Skip to main content
Sterling
Sign inGet started

Privacy Policy

Last updated: January 2026

1. Introduction

Sterling ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal finance application and related services (collectively, the "Service").

By using Sterling, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, password (encrypted), and profile details
  • Financial Connections: When you connect your bank accounts through Plaid, we receive account names, balances, and transaction history
  • User Content: Budgets, categories, notes, and preferences you create
  • Communications: Messages you send to our support team or through the AI chat feature

2.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, features used, and time spent
  • Device Information: Device type, operating system, browser type, and IP address
  • Log Data: Access times, pages viewed, and error logs

2.3 Information from Third Parties

  • Plaid: Financial account information including account details, balances, and transactions
  • Payment Processors: Subscription and billing information from Stripe (we do not store full payment card numbers)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Display your financial accounts, transactions, and balances
  • Generate personalized insights, budgets, and recommendations using AI
  • Process your subscription and payments
  • Send you service-related communications
  • Detect and prevent fraud and unauthorized access
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

4.1 Service Providers

  • Plaid: To connect and retrieve your financial account data
  • Stripe: To process subscription payments
  • Supabase: For database hosting and authentication
  • Anthropic: To provide AI-powered insights (anonymized data only)
  • Cloud Providers: For infrastructure and hosting services

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Strict role-based access to systems and data
  • Secure Authentication: Passwords are hashed; optional multi-factor authentication available
  • No Credential Storage: We never store your bank login credentials; Plaid handles authentication securely
  • Regular Audits: We conduct regular security assessments and monitoring

6. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active, plus 30 days after deletion
  • Transaction History: Retained for 7 years to comply with financial regulations
  • Usage Logs: Retained for 1-2 years for security and analytics
  • Backups: Retained for up to 90 days

You can request deletion of your data at any time (see Your Rights below).

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a portable format
  • Opt-Out: Opt out of marketing communications
  • Withdraw Consent: Withdraw consent for data processing where applicable

To exercise these rights, contact us at privacy@joinsterling.com or through your account settings.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your privacy rights

9. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

Sterling is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: