Privacy Policy

This Privacy Policy applies to: the OctoWealth mobile application; account creation and authentication; Plaid-powered financial account connections; subscription and billing-related account status; customer support;

financial dashboards, budgets, reports, exports, and insights; account deletion and data deletion requests; security, logging, monitoring, and fraud-prevention activity; related services we provide in connection with the mobile app. This Privacy Policy does not apply to websites, applications, products, or services operated by third parties, including Plaid, Apple, Google, Stripe, Amazon Web Services, financial institutions, analytics providers, support providers, or other third-party service providers. Those third parties may process your information under their own terms and privacy policies.

We collect information in several ways: information you provide directly; information created through your use of the app; information received from financial accounts you choose to connect through Plaid; information generated by your device, app, and network activity; information received from service providers that help us operate OctoWealth. The information we collect depends on how you use OctoWealth and which features you enable.

When you create, access, or manage an OctoWealth account, we may collect: name; email address; phone number, if provided or required for authentication; username or account identifier; authentication-related information; account creation date; account status; age or birthdate information used to confirm eligibility; consent records; app settings; notification preferences; marketing consent preferences;

security settings; subscription status; support history; account deletion status. We use this information to create and manage your account, authenticate you, verify eligibility, provide the app, secure your account, communicate with you, process your requests, manage subscriptions, enforce our terms, and comply with legal or operational requirements. OctoWealth requires users to be at least 18 years old. We do not knowingly permit users under 18 to create accounts.

OctoWealth allows you to connect supported U.S. financial accounts through Plaid. Plaid is a third-party service provider that helps users securely authorize access to financial account data from supported financial institutions. When you choose to connect a financial account, you may be directed through a Plaid connection flow. Through that flow, you authorize Plaid and OctoWealth to access, receive, process, and store certain information from the financial accounts you choose to connect. At launch, OctoWealth uses Plaid for read-only financial account aggregation. OctoWealth does not use Plaid to move money, initiate ACH transfers, initiate payments, execute trades, open accounts, issue credit, or take financial action on your behalf. Depending on the accounts you connect and the features you use, we may collect and process the following categories of financial account data through Plaid: financial institution name; account name; account type; account subtype; masked account number; account identifiers; Plaid item identifiers; Plaid account identifiers; account balances; available balances;

current balances; credit limits, where available; transaction history; pending transactions; posted transactions; transaction dates; transaction amounts; merchant names; transaction descriptions; transaction categories; recurring transaction patterns; bills and subscription patterns; loan and liability information, where enabled and authorized; investment account information, where enabled and authorized; investment holdings, where enabled and authorized; securities names, symbols, or identifiers, where enabled and authorized; account owner information, where enabled and authorized; other financial data made available through Plaid based on your authorization, your financial institution, and the OctoWealth features you use. At launch, OctoWealth may use the following Plaid products or data categories: Transactions; Liabilities, where enabled and authorized; Investments, where enabled and authorized; Identity, where enabled and authorized. OctoWealth does not use the following Plaid products at launch: Auth; Transfer; Signal; Income; Assets; Statements; Processor Token;

Employment; Payroll. If our Plaid product usage changes in the future, we will update this Privacy Policy and provide any required notices or consent flows. Plaid may also collect and process information under Plaidʼs own privacy practices. You should review Plaidʼs disclosures during the account connection process.

OctoWealth does not receive or store your online banking username or password. Plaid access tokens are stored only on OctoWealthʼs backend systems and are not sent to the mobile app. We store Plaid access tokens in encrypted form using AWS Key Management Service or comparable encryption controls. Plaid tokens are used to refresh and maintain access to financial account data that you have authorized OctoWealth to receive. We use these tokens only to provide OctoWealthʼs app functionality, maintain account connections, refresh financial data, support your requests, and operate and secure the service. When your account is deleted, OctoWealth revokes connected Plaid items through Plaidʼs item removal process where applicable, removes Plaid tokens from active use, and stops future syncing, subject to the retention limitations described in this Privacy Policy.

