Effective Date: April 20, 2026
Ask Allen LLC (“Ask Allen,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you access or use the Ask Allen mobile application, web-based application, AI Feature, website, and related services (collectively, the “Service”).
By using the Service, you agree to this Privacy Policy.
This Privacy Policy applies to information collected through:
This Privacy Policy does not apply to third-party websites or services that we do not control.
We collect information in the following categories:
We may collect:
Our Service may allow you to connect financial accounts through third-party financial data connectivity providers, such as Plaid, to provide budgeting insights, transaction categorization, merchant identification, and other financial analysis features.
When you choose to connect financial accounts, you authorize our financial data connectivity providers and us to access and retrieve certain financial account information from your financial institutions on your behalf.
Financial account connections are optional. You may choose not to connect accounts or may disconnect them at any time.
We may use third-party financial data connectivity providers to facilitate secure connections to financial institutions.
These providers may include services such as Plaid or similar financial data infrastructure providers.
When you connect financial accounts:
The financial data provider processes your information according to its own privacy policy.
Your information may be processed according to the Plaid Privacy Policy https://plaid.com/legal/.
We encourage you to review the privacy policies of any financial data providers used in connection with the Service.
When you connect financial accounts, we may receive certain financial information from your financial institution through the financial data provider, including:
We do not receive or store your banking passwords or full login credentials.
Authentication is handled directly through the secure infrastructure of the financial data connectivity provider.
Financial data obtained from connected accounts may be used to:
Financial data is used solely to provide and improve the functionality of the Service.
We do not sell financial transaction data to third parties.
If you use AI-powered features within the Service, certain financial data may be processed to generate insights or explanations.
For example, AI systems may analyze transaction descriptions or spending patterns to provide:
AI processing may involve transmitting limited contextual information to third-party AI model providers such as Anthropic for the purpose of generating responses.
Where available, we configure these services using zero-data-retention or limited-retention settings so prompts are not stored or used for model training.
Financial data obtained from connected financial accounts is shared only in limited circumstances necessary to operate the Service.
We may share financial data with:
These providers are contractually required to process information solely to provide services on our behalf.
We do not share financial data with advertisers or data brokers.
Users maintain control over connected financial accounts and may:
When an account is deleted, we will take reasonable steps to:
Financial account information is retained only as long as necessary to provide the Service and maintain account functionality.
Certain limited records may be retained where required by law, including:
We implement reasonable administrative, technical, and organizational safeguards designed to protect financial information, including:
Despite these safeguards, no system can guarantee absolute security.
Financial account data obtained through financial data connectivity providers is not used for targeted advertising, marketing profiling, or data brokerage purposes.
Financial data is used exclusively to deliver the financial insight and analysis features requested by users.
Important: Ask Allen does not receive or store your online banking username/password. Plaid handles authentication.
We collect:
If you purchase a subscription, we may collect:
Payment processing for Ask Allen’s mobile application is handled by Apple App Store or Google Play Billing. Ask Allen does not directly store your full payment card number.
Stripe \- Ask Allen uses Stripe Checkout (hosted by Stripe) for all web-direct subscription payments, meaning all payment form rendering and card processing occur on Stripe’s infrastructure, not on Ask Allen’s servers. Sends subscription lifecycle events to RevenueCat, which is the single source of truth for entitlement state.
Stripe Data Collected \- Stripe collects your Name, email, billing address, payment method (card details handled entirely by Stripe — Ask Allen never receives or stores card numbers), subscription status, and purchase history. Stripe does not receive any financial account data from Plaid or any AI conversation data.
PCI compliance disclosure: Ask Allen uses Stripe Checkout (hosted) for all payment processing and never receives, transmits, or stores credit card numbers. No PCI SAQ is required for hosted Stripe Checkout integrations.
Stripe’s data practices: Stripe processes billing data under its own privacy policy. Ask Allen is not responsible nor has any liability if you suffer any damages of any kind from your use of the products and services offered by Stripe, and you are subject to Stripe’s Privacy Policy. https://stripe.com/privacy.
We may collect technical information including:
If you use our website, we may use cookies and similar technologies for:
We use information for the following purposes:
Including:
We process your messages and relevant financial context to generate responses through AI models (including Anthropic Claude API).
Including:
Including:
Ask Allen may aggregate and de-identify User Data to create Derived Data and Aggregated Data, which may be used to improve services and shared across users, provided such data cannot reasonably identify any individual.
Including:
Including:
Including:
3.8 Aggregation and Shared Merchant Verification
Ask Allen may de-identify transaction descriptions, merchant identifiers, and related metadata.
Ask Allen may aggregate such De-Identified Data across multiple users.
