Privacy Policy

Notice at Collection: Personal Information We Collect

We collect the following categories of personal information:

• Personal identifiers: Your name, collected during onboarding; and your phone number, collected during registration and used for authentication.
• Authentication credentials: Biometric data (if you enable biometric authentication on your device) or a password, used in combination with your phone number for OTP verification to authenticate your identity.
• Financial data (via Plaid): Account names, types, and balances; transaction history (payees, amounts, dates, categories); account holder name if available from your financial institution. This data is accessed on a read-only basis.
• Profile information: Your name, provided during onboarding or retrieved from your Plaid account holder data.
• Internet or other electronic activity information: Device identifiers, operating system, and app version; in-app interactions (e.g., widgets added, messages sent to the AI assistant, features used); push notification interaction data; crash logs and diagnostic data.
• Inferences drawn from personal information we collect.

We have collected the same categories of personal information in the 12 months prior to the date of this Privacy Policy.

Notice at Collection: Purposes for Collection of Personal Information

We collect your personal information to:

• Authenticate your identity and provide access to the App
• Connect to and retrieve data from your linked financial accounts via Plaid
• Power the Ponder AI assistant to answer your financial questions and generate custom dashboard widgets
• Send proactive push notifications about your finances (e.g., unusual spending, budget alerts)
• Send SMS messages for account-related communications
• Maintain your chat history and dashboard state across sessions
• Monitor or improve the reliability and performance of the App
• Prevent fraud, activities that violate our Terms of Service or other contracts, or that are illegal
• Comply with legal obligations and protect our rights and those of our users

Notice at Collection: Retention Periods

We retain the categories of personal information we collect for the length of time necessary to provide the App and to comply with legal obligations or to protect our legal rights. When you delete your account, personal data associated with your account — including your financial transaction history, chat messages, widgets, and profile information — will be permanently deleted. Residual copies may remain in backup systems for up to 30 days following deletion. Plaid connection tokens are revoked at the time of account deletion.

Notice at Collection: Categories of Personal Information We Sell or Share

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising or targeted advertising.

Sources From Which We Collect Personal Information

We collect personal information directly from you when you register and use the App, and from Plaid Inc. when you connect your financial accounts. We also collect usage and device data automatically through the App.

Financial Data Collected via Plaid

Ponder uses Plaid Inc. (“Plaid”) to enable you to connect your bank and financial accounts to the App. Ponder's access to your financial data is strictly read-only. We cannot initiate transfers, make payments, or move money on your behalf. Your use of Plaid is also governed by Plaid's Privacy Policy, available at https://plaid.com/legal.

Artificial Intelligence and Your Data

How AI Processes Your Data

Ponder uses large language model (LLM) technology to power its chat assistant and widget generation features. When you interact with Ponder, relevant financial data from your Plaid connection may be included in the context sent to the AI model in order to generate accurate, personalized responses.

AI Training and Your Personal Data

We do not use your personal financial data, chat messages, or transaction history to train, fine-tune, or improve any AI or machine learning models. Your financial data is processed transiently to generate responses and is not retained by our own infrastructure for model training purposes.

However, Ponder relies on third-party large language model (LLM) providers to power its AI features. The data handling and training practices of those providers are governed by their own terms and privacy policies, which may permit use of inputs for model improvement in certain circumstances. We encourage you to review the privacy policies of our AI infrastructure providers. Where available, we configure those services to opt out of training on your data.

Not Financial Advice

AI-generated responses, insights, widget content, and notifications provided by Ponder are for informational and organizational purposes only. They do not constitute financial, investment, tax, or legal advice. You should consult a qualified professional before making financial decisions.

How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising or targeted advertising. We may share your information only in the following limited circumstances:

• Service Providers: We share data with third-party vendors who help us operate the App (e.g., Plaid for bank connectivity, our AI infrastructure provider, cloud hosting, SMS delivery, push notification services, analytics).
• Legal Requirements: We may disclose your information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property, or safety of others, including to law enforcement agencies and judicial and regulatory authorities. We may also disclose your information to third parties to help detect and protect against fraud or data security vulnerabilities.
• Business Transfers: We may disclose or transfer your personal information to a third party in the event of an actual or potential sale, merger, acquisition, or other restructuring of our entity. We will notify you via the App before your information becomes subject to a different privacy policy.

SMS Consent and Terms

Information obtained as part of SMS or text messaging consent will not be shared with third parties or affiliates; it will only be shared with service providers that operate our SMS/text messaging service for the purpose of providing that service.