You may provide, create, edit, upload, categorize, import, export, or manually enter information in OctoWealth. This may include: manually added accounts; manual account balances; budgets; spending categories; transaction tags; custom transaction rules; transaction notes;

cash flow assumptions; debt payoff strategies; debt snowball, debt avalanche, or cashflow strategy inputs; simulator assumptions; equity or investment assumptions; receipt images; receipt OCR results; reports; exports; support messages; screenshots or attachments you provide to support. We use this information to provide the features you request, customize your experience, generate dashboards and reports, provide support, and maintain app functionality. Do not enter sensitive information into free-text fields unless necessary for your use of OctoWealth.

OctoWealth may offer paid subscription features, including OctoWealth Premium and free trial offers. Depending on the billing method available at launch, subscriptions may be processed through Apple App Store, Google Play, Stripe, or another payment processor. Your payment method and billing details may be processed directly by the applicable app store or payment processor. OctoWealth generally does not receive your full credit card number, debit card number, bank account number, or full payment credentials from Apple, Google, Stripe, or other payment processors. We may receive or process subscription-related information such as: subscription status; product or plan type; trial status; purchase date; renewal date; expiration date;

cancellation status; refund status; billing portal status; transaction identifiers; app store or payment processor identifiers; entitlement status. We use this information to provide paid features, manage subscriptions, verify access, prevent fraud, provide support, and maintain business records. Your subscription, payment, renewal, cancellation, and refund rights may also be governed by the terms and privacy practices of Apple, Google, Stripe, or the applicable payment processor.

When you use OctoWealth, we may collect technical and usage-related information, including: device type; operating system; app version; device settings relevant to app functionality; language settings; approximate region or country; IP address; timestamps; API request metadata; authentication events; security events; crash reports; diagnostic information; performance information; error logs; feature interaction events; app session information; consent events; push notification tokens;

mobile client logs, if enabled and consented where required. We use this information to operate the app, troubleshoot issues, monitor reliability, improve performance, secure accounts, detect fraud or abuse, maintain logs, respond to support requests, and comply with legal or operational obligations. We do not use financial account data for advertising. We do not intentionally send raw transaction data, balances, Plaid access tokens, or other sensitive financial account data to analytics tools for product analytics.

OctoWealth may use limited analytics, crash reporting, logging, and performance monitoring tools to understand app reliability, detect crashes, monitor performance, and improve the service. These tools may include: Sentry for crash reporting and performance diagnostics, where enabled; AWS CloudWatch for logs, alarms, dashboards, and operational monitoring; AWS CloudTrail for account-level audit activity; mobile client log ingestion to AWS CloudWatch, where enabled and consented where required. We use these tools for operational, security, debugging, and performance purposes. We do not use them to sell personal information or financial data. We do not use financial data for third- party advertising. Where analytics or optional telemetry requires consent, we use consent controls such as in-app consent settings.

OctoWealth may offer push notifications for app-related alerts, reminders, account updates, budget alerts, subscription reminders, security notices, or other app functionality. Push notifications require operating system permission. If you enable push notifications, we may collect and store a push notification token associated with your device. Push notifications may be delivered through Apple Push Notification service, Firebase Cloud Messaging, Expo-related notification tooling, or other mobile notification infrastructure.

You can manage push notification permissions through your device settings and, where available, through OctoWealthʼs in-app notification preferences.

If you contact us for support, report an issue, submit feedback, or create a support ticket, we may collect: your name; email address; account identifier; message content; issue description; support request metadata; screenshots or attachments you provide; app version; device information; diagnostic details relevant to the support request. OctoWealth may use Jira Service Management or similar support tooling to process support tickets. We use support information to respond to requests, troubleshoot issues, improve the app, maintain records, and protect the service. Do not include sensitive financial information, account credentials, Social Security numbers, full account numbers, or other unnecessary sensitive information in support messages.

OctoWealth may use third-party data sources to provide market, investment, currency, or crypto-related reference information. These may include: Financial Modeling Prep for market quote or ticker-related information; CoinGecko for crypto-related pricing or market data; ExchangeRate-API - Free & Pro Currency Converter API or similar providers for currency exchange rate information.

