Privacy Policy
This policy explains what data Vantid collects, what we do with it, and — just as importantly — what we don't do with it. It's short because the product is designed to handle as little of your data as possible.
The short version
- Your portfolio data lives on your machine. We never see it unencrypted.
- Brokerage and bank connections are optional and read-only. We can see the holdings and transactions you choose to import; we cannot trade, move money, or see your bank or broker username and password.
- We don't sell your data, share it with advertisers, or use it to train models.
- The only data we hold on our servers is what you explicitly give us: your email (if you sign up for early access or contact support), and end-to-end encrypted ciphertext (only if you turn on sync).
- You can delete everything we have by emailing us.
1. Who we are
Vantid is operated by Technotroupe LLP, a Limited Liability Partnership registered in India (GSTIN 33AAZFT2363G1ZT), with its registered office at S.F.NO 688/1A1A2C, Madukkarai Road, Kurichi, Eachanari, Coimbatore, Tamil Nadu 641021, India.
If you have questions about this policy or your data, contact us at privacy@vantid.money.
2. What we collect
We separate this into three buckets based on where the data lives.
2.1 Data that stays on your device
Your portfolio data — transactions, holdings, asset details, accounts, debts, goals, views, custom rules, milestones, projections, and history — is stored locally in a SQLite database on your computer. On macOS this lives at ~/Library/Application Support/com.aravind.wealthwatcher/; equivalent paths apply on Windows and Linux when those platforms are supported.
Any brokerage or bank access tokens issued by SnapTrade, Plaid, or direct broker integrations are also stored locally on your device (encrypted where the operating system provides a keychain).
We do not have access to any of this data unless you choose to share it with us (for example, by attaching a backup file to a support email).
2.2 Data you give us directly
- Email address and name, if you sign up for early access or contact support.
- Google account profile information (name, email, profile picture), if you sign in with Google to enable sync or Google Drive backup.
- Support correspondence you send us through the contact form or by email.
2.3 Data we receive when you use the service
- Sync ciphertext, if you opt into Multi-Device Sync. This is your portfolio data encrypted on your device before transmission. We hold the encrypted blob; we cannot decrypt it.
- Market-data request metadata, when the app fetches live or historical prices. Our proxy receives the ticker or instrument identifier and your IP address (so it can respond). We do not log this against your identity.
- Product analytics events via PostHog, only if you have not opted out of telemetry in Settings → Privacy. We send a small, fixed list of events (app opened, signed in/out, asset/debt/view/rule created, transaction import, sync run) with category-level properties only. Event properties never include tickers, account names, balances, dollar amounts, or any other value from your portfolio. Transaction counts are reported in coarse buckets (1, 2-9, 10-99, 100+) so exact portfolio shape is not leaked. Autocapture and session recording are disabled.
- Account-level events tied to your sign-up rather than your behavior: one server-side
user_signed_upevent on first sign-in, and a refresh of your PostHog Person properties (name, email, subscription tier, last-login time) on every sign-in. These are sent regardless of the telemetry opt-out, because they let us count active accounts and resolve support tickets to a real user. - API logs from our proxy and our hosting provider (timestamps, request paths, IP addresses, response codes), retained for up to 30 days for security and debugging.
- TestFlight beta data, which Apple shares with us per their standard terms (e.g., crash reports, install/uninstall counts). See Apple's TestFlight terms for what they collect.
The web demo at demo.vantid.money never sends any data to PostHog or to our email provider, because demo accounts are ephemeral.
2.4 Brokerage and bank integration data
Vantid offers optional, opt-in integrations with brokerages and financial institutions through both direct connections (Interactive Brokers, E*TRADE, Zerodha Kite) and aggregator services (SnapTrade, Plaid).
When you choose to link an account:
- Authentication happens through the broker's or aggregator's own login flow. We never receive or store your bank or brokerage username and password.
- The provider returns a read-only access token. That token is stored locally on your device (and inside your encrypted sync blob if sync is enabled).
- Vantid uses the token to fetch positions, transactions, account balances, and reference data only. We cannot trade, transfer funds, or change account settings.
- You can revoke the connection at any time from inside the app, which invalidates the token at the provider.
SnapTrade and Plaid each have their own privacy policies that govern data they collect and process about you during the linking flow and ongoing syncs.
2.5 What we do not collect
- We do not receive your bank or brokerage usernames and passwords. Authentication is handled by the broker or aggregator.
- We do not use session replay, autocapture, or A/B-testing SDKs. Our PostHog setup is configured with session recording and autocapture explicitly disabled, and product-analytics events are restricted to a closed, code-reviewed list (see §2.3).
- We do not collect crash reports outside of what Apple/TestFlight provides during beta distribution. No Sentry, Bugsnag, or equivalent crash-reporting SDK is bundled.
- We do not use advertising cookies, ad-tech identifiers, or marketing-attribution SDKs.
- We do not use your portfolio data to train AI models, ours or anyone else's.
3. How we use what we collect
We use your data only for the following purposes:
- To provide the service. Email gets your TestFlight invite. Google sign-in gives you sync identity. Sync ciphertext flows to other devices on your account.
