Privacy Policy
Last updated: May 2026
1. Introduction
Buffr ("we," "our," or "us") operates a financial-awareness platform that helps parents monitor their teen's spending activity for high-risk behavioral patterns. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.
2. Information We Collect
- Account information: name, email address, and phone number provided at sign-up.
- Financial data: transaction metadata (merchant name, amount, date, category) retrieved via the Plaid API from linked bank accounts. We do not store full account numbers or credentials.
- Usage data: log data, IP addresses, and browser/device information collected automatically.
3. SMS / Text Messaging
When you register for a Buffr parent account and provide a phone number, you consent to receive text message alerts from Buffr when potentially risky financial activity is detected on a linked account. These messages are sent using Twilio on the A2P 10DLC program.
- Message frequency: up to 10 messages per month, only when flagged activity occurs.
- Message and data rates from your mobile carrier may apply.
- Opt-out: reply STOP to any Buffr SMS to immediately unsubscribe. You will receive one final confirmation message and no further alerts.
- Re-subscribe: reply START or YES to opt back in after opting out.
- Help: reply HELP to any Buffr SMS or email support@usebuffr.com.
- Your phone number is used exclusively for Buffr alert messages. We do not sell or share your phone number with third parties for marketing purposes.
4. How We Use Your Information
- To operate the Buffr platform and provide transaction monitoring.
- To send SMS alerts when flagged financial activity is detected.
- To improve our risk-detection models and service quality.
- To comply with legal obligations.
5. Data Sharing
We share data only as necessary to operate the service:
- Plaid: to retrieve transaction data from linked bank accounts.
- Twilio: to send SMS alerts.
- Supabase: our database and authentication provider.
- OpenAI: transaction metadata (merchant name, amount) may be sent to OpenAI's API for risk analysis. No personally identifiable account or payment data is included.
We do not sell your personal information.
6. Data Retention
We retain account data for as long as your account is active. Flagged transaction records are retained for 24 months. You may request deletion of your account by contacting support@usebuffr.com.
7. Security
We use industry-standard security measures including TLS encryption in transit, encrypted storage at rest, and row-level security policies on our database. Bank credentials are never stored — access tokens are managed by Plaid.
8. Children's Privacy
Buffr accounts for minors (under 18) are created and managed by a parent or guardian. We do not knowingly collect personal data directly from children under 13.
9. Your Rights
Depending on your location you may have rights to access, correct, or delete your personal data. Contact us at support@usebuffr.com to exercise these rights.
10. Changes to This Policy
We may update this Privacy Policy periodically. The "last updated" date at the top of this page will reflect the most recent revision. Continued use of Buffr after changes constitutes acceptance of the updated policy.
11. Contact Us
Buffr
Email: support@usebuffr.com
Website: usebuffr.com