← Back to liway

Privacy Policy

Last updated: June 14, 2026 · Effective: June 14, 2026

liway (“we”, “our”, or “us”) provides a personal-finance tool that helps you see how much money is safe to spend before your next paycheck. This Privacy Policy explains what information we collect, how we use it, who we share it with, where it is stored, how long we keep it, and the choices you have. By creating a liway account or using the liway website or mobile apps, you agree to the practices described here.

If you have questions, contact connect@liway.app.

Who we are

liway is operated by Liway LLC, a Colorado limited liability company. We can be reached at connect@liway.app for any privacy questions, data requests, or general support. The product is currently available only in the United States.

Summary

  • We collect your email, a hashed password, what you tell us about your money (or what your bank tells us via Plaid), and limited operational metadata.
  • We use that information to compute your leeway — how much room you have between now and payday — and to keep your account secure.
  • We do not sell, rent, or share your data with advertisers or data brokers. We do not run ads, and we use no advertising or cross-site tracking SDKs. The liway web appuses first-party product analytics (PostHog) to understand feature usage — aggregate, pseudonymous, and never including your financial data; the iOS app does not. See Product analytics below.
  • You can edit, export, or delete everything we hold about you at any time. Deletion is immediate and cascades across every system we use.
  • All production data lives in the United States with SOC 2 Type II service providers.

Information we collect

We collect only what we need to compute your leeway and operate the service.

1. Account information

  • Email address (your login identifier and the address we send transactional emails to)
  • A bcrypt hash of your password (we never store the plain-text password)
  • Account creation timestamp and email-verification status

2. Financial inputs you enter

  • Current account balance
  • Paycheck amount and date
  • Upcoming bills (name, amount, due date, account)
  • Estimated spending until your next paycheck

These values are editable from inside the app at any time.

3. Bank account data (when you connect a bank via Plaid)

If you choose to link a bank account, our integration partner Plaid handles the bank login on our behalf. Plaid returns the following to liway:

  • Account names and types (checking, savings, etc.)
  • Current account balances (read-only)
  • A Plaid-issued access token that lets liway refresh balances later
  • Transaction history— see below

We never see, store, or transmit your bank login credentials. Those go directly from your device to Plaid. See Plaid’s End User Privacy Policy for how Plaid handles bank credentials.

How liway uses Plaid Transactions

We access your bank-account transaction history through Plaid for the sole purpose of automatically detecting recurring patterns that drive the leeway calculation:

  • Recurring paychecks— date, amount, and cadence of incoming deposits, so you don’t have to enter your paycheck manually.
  • Recurring bills— name, amount, due date, and account of outgoing recurring debits, so you don’t have to enter your bills manually.
  • Average discretionary spending— a rolling daily average computed from non-bill outflows, used to forecast the runway between now and payday.

Individual transactions are never displayed to you in the app, and they are never used for advertising, profiling, or shared with any third party. The transactions table stores the rows needed to re-run detection if Plaid sends an update; nothing else is done with that data.

You can disconnect your bank at any time (Settings → Disconnect). On disconnect we revoke the Plaid connection at Plaid before removing the local record.

4. Operational metadata

We log a small set of operational events to keep the service secure and observable. None of this is sold or shared for advertising:

  • Server-side access logs (from our hosting platform) — method, path, status, timestamp; request bodies are not logged.
  • Authentication audit logs — sign-in, sign-out, password change, account-deletion attempts (success and failure).
  • Plaid item-status events — connection created, refreshed, expired, revoked.
  • Email-send audit (from our transactional-email provider) — recipient address, template name, delivery status.

We do notcollect location data, contacts, photos, advertising identifiers, or any signal from advertising or cross-site tracking SDKs (we run none), and we do not fingerprint your device. The web app does use a first-party product-analytics SDK (PostHog) for aggregate usage events — see Product analytics below.

What we do not collect

  • Bank login credentials (Plaid handles these securely; we never see them)
  • Account numbers or routing numbers
  • Location data
  • Contacts, photos, microphone, camera, or other on-device data
  • Advertising identifiers (IDFA, AAID) — we don’t run ads
  • Advertising or cross-site tracking and attribution signals (no ad networks, no Google Analytics for ads, no advertising SDKs). Our only analytics is first-party product analytics on the web app — see Product analytics.
  • Cross-site cookies

How we use your information

  • Authenticate you when you sign in
  • Compute and display your leeway, risk level, and projections
  • Detect recurring paychecks, recurring bills, and discretionary-spending averages from Plaid transactions
  • Refresh balances from connected bank accounts
  • Send you transactional emails
  • Maintain audit logs of security-sensitive actions
  • Respond to your support requests

We do notuse your information for advertising, ad profiling, or selling to third parties. We do use aggregate, pseudonymous product analytics to improve the app — see Product analytics.

Product analytics

To understand how the product is used and where it can be better, the liway web app (my.liway.app) uses PostHog, a product-analytics service, hosted in the United States. The liway iOS app does not currently use analytics.

  • We record aggregate usage eventsonly — e.g. that a results screen was viewed, a bank-connect flow started, or the simulator was used.
  • Events carry no financial data and no personal information— no balances, amounts, transactions, account or merchant names, email, or name. Event properties are limited to non-identifying values such as a count or a risk category (SAFE / TIGHT / RISK).
  • You are identified to PostHog only by a pseudonymous internal id (a random account identifier), never by your email or name. The mapping back to you exists only in our own database.
  • We do not use session replay, and we do not sell or share analytics data. It is used solely to improve liway.

