Skip to content

Privacy Policy

Effective date: March 2, 2026

Vigilant Works, LLC (doing business as Thermal / Thermal Finance, "we," "us," or "our") operates the Thermal Finance application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

We collect the following categories of information:

  • Account information — name, email address, and authentication credentials when you create an account.
  • Financial data — bank account balances, transactions, and investment holdings synced through Plaid. We never store your bank login credentials.
  • Billing information — payment details are processed and stored by Stripe. We do not store full credit card numbers.
  • Usage analytics — pages visited, features used, and general interaction patterns to improve the service.
  • Device & browser information — browser type, operating system, and screen size for compatibility and troubleshooting.

How We Use Your Information

  • Provide, operate, and maintain the Thermal service.
  • Sync and display your financial accounts, transactions, and balances.
  • Generate budgets, projections, retirement simulations, and AI insights based on your data.
  • Process payments and manage your subscription.
  • Send transactional emails (trial reminders, receipts, security alerts).
  • Improve, personalize, and expand our service.
  • Detect and prevent fraud or abuse.

Third-Party Services

We share data with the following third-party providers only as necessary to operate the service:

  • Plaid — securely connect your bank accounts and retrieve financial data. Subject to Plaid's Privacy Policy.
  • Stripe — payment processing. Subject to Stripe's Privacy Policy.
  • Convex — cloud database and backend infrastructure where your data is stored.
  • Vercel — application hosting and delivery.
  • Resend — transactional email delivery.

We do not sell your personal information to third parties.

Data Security

We implement industry-standard security measures to protect your data. All data is encrypted in transit (TLS) and at rest. Bank credentials are never stored on our servers — Plaid handles authentication directly. Access to production systems is restricted and audited. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the service. When you delete your account, we delete your financial data, account information, and associated records within 30 days. Some data may be retained longer where required by law (e.g., billing records for tax purposes).

Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Export — download your financial data in a portable format.
  • Delete — request deletion of your account and associated data.
  • Correct — request correction of inaccurate personal data.
  • Opt out — manage email preferences and opt out of non-essential communications.

To exercise any of these rights, contact us at privacy@thermalfinance.com.

Cookies

We use essential cookies to maintain your authentication session and preferences. We do not use third-party advertising or tracking cookies. Analytics cookies, if used, are anonymized and can be disabled in your browser settings.

Children's Privacy

Thermal is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA). You may request disclosure of the categories and specific pieces of personal information we have collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To submit a request, email privacy@thermalfinance.com with the subject line "CCPA Request."

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the app. Your continued use of Thermal after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, contact us at:

Vigilant Works, LLC
Email: privacy@thermalfinance.com