Privacy Policy
Effective May 4, 2026 · Last updated May 4, 2026
Sorted is operated by Mobile Ventures LLC d/b/a Sorted (“Sorted”, “we”, “us”, “our”). This Privacy Policy explains what we collect when you use the Sorted mobile app, the website at www.sorted.money, and the related services (together, the “Service”), how we use it, who we share it with, and the choices you have. Plain words, no surprises.
For a more visual walkthrough of how we handle your money data, read the Security page. The two are designed to agree on every fact.
Information we collect
We collect only what we need to run the Service. The categories below mirror the Apple Privacy Nutrition labels for our App Store listing.
Account & contact information
- Email address and a hashed password (or an OAuth identifier if you sign in with Apple, Google, or another provider).
- A user ID we generate to keep your records separate from everyone else’s.
- Optional profile fields you choose to add (first name, time zone, currency).
Financial information (via Plaid)
- Bank, credit-card, and brokerage account metadata: institution name, account name, account type, current and available balances, and a masked account number.
- Transaction history: amount, merchant, date, posted/pending status, category, and any user-supplied notes or corrections.
- An encrypted Plaid access token that lets us refresh transactions on your behalf. Your bank credentials never reach our servers — Plaid handles the login.
User content
- Goals, budgets, and any text you send to the Coach (the AI chat).
- Postcards you create, with the captions and styling you choose.
- Customer-support correspondence.
Device & usage data
- Coarse device information: device model, OS version, app version, language, and a randomly generated install ID.
- Diagnostic data: crash reports, performance traces, and error logs, used to keep the app from breaking.
- Product-interaction events (which screen you opened, which button you tapped) for product analytics. We do not collect precise location, contacts, photos, microphone, camera, health, or biometric data.
- Push-notification tokens, only after you grant permission.
Payment information
Subscription billing is handled by Apple (in-app purchases on iOS), Google (in-app purchases on Android), or Stripe (web checkout). We never see your card number. We do receive a receipt or customer identifier so we can grant you the right access level.
How we use information
- Run the product — categorize transactions, calculate the daily number, render charts, generate Coach replies, deliver push notifications you opted into.
- Personalize the Coach — anonymized recent transactions and your goals are sent to large language model providers so the assistant can answer with context. Your name, email, account numbers, and Plaid identifiers are stripped before the request leaves our servers.
- Keep you safe — detect fraud, abuse, and rate-limit violations.
- Communicate — send transactional emails about your account (receipts, security alerts), and product updates only if you opted in.
- Improve the product — measure feature usage in aggregate, fix crashes, debug performance.
- Comply with the law — respond to lawful requests, enforce our Terms.
We do not sell your personal information. We do not share it with advertisers. We do not train AI models on your transactions or chat content.
Who we share it with
Sorted runs on a small set of trusted vendors. Each is contractually bound to use your data only to provide the service we’ve hired them for.
| Vendor | What they do | What they receive |
|---|---|---|
| Plaid | Bank account linking and transaction sync. | Your bank login (handled inside Plaid’s flow), tokenized account access. |
| Supabase & AWS | Authentication, database, storage. US-based, encrypted at rest. | All of your account, financial, and content data, encrypted. |
| OpenAI & Anthropic | Generate Coach replies, classify transactions. | Anonymized prompts (merchant names + amounts, without your identity). Both vendors operate under zero-retention agreements — they do not store the prompts after responding and do not train on them. |
| Stripe | Web subscription billing. | Email, billing address, masked payment method handle. We do not receive full card numbers. |
| RevenueCat | Track subscription entitlements across iOS, Android, and web. | User ID, app receipt, plan status. |
| Apple & Google | Process in-app subscriptions and deliver push notifications. | Receipt validation, push tokens. |
| PostHog | Product analytics — which features people use. | Pseudonymous user ID, app events, device metadata. No transaction data. |
| Sentry | Crash and error reporting. | Stack traces, device metadata, user ID. Sensitive fields are scrubbed before transmission. |
| Upstash | Rate limiting. | User ID, request counts. |
| Vercel | Hosts the website and the API. | Server logs (IP address, user agent, route). |
We may also share information when required by law, when we have a good-faith belief disclosure is necessary to protect a person’s safety, or in connection with a merger or acquisition (with notice to you and the same protections continued).
Where your data lives
Sorted is operated from the United States. Data is stored on AWS and Supabase infrastructure in U.S. regions. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our vendors operate.
How long we keep it
We keep your information for as long as your account is active. When you delete your account, we permanently destroy your records within 24 hours, including transactions, goals, postcards, Coach history, push tokens, and your Plaid access token (which we revoke at Plaid). Backups are purged on a rolling 30-day cycle.
We may retain a minimal record (e.g. your hashed email and the fact that your account was deleted) where required by law, to enforce our Terms, or to prevent fraudulent re-signups. We do not retain transaction or Coach content after deletion.
Your choices and rights
- Access & export — request a copy of the personal information we hold about you. Email support@sorted.money.
- Correction — most fields are editable in-app. For anything you can’t edit, write to support.
- Deletion — Settings → Account → Delete account. Two taps, irreversible, completes within 24 hours. You can also email support to request deletion.
- Push notifications — toggle in iOS/Android Settings or in-app under Settings → Notifications.
- Marketing emails — every marketing email contains an unsubscribe link.
- Analytics — opt out of product analytics under Settings → Privacy.
California residents (CCPA / CPRA)
If you live in California, you have the right to know what personal information we collect, to access or delete it, to correct it, to limit the use of sensitive personal information, and to be free from discrimination for exercising these rights. To make a request, email support@sorted.money. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law.
EU, UK & other regions
The Service is currently aimed at users in the United States. If you use the Service from the EU, UK, or another region with comparable laws (such as GDPR or the UK GDPR), our legal bases for processing are: (a) performance of our contract with you, (b) your consent (for optional analytics and marketing), (c) compliance with legal obligations, and (d) our legitimate interests in operating and improving the Service. You can exercise your access, correction, deletion, portability, restriction, and objection rights by writing to support@sorted.money.
Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
Security
Transaction data is encrypted at rest with AES-256 and in transit with TLS 1.3. Database backups use separate keys held by AWS KMS. The Plaid access token is encrypted with a per-user envelope key. Read more on the Security page. No system is ever 100% secure; we’ll notify you promptly if we ever discover an incident affecting your account.
Changes to this policy
When we make material changes, we’ll update the “Last updated” date at the top and, for significant changes, notify you by email or in-app. Continued use of the Service after a change means you accept the updated policy.
Contact us
Questions, requests, or complaints? Email us at support@sorted.money. For security issues, write to security@sorted.money.