Your data

Privacy, in plain English.

Money data is sensitive — doubly so when an AI reads it. Here’s exactly what we collect, why, who sees it, and the rules we hold ourselves and our AI to.

Last updated June 4, 2026 · Washington, DC
The short version: we never sell your data. We use it to run Duo and power your insights. Our AI processes your data to help you — not to train public models. You can export or delete everything, any time.
01

What we collect

  • Bank & transaction data — via Plaid: balances, transactions, and account details for the accounts you connect.
  • Enriched details — merchant names and categories, cleaned up by our enrichment partner (triq.ai).
  • What you add — partners, splits, budgets, trips, notes, and categorization rules.
  • Account & usage — your email, device, and how you use the app, so it works and stays secure.
What this means
Mostly the financial data you connect, plus the plans you build in Duo. No more than we need.
02

How we use it

To run the app: show your shared balance, attribute deposits, track your split, plan trips, and keep things secure. We also use it to generate your recaps and AI insights. That’s it — we don’t build advertising profiles and we don’t sell anything.

What this means
Your data powers your Duo. It isn’t an ad product and it isn’t for sale.
03

AI & your data

Duo AI sends the figures it needs to a large-language-model provider to write your summaries and insights. We hold that to clear rules:

  • Processed for you, under contract. Providers process your data only to return your result — bound by agreements that forbid using it for their own purposes.
  • Not used to train public models. Your financial data isn’t used to train third-party foundation models.
  • Minimized. We send the smallest slice of figures needed, not your raw bank feed.
What this means
AI reads your numbers to help you in the moment — then they’re not recycled into someone else’s model.
04

Who sees what

Duo is a shared app, so both partners see the shared account — its balance, transactions, budgets, and trips. Attribution of a deposit (whose paycheck it was) is visible to both of you, because the split depends on it.

What this means
There’s no hidden ledger. If it touches the joint account, both of you can see it. Invite accordingly.
05

Who we share with

  • Plaid — to securely connect your bank.
  • Service providers — enrichment (triq.ai), our AI provider, hosting, and payment partners, each under contract.
  • Nobody buying it. We never sell your personal or financial data, full stop.
  • Legal — only if required by law, and only what’s required.
What this means
A short list of partners that make Duo work — and zero data brokers.
06

Agents & the APIBeta

If you connect Duo’s headless API or an AI agent, you decide what it can see. Access is scoped, every token is listed, and you can revoke it instantly. When an agent reads your data, the same AI rules above apply.

What this means
You hold the keys. Grant a narrow scope, watch what’s connected, and cut it off whenever. See Developers.
07

Your controls

  • Export — download your data in a portable format any time.
  • Delete — ask us to erase your data; we honor it.
  • Disconnect — unplug a bank or an agent without deleting your account.
  • Reach a human — for any privacy request, email privacy@duofinance.ai.
What this means
Take it, delete it, or unplug it — your call, and it’s easy to do.
08

Security & retention

Access is protected with passkeys/biometrics and 2FA, and data is encrypted in transit and at rest. We keep your data while your account is active and for a short, lawful window after you leave — then we delete it.

What this means
Locked down while you’re here, and not hoarded after you go.

Want something deleted or exported?

One email and a real person handles it.

Email privacy@duofinance.ai