Legal
Privacy
Policy
Effective date: June 1, 2026 · Last updated: June 1, 2026
Your privacy is not a footnote. 7 Pillars is built on the principle that your financial data belongs to you — not to advertisers, data brokers, or third parties. We will never sell your personal or financial information. This policy explains exactly what we collect, why we collect it, and how you can control it.
Section 01
Who We Are
7 Pillars is a personal financial operating system operated by 7 Pillars ("we," "us," or "our"), based in Minneapolis, Minnesota. Our product allows users to connect financial accounts, receive AI-powered financial guidance from Sophia, and manage their financial life across eight pillars: Banking, Credit, Investments, Debt, Property, Insurance, Travel, and Tax.
If you have any questions about this Privacy Policy, contact us at privacy@7pillars.app.
Section 02
What We Collect
We collect the minimum information necessary to provide the Service.
Account information
- Name and email address, collected when you create an account via Clerk authentication.
- Profile preferences, notification settings, and workspace configuration you set within the app.
Financial data
- Account balances, transaction history, and account metadata retrieved from financial institutions you choose to connect via Plaid. This connection is read-only — we cannot initiate transactions or move funds.
- Financial estimates and manual inputs you provide directly within the app.
- Subscription and billing information processed by Stripe when you subscribe to a paid plan. We do not store full payment card numbers.
Usage data
- Interactions with Sophia — the questions you ask and the answers provided. This data is used to improve the quality of guidance Sophia provides to you.
- App usage patterns and session data to improve the product.
- Device information and push notification tokens used to deliver notifications you have opted into.
Business workspace data (if applicable)
- Business transaction data you import via CSV or connect via Plaid.
- Invoice, customer, and reconciliation data you create within the business workspace.
- Receipt images you upload for expense documentation, stored securely in private cloud storage.
Section 03
What We Never Collect
- We never collect, store, or transmit your bank login credentials. All bank authentication is handled directly by Plaid. 7 Pillars never sees your password.
- We never sell, rent, lease, or otherwise transfer your personal or financial data to third parties for advertising, marketing, or any commercial purpose.
- We never use your financial data to train AI models that benefit other users or third parties.
- We do not serve advertising. 7 Pillars is a subscription product — your data is not the product.
Section 04
How We Use Your Data
- To power Sophia. Your financial data is used to generate your daily briefing, pillar insights, and conversational guidance.
- To maintain your account. We use your email address to authenticate you and send important service notifications.
- To send notifications. If you enable push notifications, we use your device token to deliver briefings and bill reminders. You can disable these at any time in Settings.
- To improve the product. Aggregate, anonymized usage patterns help us understand which features are valuable. This data cannot be linked back to any individual user.
- To comply with law. We may disclose information when required by law, court order, or to protect the rights, property, or safety of 7 Pillars, our users, or others.
Section 05
Third-Party Services
- Plaid Technologies, Inc. — powers financial account connections. Your bank credentials are transmitted directly to Plaid and never pass through 7 Pillars servers.
- Anthropic, PBC — the AI infrastructure powering Sophia. Financial context is sent to Anthropic's API to generate personalized responses.
- Clerk, Inc. — manages user authentication, session management, and account security.
- Supabase, Inc. — our primary database provider. All data is encrypted at rest using AES-256 and in transit using TLS 1.2+.
- Stripe, Inc. — processes subscription payments. We do not store payment card numbers.
- OneSignal, Inc. — delivers push notifications to users who have opted in.
- SendGrid (Twilio) — delivers transactional emails.
- Finnhub — provides real-time market data when you ask Sophia market-related questions. No personal data is shared with Finnhub.
Section 06
Data Security
- All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
- All data stored in our database is encrypted at rest using AES-256 encryption.
- Financial account connections are strictly read-only. 7 Pillars cannot initiate transactions, make payments, or transfer funds on your behalf.
- All database tables are protected by Row Level Security (RLS), ensuring each user can only access their own data.
- API rate limiting and input sanitization are enforced on all endpoints.
- Receipt and document uploads are stored in private cloud storage accessible only through time-limited signed URLs.
In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
Section 07
Data Retention
- Your account data is retained for as long as your account is active.
- Financial transaction data retrieved from Plaid is retained for up to 24 months.
- Sophia conversation history is retained for 12 months to power personalized guidance.
- If you delete your account, we will delete your personal data within 30 days, except where required by law.
- Anonymized, aggregate data that cannot be linked to any individual may be retained indefinitely.
Section 08
Your Rights and Choices
- Access your data. Request a copy of the personal data we hold about you by emailing privacy@7pillars.app.
- Export your data. Download your data directly from Settings → Legal & Security → Export my data.
- Disconnect accounts. Remove any connected financial account at any time from Settings.
- Disable notifications. Turn off push or email notifications at any time from Settings → Notifications.
- Delete your account. Request full account deletion from Settings → Legal & Security → Delete my account. All personal data will be removed within 30 days.
- Correct your data. Update your profile information directly within the app or contact us.
If you are a California resident, you may have additional rights under the CCPA. We do not sell personal information. To exercise any rights, contact us at privacy@7pillars.app.
Section 09
Children's Privacy
The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@7pillars.app.
Section 10
Cookies and Tracking
- Session cookies — used to keep you logged in between sessions. Managed by Clerk and essential for the Service to function.
- Local storage — used to remember your view preferences and onboarding state. This data never leaves your device.
We do not use third-party advertising cookies, tracking pixels, or behavioral analytics that profile you across the web.
Section 11
Changes to This Policy
We may update this Privacy Policy from time to time. For material changes that affect your rights, we will notify you via email or an in-app notification at least 30 days before the change takes effect.
Section 12
Contact Us
7 Pillars
Email: privacy@7pillars.app
Minneapolis, Minnesota, United States
We will respond to all privacy-related requests within 30 days.