← Back to SirHENRY

Privacy Policy

Last updated: March 8, 2026

1. Overview

SirHENRY is built on a local-first architecture. Your financial data stays on your device in a local SQLite database. We do not operate centralized servers that store your personal financial information. This Privacy Policy explains what data is collected, how it is used, and what protections are in place.

2. Information We Collect

The Service may collect the following types of information:

  • Account setup information — Name, household details, and financial goals you provide during onboarding.
  • Financial data you import — Bank accounts, transactions, investment holdings, insurance policies, tax documents, and other financial information you manually enter or connect through Plaid.
  • Usage preferences — Theme selection, sidebar state, and other interface preferences stored in your browser's localStorage.

3. Local Data Storage

All of your financial data is stored in a SQLite database on your local machine. This data is never uploaded to or stored on centralized servers operated by Henry Financial, Inc.

  • Bank connection tokens (from Plaid) are encrypted using Fernet symmetric encryption before being stored locally.
  • You may delete your data at any time by removing the local database file.
  • You may export your data for portability at any time through the Service.

4. AI Data Processing

When you use AI-powered features (such as the Sir Henry chat or AI-generated analysis), certain data may be sent to Anthropic for processing by Claude, their AI model. Here is how we protect your privacy:

  • PII sanitization — Before data is sent to Claude, a privacy sanitizer replaces personal identifiers (names, employers, business entities) with generic labels (e.g., "Primary Earner," "Employer A").
  • Limited data categories — Only the data necessary for your specific query is included. This may include anonymized transaction descriptions, account balances, and financial summaries.
  • Never sent to AI — Social Security numbers, bank account numbers, routing numbers, passwords, raw tax documents, and Plaid access tokens are never included in AI requests.
  • Anthropic's privacy practices — AI requests are processed by Anthropic in accordance with their Privacy Policy. Anthropic does not use your data to train their models when accessed through the API.

You may revoke consent for AI features at any time through the Service's privacy settings, which will disable all AI-powered functionality.

5. Third-Party Services

The Service integrates with the following third-party services, each with their own privacy practices:

  • Plaid — Used to connect your bank accounts and financial institutions. Plaid accesses your account data directly from your financial institution. Under CFPB Section 1033, you may revoke access to any linked institution at any time, and connections require reauthorization every 12 months. See Plaid's End User Privacy Policy.
  • Anthropic (Claude) — Powers AI chat and analysis features. See Anthropic's Privacy Policy.
  • Yahoo Finance — Provides market data and security pricing. No user data is sent to Yahoo Finance; only ticker symbols are used to request pricing data.

6. Data We Never Collect or Access

Henry Financial, Inc. does not collect, access, transmit, or store the following:

  • Social Security numbers
  • Bank account or routing numbers
  • Credit card numbers
  • Passwords or authentication credentials
  • Raw tax returns or tax documents
  • Plaid access tokens in plaintext

7. Data Retention

Because of our local-first architecture, you have full control over data retention:

  • All financial data is stored locally on your device and persists until you delete it.
  • AI conversation history is stored locally for your convenience and can be cleared at any time.
  • You may delete all data by removing the local database file from your device.
  • An audit log of data access actions is maintained locally (with no personally identifiable information) for your review.

8. Cookies and Tracking

SirHENRY uses minimal browser storage for functional purposes only:

  • localStorage — Used to store interface preferences such as theme (light/dark), sidebar state, and onboarding phase. This data never leaves your browser.
  • No third-party tracking — We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising cookies.
  • No cross-site tracking — We do not track your activity across other websites.

9. Security

We take the security of your data seriously. Measures include:

  • Encryption — Sensitive tokens (such as Plaid access tokens) are encrypted using Fernet symmetric encryption (AES-128-CBC) before being stored in the local database.
  • HTTPS — All communication with external services (Plaid, Anthropic, Yahoo Finance) is conducted over encrypted HTTPS connections.
  • Local-first architecture — By keeping your data on your device rather than on centralized servers, we significantly reduce the attack surface for data breaches.
  • PII sanitization — Personal identifiers are stripped from data before it is sent to AI services.

10. Financial Privacy Notice (GLBA)

As required by the Gramm-Leach-Bliley Act, we maintain a separate Financial Privacy Notice that provides additional details about how we collect, use, and protect your nonpublic personal financial information. This notice is provided at onboarding and updated annually.

11. Children's Privacy

The Service is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact

For questions or concerns about this Privacy Policy or your data, please contact us at privacy@sirhenry.com.