AttendingFINANCIAL

Privacy Policy

Last updated: May 21, 2026

Attending Financial ("we," "our," or "us") operates the physician financial planning platform at attendingfinancial.com. This Privacy Policy explains what information we collect, how we use it, and how we protect it. If you have questions, contact us at privacy@attendingfinancial.com.

1. Data We Collect

  • Account information: your email address, name, and authentication credentials when you create an account.
  • Profile data: career stage, specialty, employer type, income range, loan details, and other financial profile fields you enter during onboarding or in settings.
  • Financial account data: if you connect accounts via Plaid, we receive read-only account balances and transaction history from your financial institutions. We do not store your banking credentials.
  • Usage data: pages visited, features used, and interaction events to improve the platform and troubleshoot issues.
  • Payment data: Stripe processes payments. We store only your Stripe customer ID and subscription status — never your card number or full billing details.

2. How We Use Your Data

  • To provide the platform: your profile data powers personalized AI insights and planning tools.
  • To process payments: subscription billing via Stripe.
  • To send transactional emails: account confirmation, subscription receipts, and trial expiry notices via Postmark.
  • To improve the platform: aggregated, anonymized usage patterns help us prioritize features.
  • We do not sell your data. We do not share your financial data with advertisers, insurance companies, or financial product vendors.

3. Data Retention

  • Your data is retained while your account is active.
  • If you delete your account, we permanently delete your profile and financial data within 30 days.
  • Anonymized, aggregate usage metrics may be retained indefinitely as they contain no personal information.

4. Data Security

  • Data is stored in Supabase (PostgreSQL) with row-level security policies that prevent any user from accessing another user's data.
  • All data is encrypted in transit (TLS 1.2+) and at rest.
  • Plaid access tokens are encrypted at rest using AES-256.
  • We do not store plain-text passwords. Authentication is handled by Supabase Auth.
  • Stripe handles all payment data in their PCI-compliant environment.

5. Third-Party Services

  • Supabase (database and authentication) — supabase.com/privacy
  • Stripe (payments) — stripe.com/privacy
  • Plaid (financial account connectivity) — plaid.com/legal/privacy-policy
  • Postmark (transactional email) — postmarkapp.com/privacy-policy
  • Vercel (hosting) — vercel.com/legal/privacy-policy
  • Anthropic (AI responses) — anthropic.com/privacy — note: AI conversations may be used to improve Anthropic models per their policy. We do not send your financial data to Anthropic in identifiable form beyond what you include in a chat message.

6. Your Rights

  • Access: you can export your profile data from Settings.
  • Correction: update any profile data at any time in Settings.
  • Deletion: delete your account and all associated data from Settings → Danger Zone.
  • Portability: contact us at privacy@attendingfinancial.com for a data export.
  • Residents of California (CCPA) and the European Economic Area (GDPR) have additional rights — contact us to exercise them.

7. Cookies

  • We use cookies only for authentication session management (via Supabase SSR). No advertising or tracking cookies are used.

8. Changes to This Policy

  • We will post material changes to this page and update the "Last updated" date. Continued use of the platform after changes constitutes acceptance.

9. Contact

  • Privacy questions: privacy@attendingfinancial.com
  • General: hello@attendingfinancial.com
← Back to home