Who we share information with

We share information only with the service providers that make liway work. They act as data processors on our behalf, and every provider that handles production user data holds a current SOC 2 Type II report.

We rely on the following categories of providers (and we name the ones you interact with directly, plus the ones the app stores require us to name):

  • Bank connection — Plaid. We use Plaid for bank linking and read-only balance + transaction retrieval. You interact with Plaid directly via the Plaid Link UI when you connect a bank.
  • App distribution — Apple App Store and Google Play. They receive limited install / purchase metadata per platform policies; they do not receive liway-stored user data.
  • Cloud hosting— runs the liway API and admin dashboard
  • Managed database— stores account, financial, and bank-link data with encryption at rest
  • Transactional email— delivers verification, password-reset, and account-deletion emails
  • Product analytics — PostHog (US). Receives aggregate, pseudonymous usage events from the web app only (no financial data, no name or email). Not used by the iOS app.
  • DNS— resolves liway.app and its subdomains; no user data processed at edge
  • Source control + CI— hosts the codebase and runs deploy workflows; does not hold production user data

A complete, named list of subprocessors — including provider identity, role, data scope, current certifications, and the U.S. region each one operates in — is maintained internally and made available on request to connect@liway.app. We update the internal list whenever a vendor is added, replaced, or removed; this privacy policy does not need to be re-issued for vendor changes.

We do not sell or rent your information to anyone. We do not share it with advertisers, data brokers, or marketing partners. We do not participate in any data co-op, lookalike-audience program, or attribution exchange.

Where your data is stored

All production data is stored and processed in the United States. Application servers and the primary database both run in U.S. East regions. Email-delivery and DNS providers use globally distributed networks, but neither processes data-bearing user content beyond what is necessary for delivery. Specific region details for each subprocessor are available on request at connect@liway.app. If you access liway from outside the United States, your data is still transmitted to and stored in the United States.

How long we keep your data

We keep your data while your account is active.

When you delete your account

You can delete your account from the Settings screen at any time. Deletion is gated by password reauthentication, a one-time email code, and a type-to-confirm step. On confirmation, the cascade fires immediately:

  • We revoke your Plaid connection at Plaid (/item/remove) before removing the local connection record.
  • We delete every row that references your user ID across the user, financial, prediction, Plaid, refresh-token, and verification-token tables.
  • We log the deletion action to an internal audit log (timestamp only; does not contain your personal data).

There is no recovery window today. We are evaluating adding a 30-day soft-delete grace period in a future release.

Inactive accounts

We do not automatically delete inactive accounts today. If you would like your data removed, contact connect@liway.app.

Your rights and choices

You have the following rights for as long as you have an account with us. We honor them for all users, regardless of state of residence:

  • Access. Every value liway stores about you is visible inside the app. You can also request a complete export (see below).
  • Edit / correct. Financial inputs, bills, paycheck details, and account info are editable inside the app at any time.
  • Disconnect your bank. From Settings, at any time. We revoke the Plaid connection on disconnect.
  • Delete your account. From Settings; triggers the immediate cascade described above.
  • Opt out of “sale” of personal information. We don’t sell personal information, so there is nothing to opt out of.
  • Withdraw consent. Disconnecting your bank, deleting individual records, or deleting your account are operationally equivalent to withdrawing consent for the affected data.

Data portability

We do not have a built-in data-export feature today. For a complete export, contact connect@liway.app; we fulfill manually within 30 days.

State privacy notices

California (CCPA / CPRA). liway does not currently meet the revenue or data-volume thresholds that trigger formal CCPA / CPRA applicability. As a posture choice, we honor the underlying consumer rights described above for all users.

Other states. Our user-facing rights and operational posture (no data sale, no targeted advertising, full deletion right) apply to all users regardless of state.

International users. liway is available only in the United States. GDPR is not in scope today.

Children’s privacy

liway is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. If you become aware that a child under 13 has provided us with personal information, please contact connect@liway.app and we will delete it.

Security

  • All connections use HTTPS / TLS 1.2 or better; HSTS is enforced on all liway.app subdomains.
  • Passwords are stored only as bcrypt hashes; we never store plain-text passwords.
  • Authentication uses short-lived signed access tokens and longer-lived signed refresh tokens; refresh tokens on mobile live in the device’s secure enclave (iOS Keychain / Android Keystore).
  • Email verification at sign-up gates access to any authenticated route (including bank linking).
  • Account deletion requires password reauthentication PLUS a one-time email code PLUS a type-to-confirm step.
  • Production data lives in managed cloud-hosting and database providers that operate SOC 2 Type II controls; volume-level encryption at rest is enforced by the database provider.
  • Access to production systems is restricted to authorized personnel with multi-factor authentication enabled on every account.
  • Deploys to production are run only by CI workflows; no human runs deploys locally for production.

If we discover a breach affecting your personal information, we will notify you in accordance with applicable law, with a target customer-notification time of 72 hours.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the “Last updated” date at the top of this page and, for significant changes, by emailing you at the address on your account before the change takes effect.

Contact

For privacy questions, support, or data-rights requests:

connect@liway.app

Liway LLC
Colorado, USA