When using these services, OctoWealth may send limited query information, such as ticker symbols, currency codes, or crypto asset symbols. OctoWealth does not intentionally send your Plaid access tokens, full transaction history, account balances, or personal financial account records to these market or currency data providers. Third-party market, currency, and crypto data may be delayed, inaccurate, incomplete, or unavailable.

OctoWealth uses Amazon Cognito and related security controls for authentication and account management. Depending on your settings and the features available, OctoWealth may support: email/password authentication; email verification; password reset; multi-factor authentication; time-based one-time passcodes; biometric app unlock; PIN lock; advanced security controls; account security monitoring. If you enable biometric authentication, biometric verification is generally handled by your device operating system. OctoWealth does not receive or store your raw biometric identifiers, such as fingerprint data or facial geometry. We may store a setting indicating that biometric unlock is enabled.

OctoWealth may use deterministic rules, calculations, categorization logic, pattern detection, and automation to provide app features such as transaction categorization, bill detection, subscription detection, budgeting insights, debt payoff strategies, reports, and simulator outputs. OctoWealth does not send your personal financial data to third-party large language model providers for processing at launch.

OctoWealth does not use your personal financial data to train third-party artificial intelligence models. If OctoWealth later introduces features that involve third-party AI providers or materially different automated processing of personal financial data, we will update this Privacy Policy and provide any required notices or consent choices.

We use information for the purposes described below. A. To Provide OctoWealth We use information to: create and manage your account; authenticate users; enforce age eligibility; connect financial accounts through Plaid; sync financial account data; display accounts, balances, transactions, investments, liabilities, and budgets; categorize transactions; detect bills and subscriptions; calculate net worth; generate reports; export data; support receipt scanning and OCR, where enabled; support debt payoff strategies; support financial simulators; provide subscription entitlements; provide customer support; maintain user preferences; process account deletion requests. B. To Operate, Maintain, and Improve the App We use information to: monitor performance;

troubleshoot issues; debug errors; improve app reliability; understand feature usage where permitted; test and improve features; manage infrastructure; maintain service availability; process logs and diagnostics. C. To Secure OctoWealth We use information to: protect accounts; detect suspicious activity; prevent fraud, abuse, misuse, and unauthorized access; enforce our Terms of Service; monitor API activity; maintain audit logs; investigate security issues; protect users, OctoWealth, service providers, and third parties. D. To Communicate With You We use information to: send account notices; send security alerts; send support responses; send subscription-related notices; send privacy or legal notices; send product updates; send opt-in marketing communications where permitted; send push notifications if enabled. E. To Comply With Legal, Contractual, and Platform Requirements We use information to: comply with applicable laws;

comply with Apple App Store requirements; comply with Google Play requirements; comply with Plaid-related requirements; comply with payment provider requirements; respond to lawful requests; enforce agreements; resolve disputes; maintain business records; protect rights, safety, and property.

We may share information as described below. A. Service Providers We share information with service providers that help us operate, host, secure, support, analyze, improve, and provide OctoWealth. These service providers may include: Amazon Web Services for cloud hosting, compute, storage, databases, encryption, logging, monitoring, backup, networking, and security; Plaid for financial account connectivity; Apple and Google for app distribution, mobile platform services, push notifications, subscriptions, and platform-level functionality; Stripe or other payment processors, if used for subscription checkout or billing portal functionality; Sentry or similar tools for crash reporting and performance diagnostics; Atlassian Jira Service Management or similar tools for support tickets; Financial Modeling Prep, CoinGecko, and exchange rate providers for market, crypto, or currency reference data; email, authentication, security, logging, analytics, and operational vendors. Service providers process information only as needed to provide services to us, subject to their own legal obligations and applicable agreements.

B. Plaid

When you choose to connect a financial account, information is shared with Plaid as needed to

enable account linking, authentication through Plaid, account data access, account refresh,

error handling, and related functionality.