Ask Allen may incorporate the resulting Derived Data and Aggregated Data into a shared Merchant Reference Database for users.
The Merchant Reference Database may be used to improve merchant verification, normalization, categorization, fraud detection, and data accuracy for all users.
Ask Allen represents that the Merchant Reference Database:
Ask Allen shall not:
To provide the Services, we engage certain third-party service providers that process Customer Data on our behalf. These providers perform limited functions such as financial data aggregation, AI model processing, cloud hosting, analytics, subscription management, and in-app payment processing. Third-party data processors engaged by Ask Allen are: Plaid, Anthropic, Firebase/Google Cloud, RevenueCat, Stripe, and Apple.
We require our service providers to process Customer Data only in accordance with contractual restrictions and applicable data protection laws. However, Customer acknowledges that third-party platforms operate independently and are governed by their own terms and privacy policies.
We use Plaid to enable secure connections between your financial accounts and the Services.
Data Processed May Include:
Important Disclosures:
We receive financial data from Plaid and use it solely to provide budgeting insights, categorization, and analytics within the Services.
We use Anthropic as a third-party AI service provider to process certain user prompts, transaction metadata, and related contextual information in order to generate AI-powered financial insights, categorizations, summaries, and educational guidance (the “AI Processing Services”).
When you submit a question, request analysis, or interact with conversational features of the Services, relevant content may be transmitted securely to Anthropic for real-time processing.
We configure our integration with Anthropic under a zero data retention (“ZDR”) setting.
Under this configuration:
We rely on Anthropic’s contractual commitments and technical controls to support this zero retention configuration.
Data Processed May Include:
We do not intentionally transmit full login credentials for financial institutions, raw bank authentication secrets, or payment card numbers to Anthropic.
Disclosures:
Purpose Limitation
Anthropic processes data solely for the purpose of generating AI responses requested by us on your behalf.
Anthropic does not act as an independent data controller with respect to your conversation content when operating under our zero data retention configuration. Instead, it acts as a service provider or processor under our instructions, subject to contractual restrictions.
AI-generated outputs are probabilistic and may contain inaccuracies, misclassifications, or incomplete analysis. The use of zero data retention does not eliminate the inherent limitations of machine learning systems.
We use Google Cloud and Firebase for infrastructure hosting, database storage, authentication services, crash reporting, and application performance monitoring.
Data Processed May Include:
Disclosures:
We use RevenueCat to manage subscription status, entitlement tracking, and in-app purchase validation.
Data Processed May Include:
RevenueCat does not receive full financial account transaction histories. It processes only information necessary to validate subscriptions and manage entitlements.
If you download or subscribe to the Services through Apple’s App Store or Google Play:
Platform providers may independently collect device identifiers, usage analytics, or transaction metadata in accordance with their own policies.
Each third-party service provider maintains its own privacy policy and security practices. While we contractually restrict the use of Customer Data where applicable, we do not control:
Users are encouraged to review the privacy policies of the applicable third-party providers.
We may update our list of subprocessors from time to time as our Services evolve. Where required by law, we will provide notice of material changes. Continued use of the Services after such updates constitutes acknowledgment of the revised subprocessor list.
##
##
To the extent Customer Data is transferred internationally by a third-party processor, such transfers will be subject to appropriate legal safeguards as required by applicable law (e.g., standard contractual clauses or equivalent mechanisms where applicable).
We do not sell Customer financial transaction data to third parties. Third-party processors described above act solely to provide services to us or on our behalf.
We do not sell your personal information. We do not share your personal information for targeted advertising.
We may share information only in the following circumstances:
We share data with vendors who provide services necessary to operate the app, including:
Plaid provides secure bank account connection and data retrieval services.
We may send conversation content and limited relevant context to Anthropic’s Claude API to generate AI responses.
RevenueCat helps manage subscription verification and entitlements across Apple and Google.
Firebase Google Cloud
We use Firebase, a platform provided by Google, and Google Cloud infrastructure services (collectively, “Google Infrastructure Providers”) to host, store, process, secure, and support the operation of the Service.
We may use analytics and crash-reporting providers to understand usage and improve stability (e.g., performance monitoring, diagnostics, aggregated usage insights).
We may disclose information if required by law, subpoena, court order, or legal process.
If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction.
We may share information to protect our users, enforce our Terms, prevent fraud, or protect the safety of the Service.
Ask Allen uses artificial intelligence to generate outputs. AI responses are created by automated systems and may incorporate information from your conversation history and connected account data.
AI-generated outputs:
We do not guarantee the accuracy of AI outputs.
