Terms of use
By downloading, accessing, or using ExMe, you agree to these terms. If you do not agree, do not use the service.
Eligibility & accounts
You must be able to form a binding contract in your jurisdiction. You are responsible for activity under your account and for keeping credentials secure.
License
We grant you a limited, non-exclusive, non-transferable license to use ExMe for personal, non-commercial purposes in line with these terms and any app store rules that apply.
Acceptable use
You agree not to misuse ExMe—for example, by attempting to access systems without authorization, reverse engineering where prohibited, interfering with other users, or using the service for unlawful purposes.
Disclaimers
ExMe is provided "as is" to the extent permitted by law. We do not guarantee uninterrupted or error-free operation. Nothing in ExMe constitutes financial, legal, or tax advice; you should consult qualified professionals for decisions about your finances.
Limitation of liability
To the maximum extent permitted by applicable law, ExMe and its affiliates will not be liable for indirect, incidental, special, consequential, or punitive damages, or any loss of profits or data, arising from your use of the service.
Changes & termination
We may modify or discontinue features or these terms. We may suspend or terminate access where reasonably necessary—for example, for legal compliance or unacceptable use.
Full privacy policy below (maintained in app/legal/PRIVACY_POLICY.md).
ExMe Privacy Policy
Effective date: April 2, 2026
Last updated: April 2, 2026
Important notice
This Privacy Policy describes how ExMe (“ExMe,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with the ExMe mobile application and related services (collectively, the “Services”).
If you use optional bank linking, we use Plaid Inc. (“Plaid”) to connect your financial institution. Plaid’s use of information is also described in Plaid’s own privacy materials (see Section 6).
This document is provided for your operations and user transparency. It is not legal advice. Have qualified counsel review it before publication, especially if you serve users in the EU, UK, California, or other regulated jurisdictions.
Contact: contact@exme.app
Postal address: 3601 Chaben Pl #17, Saskatoon, SK, Canada, S7H 4E9
1. Who this policy applies to
This policy applies to individuals who use the Services (“you,” “users”). It does not apply to information that is de-identified, aggregated, or otherwise not reasonably linkable to you.
2. Information we collect
2.1 Information you provide directly
| Category | Examples | Purpose (summary) |
|---|---|---|
| Account & profile | Name, email address, password (stored using industry-standard hashing by our authentication provider), optional profile image | Create and secure your account |
| Verification | One-time codes sent to your email | Verify email and protect sign-in |
| Financial activity you enter | Manual transactions, budgets, recurring items, savings goals, tags, notes, custom account nicknames, shared board names and expenses | Provide core personal finance features |
| Shared collaboration | Email addresses and names you invite to shared boards; split and settlement details | Operate shared expense features |
| Support & feedback | Information you send us when you contact support | Respond to you and improve the Services |
| Files you upload | Receipts, invoices, or images you attach (stored as files linked to your content) | Attach documentation to transactions |
2.2 Information we collect automatically
| Category | Examples | Purpose (summary) |
|---|---|---|
| Device & app data | Device type, OS, app version, crash or diagnostic data (via our error reporting vendor when enabled) | Operate, secure, and improve the Services |
| Identifiers | Authentication tokens stored securely on your device (mobile) | Keep you signed in |
| Push notifications | Push token and platform | Deliver notifications you opt into |
2.3 Information from third parties
| Source | Data | Purpose (summary) |
|---|---|---|
| Plaid | When you choose to link a bank, Plaid facilitates access to account identifiers, institution name, account types, masked account numbers, balances, and transaction data (as available from your institution and Plaid). We also receive and store tokens Plaid provides so we can maintain the connection and sync data. | Optional bank linking, balances, and transaction import |
| Apple / Google (in-app purchases) | Subscription status and purchase identifiers via our subscription platform | Provide and verify premium features |
| Payment / subscription infrastructure | Our subscription partner processes purchase events tied to an app user identifier | Entitlements and billing support |
We do not use Plaid to initiate payments from your bank accounts on your behalf. Bank linking is for read-type access to display and categorize your information in ExMe, as permitted by Plaid and your financial institution.
3. How we use information
We use personal information to:
- Provide, maintain, and improve the Services (including sync, search, budgets, shared boards, and notifications).
- Authenticate users, prevent fraud and abuse, and protect security.
- Provide optional bank account linking and transaction synchronization via Plaid.
- Process subscriptions and premium access.
- Send transactional emails (e.g., verification codes) through our email delivery provider.
- Analyze errors and reliability (e.g., crash reporting) where enabled.
- Comply with law, enforce our terms, and defend legal claims.
- Communicate with you about the Services (including support).
We do not sell your personal information for money. We do not share personal information with third parties for their independent marketing purposes. We use service providers (subprocessors) who process data on our instructions, as described in Section 7.
4. Legal bases (EEA, UK, and similar jurisdictions)
Where GDPR or similar laws apply, we rely on one or more of the following:
- Contract: Processing necessary to provide the Services you request.
- Legitimate interests: Securing the Services, debugging, preventing abuse, and improving features (balanced against your rights).
- Consent: Where required (for example, certain marketing communications or optional processing where we ask explicitly).
- Legal obligation: Where we must retain or disclose information by law.
You may withdraw consent where processing is consent-based, without affecting prior lawful processing.