Plaid may process information under its own terms, privacy policy, and authorization

disclosures.

C. App Stores, Payment Providers, and Subscription Platforms

If you subscribe to paid features, Apple, Google, Stripe, or another payment provider may

process your payment, subscription, renewal, cancellation, and refund information.

We may receive or share limited information needed to verify subscription status, manage

entitlements, process support requests, detect fraud, and maintain billing records.

D. Legal, Compliance, Safety, and Security

We may disclose information if we believe disclosure is reasonably necessary to:

comply with law;

respond to lawful requests, subpoenas, court orders, or legal process;

enforce our Terms of Service;

investigate fraud, abuse, misuse, or security incidents;

protect the rights, property, or safety of OctoWealth, users, service providers, financial

institutions, or others;

prevent harm;

comply with platform, service provider, payment processor, or app store requirements.

E. Business Transfers

If OctoWealth is involved in a merger, acquisition, financing, reorganization, sale of assets,

bankruptcy, change of control, or similar transaction, information may be transferred as part of

that transaction, subject to applicable law and appropriate safeguards.

F. With Your Direction or Consent

We may share information when you direct us to do so, authorize sharing, or otherwise consent.

OctoWealth does not sell your personal information.

OctoWealth does not sell your financial account data. OctoWealth does not share your financial account data for third-party behavioral advertising. OctoWealth does not use your financial account data for advertising. OctoWealth does not use third-party advertising SDKs at launch. OctoWealth does not use Plaid to move money. OctoWealth does not receive or store your online banking password. OctoWealth does not send your personal financial data to third-party large language model providers at launch.

OctoWealth is designed as a subscription-based personal finance app and does not rely on advertising as its launch business model. At launch, OctoWealth does not use third-party advertising networks, third-party behavioral advertising, or ad tracking SDKs. If we introduce advertising, cross-app tracking, affiliate financial-product recommendations, or third-party behavioral advertising in the future, we will update this Privacy Policy and provide any notices or choices required by applicable law or platform rules.

We retain information for as long as reasonably necessary to provide OctoWealth, maintain your account, comply with legal or contractual obligations, resolve disputes, enforce agreements, maintain security, prevent fraud, and support legitimate business needs. Retention periods vary by data type, system, and purpose. Examples of retention practices include: account profile data is generally retained while your account remains active; Plaid-connected financial data is generally retained while your account remains active and the relevant financial account remains connected, unless deleted earlier; manually entered financial data, budgets, rules, reports, preferences, and settings are generally retained while your account remains active;

Plaid access tokens are retained while needed to maintain authorized connections and are removed from active use when the relevant item is disconnected or your account is deleted; data exports may be retained for a limited period, such as approximately 30 days, depending on implementation; CloudWatch logs are generally retained for approximately 14 days unless a different retention period applies; SQS dead-letter queue messages may be retained for approximately 14 days; DynamoDB point-in-time recovery may retain recoverable copies for up to approximately 35 days; AWS Backup snapshots may persist for up to approximately 90 days; S3 access logs may be retained for approximately 90 days; receipts or receipt-related records may be retained longer if needed to provide user- requested records, support, legal, accounting, or operational functionality; support communications may be retained for support, security, legal, and business record purposes; subscription and billing records may be retained as required or permitted by Apple, Google, Stripe, payment providers, tax rules, accounting requirements, and business record needs; CloudTrail and audit records may be retained as needed for security, audit, compliance, and operational purposes. Deletion from active systems does not always result in immediate deletion from backups, logs, audit systems, or disaster recovery copies. Backup and recovery copies are deleted or overwritten according to applicable retention schedules. We do not retain personal information longer than reasonably necessary for the purposes described in this Privacy Policy unless required or permitted by law, contract, security needs, dispute resolution, or legitimate operational requirements.

