How it works Live demo Features Security About Contact Get the app
Legal

Privacy Policy

Last updated: 4 June 2026

Martian Wealth (“we”, “us”, “the app”) is operated by Nyaliens, Inc. This policy explains what data we collect, how we use it, and the choices you have. If you have questions, email support@martianwealth.com.

1. Information we collect

We collect only what’s needed to operate the app.

1.1 Account information

When you create an account we collect your name, email address, phone number, and password (stored as a bcrypt hash — we never see your plaintext password). If you sign in via Google or Apple, we receive the provider’s user ID, your name, and your email; we do not store provider passwords or access tokens beyond what’s needed for that single sign‑in.

1.2 Financial information

When you connect a bank account through Plaid, Plaid collects your bank login credentials directly — we never see them. Plaid then returns to us:

  • A list of accounts (name, type, last 4 digits, balance, currency).
  • Transactions (date, merchant, amount, category, payment channel) covering up to the last 24 months and ongoing thereafter.
  • An access token for that bank connection, which we encrypt with AES‑256‑GCM before storing.

You can read Plaid’s privacy notice at plaid.com/legal.

If you grant access via FinanceKit, we read your Apple Card transaction history through Apple’s API. Apple Card data is processed on‑device and on our servers under the same security controls as Plaid data.

1.3 Dashboards and prompts

When you ask the LLM to build a dashboard, we send your natural‑language prompt to Google Gemini to generate the dashboard structure. We do not send your raw transactions to the LLM — only the dashboard structure is generated by the model, and transaction data is fetched from our own database server‑side. The prompt itself is stored alongside the dashboard so you can re‑generate or refine it later.

1.4 Technical information

We collect server‑side logs (request URLs, timestamps, error stack traces, your account ID) for debugging and abuse prevention. We do not bundle third‑party analytics, advertising, or tracking SDKs in the app.

2. How we use your information

We use your information to:

  • Provide the core features of the app — bank connection, dashboard generation, account management.
  • Send transactional emails (verification, password reset, security alerts).
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations.

We do not sell your data, share it for advertising, or use it to train machine‑learning models.

3. Who we share information with

We share data only with the service providers we need to run the app:

ProviderPurposeData shared
PlaidBank account linking and transaction syncBank credentials (direct from you to Plaid) and our queries for your transactions
Google GeminiLLM dashboard structure generationYour prompt text and a list of available transaction categories — no transaction records
Google / AppleOAuth sign‑in (only if you use them)Your provider user ID and the email/name they return
Amazon Web ServicesHosting, database, email sending (SES)All app data, encrypted at rest and in transit

We may disclose information if required by law, subpoena, or to protect the rights, property, or safety of users.

4. How we protect your information

  • Plaid access tokens are encrypted with AES‑256‑GCM before being written to the database. Encryption keys are stored in AWS Secrets Manager, never in the database.
  • Passwords are hashed with bcrypt (cost factor 12).
  • All network traffic between the app and our servers uses HTTPS/TLS.
  • Refresh tokens are hashed in the database and rotated on every use; reuse of an old refresh token triggers revocation of all sessions for that account.
  • Access to production infrastructure is restricted to authorized personnel and protected by multi‑factor authentication.

No system is perfectly secure. If you believe your account has been compromised, email support@martianwealth.com.

5. How long we keep your information

  • Account and bank data: until you delete your account, after which we delete or anonymize it within 30 days.
  • Transaction records: kept while your bank is connected and for 30 days after you disconnect, to allow re‑connection without re‑syncing.
  • Server logs: 90 days.
  • Refresh tokens: rotated continually; revoked tokens are kept for 30 days for security forensics.

6. Your rights

You can:

  • Access or export your data — email support@martianwealth.com and we’ll send you a JSON export within 30 days.
  • Correct your name, email, or phone from the in‑app settings panel.
  • Delete your account from the settings panel. Deletion cascades to your bank connections, accounts, transactions, dashboards, and sessions.
  • Disconnect a bank at any time from the Accounts screen, which revokes the Plaid access token and stops further syncs.
  • Object to processing or request restriction — email us and we’ll comply where legally required (GDPR, CCPA).

Users in California (CCPA), the EU/UK (GDPR), and similar jurisdictions have additional rights, including the right to know the categories of personal information collected and the right to non‑discrimination for exercising these rights.

7. Children

Martian Wealth is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us information, email support@martianwealth.com and we will delete it.

8. Changes to this policy

We may update this policy. Material changes will be announced in‑app or by email at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the latest version.

9. Contact

Nyaliens, Inc.
Email: support@martianwealth.com

See also our Terms of Service and Security overview.