Legal

Privacy Policy

Last Revised: April 19, 2026

At BIY LLC, doing business as Subfinancing ("Subfinancing," "we," "us," or "our"), your privacy is of paramount importance. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our websites, mobile applications, and related services (collectively, the "Services"). This Policy complies with applicable privacy laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Lei Geral de Proteção de Dados Pessoais (LGPD) in Brazil, and the EU-U.S. Data Privacy Framework (DPF) and UK Extension.

By using our Services, you acknowledge and agree to the practices described herein. Our Services are available globally, except in the People's Republic of China (PRC), where we do not offer services or intentionally collect personal data.

1. Who We Are

BIY LLC, doing business as Subfinancing, is the data controller responsible for the collection and use of your personal information under this Privacy Policy. Subfinancing operates two products: Subfinancing.com, a financial education website, and Sika, a personal budgeting mobile application. Our contact details can be found in Section 15 below.

2. Information We Collect

The data we collect depends on which product you use. Subfinancing.com does not require an account and collects minimal data. Sika is where substantive data collection occurs.

Subfinancing.com: We collect standard server logs including IP address, browser type, pages visited, and referrer URL. We do not collect personal information unless you voluntarily submit a contact form.

·Sika — Account Data: Name, email address, profile picture (optional) and hashed password when you register.
·Sika — Financial Data (via Plaid, Premium only): Read-only access to bank account balances and transaction history. Your bank credentials are entered directly into Plaid and never reach our servers.
·Sika — Budget Data: Category limits, manual transaction entries, and spending records you create within the app.
·Sika — Goal & Debt Data: Savings goal targets, contribution progress, loan amounts, APRs, and payoff plans you enter.
·Sika — Financial Health Score: A calculated score based on your budget adherence. Additional factors will be incorporated over time.
·Sika — Subscription Data: Subscription status, plan type, and renewal date as provided by the Apple App Store or Google Play via Adapty. We do not receive or store your payment card details.
·Sika — Advertising Data (free tier only): Device identifiers and usage data processed by Google AdMob to serve ads. Premium subscribers are not shown ads.
·Sika — Device & Usage Data: Device type, operating system, app version, and in-app activity for diagnostics and improvement.
We do not knowingly collect personal data from children under 15. If we become aware of such collection, we will delete the data immediately.

3. How We Use Your Information

We use your personal data for the following purposes:

·To register and manage your account.
·To operate Sika: power budget tracking, Financial Health Score calculation, goal tracking, debt planning, and bank transaction categorisation.
·To process transactions and manage subscriptions.
·To send service-related and marketing communications (subject to your consent).
·To analyze and improve the functionality and quality of our Services.
·To detect fraud, enforce legal terms, and comply with legal obligations.
Our legal bases for processing personal data include your consent, contractual necessity, compliance with legal obligations, and our legitimate interests. Where required under the LGPD or other applicable laws, we rely on consent or legitimate interest in accordance with the defined legal bases under those laws.

4. Sharing Your Data

We may share your information with:

·Service Providers: Cloud infrastructure, analytics providers (e.g., Google), and financial data providers (e.g., Plaid).
·Adapty: Subscription management for Sika Premium. Adapty receives subscription status and device identifiers to manage and validate your subscription.
·Google AdMob: Ad serving on the Sika free tier. AdMob may use device identifiers to serve contextual or personalised ads subject to your device privacy settings. Premium subscribers are exempt.
·Legal Authorities: Where required to comply with applicable laws, court orders, or lawful government requests.
·Third Parties in a Business Transfer: In the event of a merger, acquisition, or asset sale.
When we transfer personal data to third-party service providers, we ensure they commit to appropriate data protection obligations, including DPF-level protection, Standard Contractual Clauses (SCCs), or appropriate contractual safeguards required under local laws such as the LGPD. If you choose to make purchases through the Service, payments are processed via third-party platforms, such as the Apple App Store or Google Play. These platforms collect and process your payment information pursuant to their own privacy policies and terms of service. Subfinancing does not store or directly access your payment credentials. Please refer to the respective privacy policies of Apple (apple.com/legal/privacy) and Google (policies.google.com/privacy) for more information. By making a purchase, you acknowledge that your financial information will be handled exclusively by the Apple App Store or Google Play Store, as applicable, and that Subfinancing bears no responsibility for payment processing or associated security obligations. Notwithstanding anything to the contrary, we remain responsible and liable under the EU-U.S. DPF Principles if third-party agents we engage to process personal data do so in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.

5. Plaid (Bank Connectivity)

Sika uses Plaid Technologies, Inc. to connect your bank accounts. When you choose to link a bank:

· You authenticate directly with Plaid — your credentials are never transmitted to or stored by Subfinancing. · Plaid provides us with read-only access to account balances and transaction data only. · We use this data solely to power your budgeting, health score, and debt planner features within Sika. · You may disconnect Plaid at any time from within the Sika app. Disconnecting immediately removes all associated bank data from our systems.

Plaid's use of your information is governed by the Plaid Privacy Policy (plaid.com/legal). Bank sync is a Premium feature therefore free tier users who do not connect a bank are not subject to Plaid data collection.

