Privacy Policy
Yield ("we," "our," or "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and the choices you have.
The short version: We collect only what's needed to track your card benefits. We never store card numbers, CVV, or bank credentials. We never sell your personal data. You can delete everything at any time.
What We Collect
Account Information
- Name and email address — for account creation and login
- Authentication method — email/password or Apple Sign-In
Card & Benefit Data
- Card product names — which credit card products you hold (e.g., "Amex Platinum," "Chase Sapphire Reserve"). We identify cards by product name only.
- Benefit usage — how much of each credit you've used in the current period (e.g., "$85 of $100 Resy dining credit used")
Transaction Data (via Plaid)
If you choose to link your bank account, we use Plaid to access:
- Transaction history — merchant name, amount, date, and category. Used to auto-detect benefit usage (e.g., detecting a Resy charge to mark your dining credit as used).
- Account details — account type and name, used to identify which credit cards you hold.
Plaid's own privacy policy governs how Plaid handles your data: plaid.com/legal
Device Data
- Push notification token — for sending benefit expiration alerts
- Device platform — iOS (used for app functionality)
Anonymous Analytics
- Usage events — feature usage, agent task types, benefit categories. These are linked to a one-way hashed anonymous ID that cannot be reversed to identify you.
What we NEVER collect:
- Credit card numbers (full or partial)
- CVV or security codes
- Card expiration dates
- Bank account numbers or routing numbers
- Social Security numbers
- Bank login credentials (Plaid handles authentication securely)
- Location data
- Contacts, photos, or browsing history
How We Use Your Data
- Benefit tracking — match transactions to card benefits, calculate recovery rates, and track expiration dates
- Expiration alerts — send push notifications when benefits are about to expire (14, 7, 3, and 1 day warnings)
- Agent actions — search for restaurants, find gift card options, optimize subscriptions, and generate retention scripts based on your card data
- Offer scanning — surface relevant offers from your card issuers
- Product improvement — anonymous analytics help us understand which features are used and improve the app
How We Protect Your Data
- Encryption in transit — all data transmitted using TLS 1.2+
- Encryption at rest — all stored data encrypted using AES-256 via our infrastructure provider (Supabase)
- Access controls — row-level security ensures users can only access their own data
- Biometric protection — Face ID or Touch ID required for all financial agent actions
- No raw credentials — bank authentication handled entirely by Plaid's secure infrastructure
- Audit logging — every agent action logged with timestamp for transparency
Data Sharing
We do not sell your personal information. We share data only with:
- Plaid — to access your bank transaction data (with your explicit consent via Plaid Link)
- Supabase — our infrastructure provider that hosts and encrypts your data
- Expo — for push notification delivery
We do not share your data with advertisers, data brokers, or any third parties for marketing purposes.
Data Retention
- Benefit usage history — retained for the lifetime of your account (needed for streak tracking and recovery history)
- Transaction data — retained for the lifetime of your account (needed for benefit matching)
- Anonymous analytics — retained indefinitely (cannot be linked to your identity)
Your Rights & Choices
Account Deletion
You can delete your account at any time from Settings → Delete Account. This permanently removes:
- Your profile (name, email)
- All linked cards and benefit data
- All transaction data
- All agent task history
- All notification preferences and tokens
- Your authentication account
Anonymous analytics data (which cannot be linked to you) is retained after deletion.
Bank Connection
You can disconnect your bank at any time. You can also use Yield without linking a bank by adding cards manually — transaction-based features will be unavailable, but benefit tracking still works.
Notifications
You can disable push notifications at any time via your iPhone's Settings.
Children's Privacy
Yield is not intended for users under 18. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via the app or email. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
Questions about this policy or your data?
Email: privacy@getyield.io
Or reach us at: ben@getyield.io