top of page

Lodestar: Security & Data Protection

Last updated: [insert date]

Lodestar is designed to help users gain clarity and control over their personal finances and life systems. Protecting user data—especially financial data—is a core principle of the platform.

This document explains how Lodestar safeguards data, how financial data is accessed, and the controls users have over their information.

1. Use of Financial Data & Plaid

Lodestar uses Plaid, a secure third-party financial data provider, to allow users to connect their financial accounts.

What this means:

  • Lodestar does not receive or store bank login credentials

  • Users authenticate directly with their financial institution through Plaid

  • Lodestar only accesses financial data explicitly authorized by the user

Financial data is used solely to provide user-requested features such as:

  • Viewing account balances

  • Displaying transactions

  • Categorizing spending

  • Supporting budgeting and financial planning tools

Lodestar does not sell financial data or use it for advertising.

2. User Consent & Control

Users must explicitly initiate all financial connections.

Before connecting an account:

  • The user is informed that Plaid is used

  • The type of data accessed is disclosed

  • The connection is optional and user-initiated

User Controls

Users may:

  • Disconnect any linked financial account at any time

  • Stop future data syncing immediately upon disconnection

  • Request deletion of their financial data

3. Data Security Practices

Lodestar follows industry-standard security practices appropriate for a production application.

Encryption

  • All data is transmitted over secure HTTPS (TLS)

  • Stored data is encrypted at rest

Access Controls

  • Financial data is scoped per user

  • Only authorized systems and services can access financial data

  • Plaid API credentials are stored server-side only

  • No Plaid credentials or secrets are exposed in client-side code

Infrastructure

  • Plaid integrations are handled exclusively by secure backend services

  • Access to production systems is restricted and monitored

4. Data Storage & Retention

  • Financial data is stored only as long as needed to provide active features

  • Disconnected accounts no longer sync data

  • Users may request full deletion of their financial data at any time

Deletion requests can be made via:

5. Third-Party Sharing

Lodestar:

  • Does not sell financial data

  • Does not share financial data with third parties for marketing

  • Uses Plaid solely as a data connectivity provider

Data is never accessed without user permission.

6. Incident Response

In the unlikely event of a data security incident:

  • Lodestar will promptly investigate the issue

  • Affected users will be notified as required by applicable law

  • Reasonable steps will be taken to prevent recurrence

7. Contact & Support

For questions about security, privacy, or data access, users may contact:

Email: support@yourdomain.com
Website: https://yourdomain.com

8. Related Policies

  • Privacy Policy

  • Terms of Service

These documents work together to describe how Lodestar operates and protects users.

bottom of page