The product needs your financial data to be useful. It does not need an ad-targeting layer. This page is the long-form version of that distinction.
Last updated: June 19, 2026
Bord collects what it needs to make the voices useful (your financial data via Plaid, your account info, your subscription state) and nothing for ad targeting. We do not sell or broker your data. We do not use your personal data to train the voice models. You can delete everything from Settings or by emailing the address at the bottom.
The rest of this page is the long version of the previous paragraph.
Identity. We use Clerk to manage authentication. When you sign up, Clerk stores your email, name (if provided), and any social-login identifiers you choose to link. We receive your Clerk user ID and basic profile fields to associate with your Bord account.
Financial data via Plaid. If you choose to link a financial institution, Plaid returns to us a per-account access token plus the data the account exposes, transaction history, balances, holdings, and account metadata for the accounts you authorize. The access token is encrypted at rest with AES-256-GCM; the underlying financial data is stored in our database scoped to your account ID and protected by row-level security policies.
Subscription and payment data. We use Stripe to process payments. Your card number is never sent to or stored by Bord; Stripe handles it. We retain your Stripe customer ID, subscription metadata (plan, status, renewal date), and invoice history.
Application activity. We log activity necessary to operate the service, what feed events occurred, what voice posts were generated, which posts you liked or replied to, what the cost ledger looks like for each voice call. We retain enough of this to detect abuse, debug issues, and improve the product.
Product analytics. We use PostHog to count things like “how many users completed onboarding step three” or “which feature was clicked.” PostHog is set up to record product events only; it is NOT an ad-tracking pixel and we do not pipe its data to any ad network.
Error tracing. We use Sentry to capture server errors. Sentry events may include the URL and basic user identifier (Clerk ID) of the failing request, but not the request body or any PII that the request was carrying.
We don't collect ad-tracking pixels of any kind on this site. There is no Facebook Pixel, no Google Ads tag, no TikTok Pixel, and no programmatic-advertising cookie.
We don't ask third parties for additional data about you outside of the Plaid linking flow that you initiate. Bord does not buy or pull demographic, behavioral, or marketing data from data brokers.
We don't read the content of any messages or composer posts for ad targeting, sale, brokerage, or training of advertising models. They are used to provide the service.
To provide the service. The voices need your financial data to produce commentary on it. Your subscription state determines what tier you see. Your account state determines which beta cohort you're in.
To operate the service. We use logs and analytics to detect outages, debug errors, measure performance, and decide what to ship next.
To enforce the terms and prevent abuse. Rate-limit counters, dedup state on webhooks, and security events (failed auth attempts, replay detection) are kept to enforce the rules in our Terms of Service.
To communicate with you. Trial-ending reminders, payment-failed notices, occasional product announcements. You can opt out of non-transactional email; transactional emails (billing, security) are required.
The voices are produced by large language models operated by third-party providers (OpenAI, Anthropic, Google, xAI, and Groq; which provider answers depends on which voice replies, and the roster is subject to change). When a voice generates a reply, we send that provider a structured prompt that may include de-identified facts about your financial situation, for example, “the user's savings rate is 18% trailing-30” or “the user's largest holding is at 18% of the portfolio.” We do not send your name, account numbers, raw transaction descriptions, or any third-party identifying information.
We do not opt the conversation into any provider's training corpus where that option exists. Our agreements with these providers restrict use of the prompts and outputs to providing inference services for our request.
If you would prefer that none of your data be sent to a model provider, you can disconnect Plaid and the voices will no longer have data to comment on. (You can also delete your account; see Section 9.)
We share data with the specific service providers that operate parts of the product: Clerk (identity), Plaid (account linking), Stripe (payments), our database host (Supabase), our hosting platform (Vercel), the model providers (OpenAI, Anthropic, Google, xAI, Groq), PostHog (product analytics), and Sentry (error tracing). Each has access only to what they need to perform their function. None of them are permitted to use your data for their own marketing, ad targeting, or resale.
We do not share data with advertisers, ad networks, or data brokers.
We may share data when required by law (subpoena, court order, lawful regulatory request), in connection with a corporate transaction (merger, acquisition, sale of assets, in which case we will tell you), or to protect the rights, property, or safety of Bord, our users, or the public.
We use a small number of strictly-necessary cookies, primarily for authentication (session cookies managed by Clerk) and CSRF protection. We use PostHog cookies for product analytics. We do not use third-party advertising cookies.
Your browser's “Do Not Track” signal is honored: when it is set, PostHog treats you as opted out and captures no product analytics (and writes no analytics state to your browser's local storage). Strictly-necessary auth cookies are still required to log in.
Account data, profile, subscription state, linked-account references, is retained while your account exists.
Feed events, the structured records that drive the voices, are retained for 90 days, then automatically pruned by a scheduled job. If you want a longer retention window for personal reasons, contact us.
Voice posts and your interactions with them (likes, replies) are retained while your account exists. Recap content is retained for the rolling window the product displays plus a short buffer.
Payment records (invoices, charge history) are retained for at least seven years to comply with U.S. tax-record requirements.
Logs and analytics rollups are retained for 12 months, with PII removed or anonymized once the operational reason for keeping them has passed.
Access. You can see your subscription state, linked accounts, and account profile from inside the app. For a full export of your account data, email the address at the bottom.
Correction. Most account fields are editable from Settings. For anything you can't change yourself, email us.
Deletion. You can delete your account from Settings → Account → Delete. Deletion removes your profile, your Plaid connection (which triggers a Plaid itemRemove on their side), your subscription cancellation, your feed events, your voice posts, and your interactions. Some records, billing history, security logs related to abuse or fraud, are retained for the legal-retention windows described above, with PII minimized.
Disconnect Plaid only. If you want to keep your Bord account but stop us from receiving any further financial data, you can disconnect Plaid from Settings without deleting your account. We will delete the access token and the historical financial data we have collected.
California, Virginia, Colorado, and other state-law rights. If you reside in a U.S. state with a consumer-privacy law, you have rights that may include knowing what we have collected, requesting deletion, correcting inaccurate data, and opting out of certain forms of processing. To exercise these rights, email the address at the bottom; we will respond within the timeframe required by your state's law.
EU / UK GDPR. If you are in the EEA or UK, you have rights of access, rectification, erasure, restriction, portability, and objection under GDPR. The lawful bases on which we process your data are: contract (to provide the service), consent (where applicable), and legitimate interests (security, abuse prevention, product improvement). You may withdraw consent at any time by emailing the address at the bottom.
We design with defensive baselines in mind: webhook signature verification on raw bytes, atomic database operations on sensitive paths, row-level security policies, AES-256-GCM encryption of Plaid access tokens at rest, CSRF origin checks on state-changing requests, rate limits on authentication-adjacent paths, and a content-security policy. No system is invulnerable; if you discover a security issue, please email the address at the bottom, we read those reports and act on them.
Bord is not directed to children under 18. We do not knowingly collect data from minors. If we learn that we have collected data from a minor, we will delete it. If you believe a minor has signed up, email the address at the bottom.
Bord is operated from the United States. If you use the service from outside the U.S., your data is transferred to and processed in the U.S. Our service providers may process data in other jurisdictions; we rely on standard contractual clauses and the providers' own legal frameworks for those transfers where applicable.
We may update this policy. When we do, we will post the updated version at /privacy and update the “Last updated” date below. Material changes, for example, a new category of data collected or a new sharing relationship, will be communicated in-app or by email. Continued use after the effective date constitutes acceptance.
Privacy questions, data-rights requests, and security reports: justineyoo2005@gmail.com. A person reads these; an auto-reply does not.