You may request deletion of your OctoWealth account and associated personal information through the app, where available, or by contacting us at: At launch, OctoWealth supports in-app account deletion through the appʼs account or advanced settings flow. OctoWealth may also support a scheduled deletion process with a grace period, support@octowealthapp.com

such as 14 days, during which you may be able to cancel deletion by signing back in or following the cancellation process provided in the app. When your account deletion is executed, OctoWealth will take reasonable steps to: close or delete your OctoWealth account; remove or disable access to your account; revoke connected Plaid items through Plaid item removal where applicable; remove Plaid access tokens from active use; stop future financial account syncing; delete or de-identify DynamoDB tenant data associated with your account, such as accounts, transactions, budgets, rules, consent records, debt strategies, and related user data; delete or de-identify S3 user artifacts, such as receipts or export files, where applicable; delete or de-identify app settings and preferences, where applicable; wipe local app storage where supported by the app. Certain information may be retained after account deletion where necessary or permitted for: legal compliance; security; fraud prevention; dispute resolution; enforcement of agreements; audit logs; backup and disaster recovery; accounting or tax records; payment or subscription records; platform or service provider requirements; operational integrity. If you disconnect a financial institution without deleting your OctoWealth account, future syncing from that institution should stop. If a per-institution disconnect feature is not yet available in the app, you may contact support for assistance. Previously synced information may remain in OctoWealth unless deleted by you, removed through a deletion feature, or removed through an account deletion request, subject to retention exceptions. If you purchased a subscription through Apple, Google, Stripe, or another payment provider, deleting your OctoWealth account may not automatically cancel your subscription. You may

need to cancel your subscription directly through the applicable app store, payment processor, or billing portal. We aim to process verified deletion requests within a reasonable period and, where applicable, within 30 days, subject to verification, legal exceptions, operational limitations, backup retention, and applicable requirements.

OctoWealth may allow you to export certain data, such as transactions, account information, budgets, reports, or other app data, in formats such as CSV, PDF, JSON, or other supported formats. Exported files may contain sensitive financial information. You are responsible for protecting exported files after they are downloaded, stored, transmitted, or shared outside OctoWealth.

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, and disclosure. These safeguards may include: HTTPS/TLS encryption in transit; encryption at rest using AWS Key Management Service where applicable; KMS-managed encryption for DynamoDB, S3, CloudWatch Logs, Secrets Manager, and Plaid- token handling where applicable; encrypted storage of Plaid access tokens; AWS Secrets Manager for secrets management; Amazon Cognito for authentication; multi-factor authentication controls; access controls; least-privilege IAM practices; CloudWatch logging and monitoring; CloudTrail audit logging; WAF protections; GuardDuty monitoring; VPC networking controls;

NAT and VPC endpoints where applicable; SQS dead-letter queues; backup and recovery controls; separation of production and non-production environments where applicable; operational monitoring and alerting. OctoWealth uses AWS cloud infrastructure. Under the cloud shared responsibility model, AWS is responsible for the security of the underlying cloud infrastructure, while OctoWealth is responsible for the application, data, configurations, access controls, identity and access management, and service logic we build and operate. No method of transmission, storage, or processing is completely secure. We cannot guarantee absolute security. You are responsible for securing your device, protecting your account credentials, using strong passwords, enabling available security features, and notifying us promptly if you believe your account has been compromised.

Depending on your location and applicable law, you may have certain rights and choices regarding your personal information. These may include the ability to: access certain personal information; correct inaccurate information; request deletion of your account or personal information; export certain data; disconnect financial institutions where the feature is available; opt out of marketing communications; manage push notification permissions; manage analytics or telemetry consent where available; manage app permissions through your device settings; cancel subscriptions through Apple, Google, Stripe, or the applicable payment provider; appeal certain privacy request decisions where required by applicable law. To submit a privacy request, contact us at:

We may need to verify your identity before processing certain requests.

OctoWealth may request device permissions to provide app features. Depending on the features you use, these may include: camera access for receipt scanning or document capture; photo or file access for uploads, exports, or attachments; notification permission for alerts and reminders; biometric authentication through your device operating system; network access to connect to OctoWealth, Plaid, and service providers. You can manage app permissions through your device settings. Disabling permissions may limit app functionality.