6. Third-Party Service Providers

Sika relies on the following third-party providers. Each processes data only as necessary to deliver their service and is prohibited from using your data for their own advertising or marketing:

·Supabase — database and authentication infrastructure.
·Plaid — read-only bank account connectivity (Premium users only). See Section 5.
·Adapty — subscription management for Sika Premium. Receives subscription status and device identifiers to validate and manage your plan.
·Google — analytics and ad serving on the Sika free tier only. May use device identifiers for ad personalisation subject to your device settings. Not active for Premium subscribers.
Links to their privacy policies: · Plaid: plaid.com/legal · Adapty: adapty.io/privacy · Google: policies.google.com/privacy

7. International Data Transfers

Subfinancing is based in the United States. We rely on the following mechanisms to lawfully transfer personal data from the EU, UK, or other jurisdictions:

·EU-U.S. Data Privacy Framework and UK Extension: Subfinancing complies with these frameworks as set forth by the U.S. Department of Commerce. Subfinancing has certified that it adheres to the EU-U.S. DPF Principles with respect to personal data transferred from the EU and UK. If there is any conflict between this policy and the DPF Principles, the Principles shall govern. To learn more, visit dataprivacyframework.gov.
·Other Transfer Mechanisms: Where DPF is not applicable, we may use SCCs, binding corporate rules, or obtain your explicit consent. We also comply with local international transfer rules, including those under Brazil's LGPD.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

·Access to your personal data.
·Correction of inaccurate or incomplete data.
·Deletion of your data ("right to be forgotten").
·Restriction of processing.
·Data portability.
·Objection to certain processing activities.
·Withdrawal of previously granted consent.
Under the LGPD, Brazilian data subjects also have the right to be informed about entities with which your data has been shared, and information about the possibility of denying consent and the consequences of such refusal. You may exercise these rights via your account settings or by contacting us at privacy@subfinancing.com. We may verify your identity before processing your request. For California residents, please refer to Section 17 below for additional disclosures and rights under the CCPA/CPRA.

9. Your Choices

You can manage your preferences in the Sika app settings, including:

·Opting in/out of marketing communications.
·Controlling personalized ad preferences.
·Managing cookies (see Section 10).
If personal data covered by this Privacy Policy is to be used for a new purpose materially different from that for which it was originally collected, or disclosed to a non-agent third party not specified in this Policy, Subfinancing will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Subfinancing will not use Sensitive Personal Information for a purpose other than the purpose for which it was originally collected unless Subfinancing has received your affirmative and explicit consent (opt-in). For EU/UK/Brazilian users, we do not process data for behavioral advertising without opt-in consent.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

·Authenticate users.
·Maintain sessions.
·Personalize content.
·Analyze usage.
You can manage cookie preferences in your browser settings. Some features of the Services may not function properly if cookies are disabled.

11. Retention of Data

We retain your personal data only as long as necessary for the purposes for which it was collected, including to:

·Provide the Services.
·Comply with legal obligations.
·Resolve disputes.
·Enforce agreements.
When data is no longer necessary, we securely delete or anonymize it in accordance with applicable data protection regulations, including the LGPD.

12. Security

We implement technical and organizational safeguards to protect your data, including encryption, access controls, and secure hosting environments. However, no system is completely secure; we encourage you to use strong passwords and safeguard your login credentials.

13. Data Privacy Framework Rights & Independent Recourse Mechanism (IRM)

In compliance with the EU-U.S. DPF and UK Extension, Subfinancing commits to resolve complaints regarding our collection and use of personal data. EU and UK individuals with inquiries or complaints should first contact us at privacy@subfinancing.com.

Unresolved privacy complaints under the DPF will be referred to BBB National Programs, our designated independent recourse mechanism, available free of charge to EU/UK individuals. For more information, visit bbbprograms.org.

Subfinancing is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Under certain conditions, individuals may invoke binding arbitration for unresolved complaints as described in Annex I of the DPF Principles. To learn more, see dataprivacyframework.gov.

We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Subfinancing complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.

14. Children's Privacy

Our Services are not directed to children under the age of 15, and we do not knowingly collect their data. If you believe a child under 15 has provided personal data to us, please contact us at privacy@subfinancing.com, and we will take appropriate action.

15. Contact Information

Subfinancing, a registered trade name of BIY LLC 5900 Balcones Drive #28242 Austin, TX, 78731, USA

Email: privacy@subfinancing.com Phone: +1(281) 473-1886

For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@subfinancing.com.

For LGPD purposes, our designated data protection contact is reachable at privacy@subfinancing.com.

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or business practices. When we do, we will revise the "Last Revised" date above and, if material changes are made, we will provide notice as required by applicable law.

17. California Privacy Rights (CCPA/CPRA Notice)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

·Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for collecting or selling it, and the categories of third parties with whom we share it.
·Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
·Right to Correct: You have the right to request that inaccurate personal information we maintain about you be corrected.
·Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information in the conventional sense but may share it for cross-context behavioral advertising purposes, subject to your opt-out rights.
·Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information.
·Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise your California privacy rights, email us at privacy@subfinancing.com with "California Privacy Request" in the subject line, or access your account settings (if applicable). We will verify your identity before processing your request and respond within the timeframes required by law. Authorized agents may submit requests on your behalf with written permission. Thank you for trusting Subfinancing with your data. We are committed to protecting your privacy and providing a transparent user experience.