We retain personal information only as long as necessary to:
Retention periods vary depending on the type of data.
Transaction and account data may be retained while your account is active and for a limited period after account deletion to comply with legal and operational requirements.
Chat conversations may be retained for service improvement, customer support, and continuity of the user experience, subject to deletion requests and retention limits.
Subscription status records may be retained for audit, verification, and compliance.
You may delete your account at any time directly in the app under:
Settings → Delete Account
When you delete your account:
Ask Allen will immediately delete your data upon account deletion request which includes: user profile document, all transaction records, connected account records, user settings and preferences, personal merchant mappings, chat history with Allen, and Firebase Authentication record.
Revoked immediately: all Plaid access tokens (via Plaid API /item/remove for each connected institution). This cuts off any further access to your bank bank data.
Data that is Retained by third-party platforms per their own policies (outside our control): Stripe billing/payment records, RevenueCat subscription records, Apple/Google purchase records. Ask Allen not store credit card numbers — Stripe handles all payment data.
Short-term retention (recommend 30 days): backup data may persist for fraud prevention, billing dispute resolution, and legal compliance purposes. After 30 days, your data is permanently purged.
Not retained: Ask Allen does not keep anonymized or de-identified copies of deleted user data. When it's gone, it's gone.
We may retain limited information where necessary for:
We will handle retained information in accordance with this Privacy Policy.
Important: Deleting your account does not automatically cancel your subscription. You must cancel through Apple or Google.
We use commercially reasonable administrative, technical, and organizational safeguards to protect your information.
These safeguards may include:
However, no system can guarantee 100% security. You use the Service at your own risk.
Depending on your jurisdiction, you may have rights including:
To exercise privacy rights, contact us at:
privacy@askallen.ai (or other designated email)
We may require identity verification before fulfilling requests.
The Service is not intended for children under 18. We do not knowingly collect personal information from minors. If we learn we have collected data from a minor, we will delete it.
If you access the Service outside the United States, you understand that your information may be transferred to and processed in the United States or other jurisdictions where our service providers or we operate.
The Service may include links to third-party websites or services. We are not responsible for the privacy practices of third parties.
We may update this Privacy Policy from time to time. If changes are material, we will notify you through the app or by email.
Your continued use of the Service after updates constitutes acceptance.
This section applies only to California residents and is provided pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).
In the past twelve (12) months, we may have collected the following categories of personal information:
A. Identifiers
Examples: name, email address, internal account ID, device identifiers, IP address.
B. Financial Information
Examples: bank account transaction history, balances, spending patterns, merchant names (provided via Plaid with your authorization).
C. Commercial Information
Examples: subscription tier, subscription status, purchase history, trial status.
D. Internet or Other Electronic Network Activity Information
Examples: app usage activity, feature engagement, interaction logs.
E. Geolocation Data (Approximate Only)
Examples: approximate location inferred from IP address (if collected by analytics or security tools).
F. Inferences
Examples: insights derived from transaction patterns or app usage to provide budgeting summaries and spending analysis.
G. Sensitive Personal Information (as defined under CPRA)
We may process certain financial information that may be considered “sensitive personal information” under California law, including financial account transaction data and account balances, if you choose to connect accounts through Plaid.
We do not use or disclose sensitive personal information for purposes other than those permitted by the CPRA (such as providing the Service, ensuring security, preventing fraud, and maintaining functionality).
We collect personal information from the following sources:
We collect and use personal information for business purposes including:
In the past twelve (12) months, we may have disclosed the categories of personal information listed above to the following categories of recipients for business purposes:
Ask Allen does not sell personal information.
Ask Allen does not share personal information for cross-context behavioral advertising (as defined under CPRA).
We do not provide targeted advertising and do not monetize user data.
This Data Retention Policy explains how Ask Allen retains, manages, and deletes personal information and financial data collected through our AI-powered financial platform (the “Service”).
The Service integrates with third-party providers including Anthropic, Plaid, RevenueCat, Google Cloud, and Firebase, and is distributed through mobile platforms including Apple iOS and Google Android.
We retain information only for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and improve our products.
We retain several categories of data depending on how users interact with the Service.
Information users provide when creating an account.
Examples include:
Retention Period
When users connect financial accounts through Plaid, we receive limited financial data necessary to provide the Service.
Examples include:
Retention Period
Important: Financial account credentials are not stored by our platform and are securely managed by Plaid.
The Service may allow users to interact with artificial intelligence features powered by Anthropic.
AI interaction data may include:
Retention Period
Where possible, AI conversation data is processed under zero data retention configurations, meaning the AI provider does not store the content after processing.
Subscription payments and billing data are processed through RevenueCat and app store platforms.