OctoWealth is intended only for users who are at least 18 years old. We do not knowingly allow users under 18 to create OctoWealth accounts or use the service. If we learn that a person under 18 has created an account or provided personal information to OctoWealth, we may delete the account and associated information, subject to legal and operational retention needs. If you believe a person under 18 has provided information to OctoWealth, contact us at:

Certain U.S. state privacy laws may provide residents with rights regarding personal information. Depending on your state and whether the applicable law applies to OctoWealth, these rights may include the right to: know or access personal information; correct inaccurate personal information; delete personal information; support@octowealthapp.com support@octowealthapp.com

obtain a copy of personal information; opt out of certain processing, such as sale, targeted advertising, or certain profiling; appeal a privacy request decision. OctoWealth does not sell personal information. OctoWealth does not sell financial account data. OctoWealth does not share financial account data for targeted advertising. OctoWealth does not use financial account data for advertising. To submit a privacy request, contact us at: We will respond to verified requests as required by applicable law.

This section provides additional information for California residents, to the extent California privacy laws apply to OctoWealth and your personal information. A. Categories of Personal Information We May Collect We may collect the following categories of personal information: identifiers, such as name, email address, account ID, device identifiers, and IP address; customer records information, such as account, subscription, and support information; commercial information, such as subscription status and transaction records relating to your OctoWealth subscription; financial information, such as account balances, transaction history, liabilities, investments, holdings, and other financial account data you authorize us to access; internet or electronic network activity information, such as app usage, logs, diagnostics, crash reports, and security events; approximate geolocation information, such as approximate region or country inferred from IP address or device settings; audio, electronic, visual, or similar information, such as screenshots, attachments, or receipt images you submit; inferences, such as spending categories, recurring bill patterns, budget insights, cash-flow patterns, or app-generated insights; support@octowealthapp.com

sensitive personal information, including financial account information you authorize us to access. B. Sources of Personal Information We may collect personal information from: you; your device; Plaid; your connected financial institutions through Plaid; Apple, Google, Stripe, or other payment providers; AWS and other service providers; app activity, logs, and support interactions. C. Purposes for Collection, Use, and Disclosure We collect, use, and disclose personal information for the purposes described in this Privacy Policy, including to provide OctoWealth, connect financial accounts, sync financial data, manage subscriptions, secure accounts, provide support, improve the app, comply with law, and maintain business operations. D. Sale or Sharing We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not sell or share financial account data for advertising. E. Sensitive Personal Information We use sensitive personal information only as reasonably necessary to provide OctoWealth, secure the service, process your requests, comply with law, and perform services you request. We do not use sensitive personal information to infer characteristics unrelated to providing OctoWealth. F. California Requests California residents may submit applicable privacy requests by contacting: We may verify your identity before processing your request. support@octowealthapp.com

Some browsers and devices offer “Do Not Track” or global privacy control signals. At launch, OctoWealth does not sell personal information or use financial account data for targeted advertising. Because there is not a single uniform industry standard for “Do Not Track” signals, OctoWealth may not respond to all such signals unless required by applicable law. Where legally required and technically feasible, we will honor applicable opt-out preference signals.

OctoWealth is intended for users in the United States only. If you access OctoWealth from outside the United States, you understand that your information may be processed in the United States and other locations where we or our service providers operate. Privacy laws in those locations may differ from the laws in your jurisdiction. We may restrict access from outside the United States.

We may update this Privacy Policy from time to time. If we make material changes, we may notify you by email, in-app notice, app update notice, posting an updated Privacy Policy, or another reasonable method. The updated Privacy Policy will be effective when posted or as otherwise stated in the notice. Your continued use of OctoWealth after the updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy. If we make changes that require renewed consent, we may ask you to review and accept the updated Privacy Policy before continuing to use certain features.

If you have questions about this Privacy Policy, your information, your privacy choices, or your deletion rights, contact us at: OctoPath LLC d/b/a OctoWealth Email: support@octowealthapp.com

Website: OctoWealth | Budget, plan, and build wealth for less