Last updated: March 12, 2026
Privacy Policy
Apex Support LLC — a Florida limited liability company
1. Introduction
Apex Support LLC ("we," "us," or "our") operates Sevia, a personal budgeting application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. If you have questions or concerns, contact us at oi.aives@ecivres .
2. Financial Data & Plaid Integration
We use Plaid Inc. ("Plaid") to connect your financial accounts. By linking your accounts, you acknowledge and agree that your information will be transmitted to Plaid and handled in accordance with the Plaid End User Privacy Policy.
We do not store your bank login credentials. Authentication with your financial institution is handled entirely by Plaid. We receive only the financial data described in Section 3 below.
3. Categories of Data Collected
Account Information
- Name
- Email address
- Display name
Financial Data (via Plaid)
- Account balances (current and available)
- Transaction history (merchant, amount, date, category)
- Account numbers and masks
- Account types and subtypes
Authentication Data
- Password (stored as a bcrypt hash only; we never store plaintext passwords)
- HTTP-only authentication cookies
4. How We Use Your Data
We use the data we collect exclusively to provide and improve our budgeting service:
- Personal budgeting — envelope allocation, spending tracking, and balance management
- Transaction categorization — organizing transactions into user-defined categories
- Financial reporting — generating summaries, charts, and insights about your spending
- Account reconciliation — matching imported transactions with your connected accounts
5. Data Sharing & Disclosure
We do not sell your personal information. We do not rent your personal information. We do not share your personal information with marketers or advertising networks.
Your data is shared only with Plaid Inc., which acts as a data intermediary to facilitate connectivity with your financial institutions. No other third parties receive your data.
6. Data Retention
- Active accounts: Data is retained for as long as your account remains active.
- Soft-deleted records: Records that are soft-deleted are permanently purged after 30 days.
- Account deletion: When you delete your account, all associated data is permanently removed.
7. Security Measures
We implement industry-standard security measures to protect your data:
- Encryption at rest: AES-256-GCM encryption for stored data
- Encryption in transit: TLS 1.2 or higher for all data transfers
- Password hashing: bcrypt with appropriate cost factor
- Session management: HTTP-only cookies to prevent cross-site scripting attacks
8. Your California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.
Categories Collected in the Last 12 Months
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email address, display name | Yes |
| Financial information | Account balances, transactions, account numbers/masks | Yes |
| Internet/network activity | Authentication cookies | Yes |
| Geolocation data | N/A | No |
| Biometric data | N/A | No |
| Sensory data | N/A | No |
Do Not Sell or Share My Personal Information
We do not sell or share your personal information with third parties for monetary or other valuable consideration. We have not sold or shared personal information in the preceding 12 months.
Your CCPA Rights
- Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
- Right to delete: You may request deletion of your personal information, subject to certain exceptions.
- Right to opt-out: You have the right to opt out of the sale or sharing of your personal information. As stated above, we do not sell or share your data.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.
How to Exercise Your CCPA Rights
You may exercise your rights through the Data & Privacy settings page within the application, or by emailing oi.aives@ecivres . We will verify your identity before processing any request.
9. Gramm-Leach-Bliley Act (GLBA) Notice
Because Sevia handles nonpublic personal financial information, we maintain safeguards in compliance with the Gramm-Leach-Bliley Act:
- Administrative safeguards: Access to customer financial data is restricted to authorized personnel only. We conduct regular reviews of our data handling practices and maintain written security policies.
- Technical safeguards: AES-256-GCM encryption at rest, TLS 1.2+ encryption in transit, bcrypt password hashing, HTTP-only session cookies, and regular security assessments of our infrastructure.
- Physical safeguards: Our infrastructure is hosted with cloud providers that maintain SOC 2 compliance, physical access controls, and environmental protections for their data centers.
10. Your Rights
You have the following rights regarding your data:
- Access your data: View all personal and financial data we hold about you.
- Export your data: Download a copy of your data in JSON format.
- Delete your account: Permanently remove your account and all associated data.
- Disconnect bank connections: Remove linked financial accounts at any time.
- Revoke Plaid access: Revoke Plaid's access to your financial institution data.
How to Exercise Your Rights
You can exercise any of these rights through the Data & Privacy settings page in the application, or by contacting us at oi.aives@ecivres .
11. Cookies
Sevia uses HTTP-only authentication cookies solely to maintain your logged-in session. These cookies are essential for the service to function and cannot be used to track you across other websites.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
12. Children's Privacy
Sevia is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at oi.aives@ecivres and we will promptly delete that information, in compliance with the Children's Online Privacy Protection Act (COPPA).
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through an in-app notification. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the service after any changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Apex Support LLC
Email: oi.aives@ecivres
Effective date: March 12, 2026