anytime

Account → Audit. See every action you've taken across every OneTruth app, paginated, filterable, exportable as CSV.

Selective sharing

Pin one number, clip one section, snip one moment. You decide exactly what each co-decider sees — never more.

Compliance & audits

SOC 2 readiness — on the roadmap. Our infrastructure (Supabase + Stripe + Apple) is already SOC 2 Type II; the remaining work is our own controls audit, scheduled before Work + Together GA.

GDPR + CCPA — every right those frameworks grant (access, portability, deletion, objection) is built into Account → Danger zone, available to every user regardless of geography. No tickets, no waiting.

HIPAA— we don’t collect health data and OneTruth is not HIPAA-covered. If you need HIPAA-grade isolation, our apps aren’t the right fit yet.

Read the technical details →Read the legal text →

Calm software with no asterisks

Try OneTruth Money. Cancel anytime. Export anytime. Delete anytime.

See OneTruth Money Learn about us