We may send SMS messages for account-related purposes, including one-time passcode (OTP) authentication and account notifications. Message and data rates may apply. You may opt out by contacting us at support@ponder.money, though opting out of OTP messages may prevent you from logging in.

Push Notifications

With your permission, we send push notifications to alert you to relevant financial events (e.g., spending alerts, budget milestones, AI-generated insights). You can manage notification preferences at any time through your device settings or within the App.

Third-Party Links and Services

The App may reference or link to third-party services. This Policy does not govern how those third parties collect or use your information. We do not endorse or have control over their practices. We encourage you to review the privacy policies of any third-party services you use in connection with Ponder.

Securing Your Personal Data

We implement and maintain reasonable security appropriate to the nature of the personal information that we collect, use, retain, transfer, or otherwise process, including encryption in transit (TLS) and at rest. However, there is no perfect security, and reasonable security is a process that involves risk management rather than risk elimination. While we are committed to maintaining a reasonable information security program, no such program can be perfect; all risk cannot reasonably be eliminated. Data security incidents and breaches can occur due to factors that cannot reasonably be prevented. Accordingly, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security. If you believe your account has been compromised, contact us immediately at support@ponder.money.

Personal Information of Minors

Ponder is not directed to minors. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@ponder.money and we will delete it.

Per California Civil Code section 1798.130(a)(5)(C), we do not knowingly sell or share for cross-context behavioral advertising the personal information of California residents under age 16 without their consent.

Changes to This Policy

We will review and update this Policy from time to time. If changes are made, we will update the Privacy Policy and reflect the date of such modification in the date above. If the changes are material, you will be notified through a notice within the App.

Accessibility

To make accessibility-related requests or report barriers, please contact us at support@ponder.money.

U.S. State Data Privacy Rights

Consumer Rights Under Comprehensive U.S. State Data Privacy Laws

We provide residents of the following states with rights with respect to the personal information we may collect about them under their state's data privacy law: California, Connecticut, Minnesota, Montana, and Oregon.

Right to Know: The right to know whether we are processing your personal information. California residents may also request categories of personal information collected since January 1, 2022, categories of sources, business or commercial purposes for collection, categories of personal information disclosed for a business purpose, and categories of third parties to whom personal information was disclosed.

Right to Access / Copy: The right to access or request a copy of your personal information, subject to certain exceptions.

Right to Delete: The right to request deletion of your personal information that we have collected from or about you, subject to certain exceptions.

Right to Correct: The right to request that we correct inaccuracies in your personal information.

Right to Know Third Party Recipients: The right to know the identities of third parties to which a business has disclosed personal information. This right is provided under Oregon and Minnesota privacy laws.

Rights to Opt Out: We do not sell personal information or use it for targeted advertising, so these opt-out rights are not applicable to Ponder.

Exercising Your Rights

We will respond to requests from residents of states with data privacy laws that apply to us and will do so with respect to the rights provided as of the effective date of each law.

To exercise applicable rights to know, access/copy, delete, correct, or know third parties to which personal information is disclosed, submit a request by contacting us at support@ponder.money. We will provide a substantive response within 45 days of the date on which we receive your request, to the extent your state law applies. If we require additional information or time to process your request, we will contact you.

Opt-Out Preference Signals and Do Not Track

An opt-out preference signal communicates a consumer's choice to opt out of the sale and sharing of personal information for cross-context behavioral advertising. We recognize the Global Privacy Control (GPC) signal for California users at the device level. We do not respond to the DNT or “Do Not Track” signal.

Exercising Your Rights Using Authorized Agents

Agents may submit requests on behalf of individuals. The agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. You will also be required to verify your identity directly with us or confirm that you provided the agent with permission to submit the request. Agents can submit requests by emailing support@ponder.money.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with state law pertaining to powers of attorney.

Verification of Requests

When you exercise rights other than opt-out rights, we will take steps to verify your identity. We will ask you for up to three pieces of personal information, depending on the nature of the request, and attempt to match those to information that we maintain or collect about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial.

When We Do Not Act on a Request

In some cases, we may not act on your requests (e.g., if we cannot do so under other laws that apply). When this is the case, we will explain our reasons for not providing you with the information or taking the action you requested.

Additionally, residents of states other than California have the right to appeal our decision by contacting us at the same method used to submit requests within 30 days after your receipt of our decision.

Non-Discrimination

If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly.

Contact Us

If you have questions about this Policy, wish to exercise your privacy rights, or would like to request a copy of this Privacy Policy in another format, please contact us at support@ponder.money.