Northlane

Privacy Policy

Effective Date: 02/19/2026 · Company Name: Read Write Code

1. Introduction

Read Write Code ("we," "our," or "us") values your privacy and is committed to protecting the personal and financial information you provide through our Northlane web app. This Privacy Policy explains how we collect, use, retain, and securely dispose of your data, including financial information accessed through the Plaid API.

By using Northlane, you agree to the practices described in this policy.

2. Information We Collect

We collect and process the following categories of data:

  • Personal Account Information: Name, email, and account credentials
  • Financial Data: Bank accounts, transaction history, and budgeting/investment data sourced via Plaid
  • Authentication Data: Login credentials, session tokens, and API keys
  • Application Data: Logs, usage analytics, and backup data necessary for service operation

3. How We Use Your Data

Your data is used for the following purposes:

  • To provide and maintain the Northlane service
  • To manage your account and transactions
  • To improve our services through analytics and operational insights
  • To comply with legal, regulatory, or contractual obligations

We only collect the data necessary to deliver these services.

4. Data Retention

We follow strict retention principles to minimize unnecessary storage:

Data TypeRetention Period
Consumer Account DataWhile the account is active; deleted within 30 days after verified deletion request
Plaid-Sourced Financial DataOnly as long as needed for budgeting/investment services; deleted upon user disconnection, account termination, or deletion request
Application & Infrastructure LogsMinimum of 90 days; sensitive data minimized and protected
BackupsEncrypted and retained per provider default schedule; automatically overwritten per lifecycle

We comply with applicable U.S. and state privacy laws and may retain data longer only if required by law.

5. Data Deletion

5.1 User-Initiated Deletion

Upon verified request:

  • Your account and associated personal and financial data are deleted from production databases
  • Plaid access tokens are revoked
  • Deletion is completed within 30 days

5.2 Account Termination

When an account is terminated:

  • API tokens are revoked and access credentials disabled
  • Stored financial data is deleted from active systems

5.3 Secure Disposal

We dispose of data securely using:

  • Managed PostgreSQL (Neon) deletion
  • Encryption-based disposal through infrastructure providers
  • Secure overwrite according to provider storage lifecycle
  • Destruction of API credentials

No sensitive data is discarded in plaintext or unsecured storage.

6. Backups

  • Backups are encrypted at rest
  • Access is restricted to authorized administrators only
  • Retention follows provider lifecycle; expired backups are automatically purged

7. Sharing Your Data

We do not sell or rent your data. We may share data with:

  • Plaid, to provide financial account integration
  • Service providers for operational purposes (e.g., cloud hosting, backups)
  • Legal authorities if required by law or regulatory obligations

All partners are required to maintain the confidentiality and security of your data.

8. Your Rights

You have the right to:

  • Access, correct, or delete your personal and financial data
  • Disconnect your financial institutions from Northlane
  • Withdraw consent where applicable

9. Security

We implement reasonable technical and organizational measures to protect your data, including:

  • Encryption at rest and in transit
  • Access controls for administrators
  • Regular security reviews and audits

10. Policy Review

This Privacy Policy is reviewed:

  • Annually or upon significant infrastructure changes
  • Following regulatory updates
  • With quarterly audits of access and retention practices

11. Contact Us

For questions or concerns regarding this Privacy Policy or your data, contact:

Read Write Code
Email: [email protected]