Privacy Policy

Last updated: April 2026

What AmberLark is

AmberLark is a budgeting application operated by Eric Brafford, Inc. ("we," "us," "our"). This policy describes how we collect, use, and protect your information when you use AmberLark.

Information we collect

Account information

When you register, we collect your name, email address, and password (stored as a salted hash, never in plain text).

Financial data

When you connect bank accounts via Plaid, we receive transaction data (dates, amounts, merchant names, categories) and account balances. We do not receive or store your bank login credentials — those are managed entirely by Plaid.

Usage data

We collect standard server logs (IP address, browser type, pages visited) for security and operational purposes.

Billing information

Payment processing is handled by Stripe. We do not store your credit card number. Stripe provides us with a customer ID and subscription status.

How we use your information

  • To provide the AmberLark service (syncing transactions, categorization, budgeting, reporting)
  • To improve our AI categorization system (learning from your categorization choices within your organization)
  • To manage your subscription and billing
  • To communicate with you about your account or service changes
  • To maintain security and prevent fraud

How we protect your information

  • All data is transmitted over HTTPS
  • Bank connections are read-only via Plaid (Transactions product only, no Auth)
  • Passwords are stored as salted hashes
  • Two-factor authentication is available for all accounts
  • Object-level permissions ensure data isolation between organizations
  • Infrastructure runs in containerized environments with automated security scanning

Data sharing

We do not sell your personal or financial data. We share data only with:

  • Plaid — to facilitate bank account connections and transaction sync
  • Stripe — to process subscription payments

We do not share your data with advertisers, data brokers, or any other third parties.

Data retention

We retain your account and budgeting data while your account and workspace are active. If you disconnect a bank connection, we stop future syncing and mark that connection as deleted, but we may keep the historical transactions already imported into your workspace until you delete them or request broader account or organization deletion.

If you request account closure and deletion, we review the request after verifying identity and aim to complete the deletion workflow within 90 days, except where we need to retain limited records for security, billing, fraud prevention, or legal reasons.

Deleted data may also remain in encrypted backups until the normal backup retention window expires.

Your rights

You may request access to, correction of, export of, or deletion of your personal data by contacting us. You may also export transactions from the app and disconnect bank accounts at any time through the AmberLark interface.

Some requests require a quick identity check before we act on them, especially when the request affects billing, connected financial accounts, or organization ownership.

Contact

For privacy-related questions, contact us at our contact page.