- To respond to you. When you email support, we use the address to reply.
- To keep the service safe. Request logs help us detect abuse and debug outages.
- To send you essential updates. Service notices (security advisories, beta-ending notices, breaking changes). Not marketing.
- To comply with the law. If a valid legal process requires us to disclose something, we will, but we'll push back where appropriate and notify you when we're allowed to.
We do not use your data to train AI models, build advertising profiles, or sell to third parties. Full stop.
4. Who we share data with
We share data only with the providers needed to deliver the service:
| Provider | What they get | Why |
|---|---|---|
| Cloudflare | Hosting, proxy traffic (IP, request metadata, sync ciphertext) | Site hosting, market-data proxy, sync infrastructure |
| Name/email if you use Google sign-in; encrypted backup blobs if you opt into Google Drive backup | Authentication; user-owned backup storage | |
| Apple | Email/device info per TestFlight terms | Beta distribution |
| Loops | Email address, if you sign up for early access | Sending beta invites and product updates |
| Resend | The name, email, and message you submit through the contact form | Delivering your support message to our inbox |
| PostHog (US) | The product-analytics events described in §2.3 (no portfolio data ever); plus the account-level user_signed_up event and Person property refresh on sign-in |
Understanding which features get used, sized in aggregate |
| SnapTrade | The brokerage account you choose to link, and read-only requests for positions and transactions | Aggregated, read-only brokerage connections (opt-in) |
| Plaid | The institution you choose to link, and read-only requests for accounts, balances, and transactions | Aggregated, read-only bank and broker connections (opt-in) |
| Interactive Brokers, E*TRADE, Zerodha Kite | The access token you authorize, and read-only API requests scoped to your account | Direct brokerage connections (opt-in) |
| MarketStack, Yahoo Finance (via our proxy) | Ticker symbols and instrument identifiers (no user identity attached) | Live and historical market data |
Each provider has its own privacy policy. We choose providers that don't require us to hand them more than is necessary.
We share data with law enforcement only in response to valid legal process.
5. International transfers
Vantid is operated from India. Our hosting and proxy infrastructure is provided by Cloudflare, with traffic routed through their global edge network. If you use the service from outside India, your data — to the extent we hold any — may be transferred to and stored in India, or in whichever country Cloudflare routes your traffic through. Where required, we rely on standard contractual safeguards (and the providers' own equivalents) to keep transferred data protected.
6. Data retention and deletion
- Local data (your portfolio) lives on your device until you delete it. Uninstalling Vantid removes the local database.
- Sync ciphertext is retained while sync is enabled. When you disable sync or delete your account, we delete it within 30 days.
- Brokerage and bank access tokens are stored on your device. When you disconnect a connection in the app, the token is revoked at the provider and removed from your local store; if it was included in your sync blob, the next sync overwrites it.
- Email signups are retained until you ask us to remove you (one-click unsubscribe in every email).
- Support correspondence is retained for as long as needed to handle the issue, then deleted within 12 months.
- Server logs are retained for 30 days.
To delete everything we hold about you, email privacy@vantid.money from the address associated with your account and tell us to delete. We'll do it within 30 days and confirm in writing.
7. Your rights
Regardless of where you live, you can:
- Access what we hold about you (which is very little — see §2).
- Correct any of it.
- Delete any of it.
- Export what's exportable (your portfolio data is already exportable from inside the app at any time).
- Object to processing or withdraw consent at any time.
If you're in India, you have the rights granted under the Digital Personal Data Protection Act, 2023, including the right to nominate another individual to exercise your rights in the event of your death or incapacity. If you're in the EU/EEA, UK, or California (or another jurisdiction with specific data-protection laws), you have additional statutory rights — including the right to lodge a complaint with your data protection authority. Contact us first; we'd rather fix it.
8. Security
The portfolio database on your machine is protected by your operating system's file permissions and (where supported) keychain-stored credentials. We do not add a second layer of encryption to the local SQLite file by default.
Data that crosses our infrastructure is encrypted in transit (TLS). Sync data is additionally end-to-end encrypted on your device before it leaves; the encryption key never leaves your device. We hold ciphertext only.
We do our best to follow industry security practices. No system is impenetrable, and we won't tell you ours is. If we ever discover a breach affecting you, we'll notify you promptly and tell you what happened.
9. Children
Vantid is not intended for anyone under 18. We don't knowingly collect data from minors. If you believe a minor has signed up, contact us and we'll delete the account.
10. Changes to this policy
We'll post material changes to this page and update the "Last Updated" date. If a change materially expands what we collect or how we use it, we'll notify active users by email at least 30 days before it takes effect. Your continued use after the effective date constitutes acceptance.
11. Contact
Privacy questions: privacy@vantid.money
Legal and data-protection requests: legal@vantid.money
General support: support@vantid.money
Mailing address:
Technotroupe LLP
S.F.NO 688/1A1A2C, Madukkarai Road, Kurichi
Eachanari, Coimbatore
Tamil Nadu 641021, India