5. Bank linking with Plaid (important)
When you choose “Link bank” or similar, you are directed to Plaid Link, a flow operated by Plaid. You should review Plaid’s privacy policy and terms for how Plaid handles information when you authenticate with your financial institution:
- Plaid Privacy Policy: https://plaid.com/legal/#consumers
- End User Privacy Policy: https://plaid.com/legal/#end-user-privacy-policy
What we receive and store (summary): After you successfully link an institution, we may store:
- Connection metadata (e.g., institution name and identifiers).
- Tokens that Plaid issues so we can retrieve updated account and transaction data.
- Account details such as account names, types, masks, and balances.
- Transaction details such as amounts, dates, descriptions, categories, and merchant information as provided by Plaid or your institution.
Why: To show balances and transactions in ExMe, categorize spending, power budgets and insights, and keep your data up to date.
Your control: You can disconnect linked institutions in the app where that feature is available. Disconnecting stops new data collection through that connection subject to our retention practices (Section 8). Plaid may also provide you rights directly—see Plaid’s policies.
6. Disclosure of information (subprocessors and other recipients)
We disclose personal information to the following categories of recipients to operate the Services:
| Category | Examples of processing | Representative providers (as applicable to your deployment) |
|---|---|---|
| Cloud application & database | Host backend logic, database, file storage, and real-time APIs | Convex (or your configured backend host) |
| Authentication | Sign-in, sessions, account security | Better Auth (via Convex integration) |
| Email delivery | Send verification and transactional email | Resend (or comparable provider you configure) |
| Financial data connectivity | Bank linking, token exchange, transaction retrieval | Plaid |
| Subscriptions & entitlements | In-app purchase status, customer identifiers | RevenueCat; Apple App Store; Google Play |
| Error monitoring | Crash and error diagnostics | Sentry (if enabled in your build) |
| Push notifications | Deliver notifications | Apple Push Notification service; Firebase Cloud Messaging (as configured) |
We may also disclose information:
- If required by law (e.g., subpoena, court order), or to protect rights, safety, and security.
- In connection with a business transaction (e.g., merger or acquisition), with appropriate safeguards.
- With your direction or consent.
A current list of material subprocessors may be provided on your website or upon request at contact@exme.app.
7. International transfers
We and our service providers may process information in the United States and other countries where we or they operate. If we transfer personal information from the EEA, UK, or Switzerland, we use appropriate safeguards where required (such as Standard Contractual Clauses or equivalent mechanisms), consistent with applicable law.
8. Retention
We retain personal information as long as necessary to provide the Services and for legitimate business purposes, including:
- Account data: For the life of your account.
- Linked financial data: Until you remove a connection and we complete associated deletion, or until you delete your account, subject to backup and technical limitations (Section 9).
- Transaction and app content: Until deleted by you or when your account is deleted, subject to Section 9.
- Audit / security logs: We may retain limited logs for security, fraud prevention, and compliance. Some internal audit records may be retained for extended periods where permitted by law and needed for integrity of our systems.
- Legal holds: Longer retention where required to comply with law or defend claims.
When retention periods end, we delete or de-identify information where feasible.
9. Account deletion and your requests
In-app deletion: Where the app offers Delete account, you may request deletion of your authentication account. Deletion of your login may not immediately remove all application data from our databases until we run associated cleanup jobs or processes. If you need confirmation that all personal data tied to your account has been erased, contact us at contact@exme.app.
Bank unlinking: Removing a linked institution stops ongoing collection through Plaid for that item; previously synced transactions may remain until deleted or until account-level deletion is completed.
Regional rights: Depending on where you live, you may have rights to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact contact@exme.app. We may verify your request as permitted by law.
California residents (summary): If the California Consumer Privacy Act / CPRA applies, you may have rights to know, delete, and correct personal information, and to opt out of certain “sharing” for cross-context behavioral advertising (ExMe is not configured in this policy to sell or share data for that purpose). You may designate an authorized agent where allowed by law. We do not knowingly sell or share personal information of minors under 16 for behavioral advertising.
10. Security
We implement technical and organizational measures appropriate to the risk, including:
- Encryption in transit (TLS) between the app and our servers.
- Encryption at rest provided by our cloud database and storage providers.
- Access controls and authentication for production systems operated by our team and vendors.
- Secrets management for API keys (e.g., Plaid) in secure environment configuration.
No method of transmission or storage is 100% secure. If we become aware of a breach that requires notification, we will follow applicable law.
11. Children’s privacy
The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.
12. Third-party links and services
The Services may link to third-party websites or services (including Plaid and app stores). Their privacy practices are governed by their own policies. Please review them before use.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated policy with a new “Last updated” date and, where required, provide additional notice (e.g., in-app or by email). Continued use of the Services after the effective date constitutes acceptance of the updated policy where permitted by law.
14. Contact
For privacy questions or requests:
Email: contact@exme.app Mail: ExMe, 3601 Chaben Pl #17, Saskatoon, SK, Canada, S7H 4E9
Document control
| Item | Value |
|---|---|
| App name | ExMe |
| Typical distribution | Apple App Store, Google Play |
| Bank connectivity | Plaid (optional) |
For questions about these terms, contact us via our App Store listing or in-app support.