Privacy Policy

Last updated: February 2026

What AmberLark is

AmberLark is a budgeting application operated by Eric Brafford, Inc. ("we," "us," "our"). This policy describes how we collect, use, and protect your information when you use AmberLark.

Information we collect

Account information

When you register, we collect your name, email address, and password (stored as a salted hash, never in plain text).

Financial data

When you connect bank accounts via Plaid, we receive transaction data (dates, amounts, merchant names, categories) and account balances. We do not receive or store your bank login credentials — those are managed entirely by Plaid.

Usage data

We collect standard server logs (IP address, browser type, pages visited) for security and operational purposes.

Billing information

Payment processing is handled by Stripe. We do not store your credit card number. Stripe provides us with a customer ID and subscription status.

How we use your information

  • To provide the AmberLark service (syncing transactions, categorization, budgeting, reporting)
  • To improve our AI categorization system (learning from your categorization choices within your organization)
  • To manage your subscription and billing
  • To communicate with you about your account or service changes
  • To maintain security and prevent fraud

How we protect your information

  • All data is transmitted over HTTPS
  • Bank connections are read-only via Plaid (Transactions product only, no Auth)
  • Passwords are stored as salted hashes
  • Two-factor authentication is available for all accounts
  • Object-level permissions ensure data isolation between organizations
  • Infrastructure runs in containerized environments with automated security scanning

Data sharing

We do not sell your personal or financial data. We share data only with:

  • Plaid — to facilitate bank account connections and transaction sync
  • Stripe — to process subscription payments

We do not share your data with advertisers, data brokers, or any other third parties.

Data retention

Your data is retained as long as your account is active. If you close your account, we will delete your personal and financial data within 90 days, except where retention is required by law.

Your rights

You may request access to, correction of, or deletion of your personal data by contacting us. You may disconnect bank accounts at any time through the AmberLark interface.

Contact

For privacy-related questions, contact us at our contact page.