Examples include:
Retention Period
Note that payment information may also be retained by app store platforms such as Apple and Google according to their respective policies.
We may collect device and usage information to operate and improve the Service.
Examples include:
Infrastructure services, including Google Cloud and Firebase store these operational logs.
Retention Period
We may create aggregated or anonymized data that does not identify individual users.
Examples include:
Retention Period
Users may request deletion of their data by:
Upon account deletion, we will:
1. Revoke financial access tokens from Plaid
2. Delete stored financial records from Firebase databases
3. Remove AI conversation logs where applicable
4. Delete user identifiers from our systems
Deletion is typically completed within 30 days.
Certain information may be retained longer if required by law, financial regulations, or fraud prevention obligations.
We may retain information longer where required to:
resolve disputes or enforce agreements
When retention periods expire, data is securely deleted or irreversibly anonymized.
Data retained under this policy is protected using administrative, technical, and physical safeguards including:
We may update this Data Retention Policy from time to time. Updates will be posted within the application or on our website with a revised “Last Updated” date.
If you have questions about this Data Retention Policy or our data handling practices, contact:
Ask Allen LLC
900 Foulk Rd, Ste 201
Wilmington, DE 19803
privacy@askallen.ai
You may request deletion of your personal information, subject to certain exceptions described in this Privacy Policy.
California residents may have the right to:
To submit a request, contact us at:
privacy@askallen.ai
Subject Line: California Privacy Request
We may request additional information to verify your identity. You may also authorize an agent to submit a request on your behalf, but we may require proof of authorization.
Ask Allen does not offer financial incentives for the collection or sale of personal information.
California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes.
Ask Allen does not disclose personal information to third parties for direct marketing purposes.
Some browsers offer “Do Not Track” settings. At this time, we do not respond to Do Not Track signals due to the lack of an industry standard.
We design and operate our artificial intelligence systems with consideration for emerging state and federal laws governing artificial intelligence systems, automated decision-making, and consumer protection.
These laws may include, among others:
Our compliance approach is designed to support transparency, responsible AI use, and protection of consumer rights.
The Colorado Artificial Intelligence Act establishes requirements for developers and deployers of certain “high-risk” artificial intelligence systems used in consequential decision-making, such as lending, employment, housing, healthcare, or education.
Where applicable, we implement reasonable governance practices designed to align with the principles of this law, including:
We take reasonable measures to identify and mitigate potential risks associated with AI systems, including potential algorithmic bias or discriminatory outcomes.
The Service is designed primarily to provide informational financial insights and educational guidance, and is not intended to make automated consequential decisions regarding eligibility for financial services, employment, housing, healthcare, or government services.
Where appropriate, we may maintain internal documentation addressing:
If an AI system is used to generate outputs or automated insights, we provide disclosures informing users that:
Users remain responsible for interpreting AI-generated outputs and making final decisions based on their own judgment.
The Service does not replace professional financial, legal, or tax advice.
California has enacted multiple laws intended to increase transparency around artificial intelligence systems.
These laws may require developers to provide disclosures regarding AI-generated content, training data, and safety practices.
Where required by applicable law, we provide disclosures informing users that:
Certain California laws require AI systems interacting with users to disclose that the interaction involves artificial intelligence rather than a human. We provide such disclosures where applicable.
California law may require developers of generative AI systems to provide public documentation describing the types of data used to train such systems.
Where applicable, the developers of the underlying AI models we use (such as third-party model providers) may publish documentation describing:
Because we use third-party AI model providers, training data disclosures are typically provided by those model developers.
California law may also require certain AI developers to publish information about safety testing, risk mitigation practices, and incident reporting related to advanced AI systems.
We monitor applicable regulatory developments and may implement additional safeguards, disclosures, or documentation as required by applicable law.
Certain jurisdictions may require AI-generated content to include disclosures or provenance signals indicating that content was generated using artificial intelligence.
Where applicable and technically feasible, we may implement mechanisms designed to identify or disclose AI-generated outputs.
We seek to design AI systems consistent with widely recognized responsible AI principles, including:
Our systems are intended to assist users by providing informational analysis and educational insights, not automated decision-making affecting legal rights.
Artificial intelligence regulation continues to evolve rapidly across U.S. states and internationally.
We may update our AI governance practices, disclosures, and policies as new laws or regulations take effect.
Our internal AI governance practices may include:
These practices are intended to support responsible development and operation of AI-enabled services.
If you have questions, contact:
Ask Allen LLC
900 Foulk Rd, Ste 201
Wilmington, DE 19803
Email: privacy@askallen.ai
Support: support@askallen.ai