Your privacy rights.

You can ask us what data we hold on you, ask us to correct it, ask us to delete it, and get a copy of it in a portable format. You can do all of this from your account settings or by emailing privacy@bursify.app. We do not sell your data and we do not share it for cross-context advertising. See What we won't do.

Bursify is built for residents of the United States. Every tool we offer (medical bills, insurance appeals, credit report disputes, unclaimed money, reversible fees, security deposits, fraud monitoring, and benefits) maps to a US federal or state law, a US bank or insurer, or a US state database. We do not market the service in the EU, the UK, or anywhere else, and we do not offer it to residents of those regions. If you live outside the United States, the service is not available to you and we do not knowingly process your data.

Because we do not offer services in the EU or UK, the GDPR and UK GDPR do not apply to our processing. If that ever changes, this page will be updated and you will get notice by email.

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the following rights. You can exercise any of them at no cost up to twice in any 12-month window.

• Right to know what personal information we collect, where it came from, why we collect it, and who we share it with.
• Right to delete the personal information we hold about you.
• Right to correct inaccurate personal information.
• Right to opt out of sale or sharing. Bursify does not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of, but the control exists at Settings, Privacy, Do Not Sell or Share and clicking it confirms that nothing changes.
• Right to limit use of sensitive personal information to what is reasonably necessary to deliver the service.
• Right to non-discrimination for exercising any of these rights. We will not raise your price, cut off a feature, or close your account.
• Right to data portability in a structured, machine-readable format. We provide both JSON and PDF.

Bursify extends the rights above (access, correct, delete, portability, opt out of sale, opt out of targeted advertising) to residents of all 50 US states and the District of Columbia, whether or not your state has passed a privacy law. We handle every request using the same process and the same timelines we use for California.

Some states have passed their own comprehensive consumer privacy laws. The name of the law changes, but the rights overlap heavily with California. If you live in one of these states, your state law sets the floor and we follow it. The current list:

• Virginia: Consumer Data Protection Act (VCDPA)
• Colorado: Colorado Privacy Act (CPA)
• Connecticut: Connecticut Data Privacy Act (CTDPA)
• Utah: Utah Consumer Privacy Act (UCPA)
• Texas: Texas Data Privacy and Security Act (TDPSA)
• Oregon: Oregon Consumer Privacy Act (OCPA)
• Montana: Montana Consumer Data Privacy Act
• Delaware: Delaware Personal Data Privacy Act
• Iowa: Iowa Consumer Data Protection Act
• New Hampshire: SB 255
• New Jersey: SB 332
• Tennessee: Tennessee Information Protection Act
• Minnesota: Minnesota Consumer Data Privacy Act
• Maryland: Maryland Online Data Privacy Act
• Indiana: Indiana Consumer Data Protection Act
• Kentucky: Kentucky Consumer Data Protection Act
• Rhode Island: Data Transparency and Privacy Protection Act
• Nebraska: Nebraska Data Privacy Act
• Florida: Florida Digital Bill of Rights (applies to larger controllers)

If you live in a state without a comprehensive privacy law (for example: Alabama, Alaska, Arizona, Arkansas, Georgia, Hawaii, Idaho, Illinois, Kansas, Louisiana, Maine, Massachusetts, Michigan, Mississippi, Missouri, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Vermont, Washington, West Virginia, Wisconsin, Wyoming, or DC), you still get the same rights from us. Some of those states have narrower laws (for example, Washington's My Health My Data Act covers health data specifically, and New York's SHIELD Act covers data security). Where one applies to your data, we follow it. Where none applies, we follow California timelines anyway.

New state laws are added to the list above as they take effect. If you spot a gap, email privacy@bursify.app and we will honor the request and update the page.

The fastest path is the in-app flow at Settings, Privacy. From there you can export your full account file, request correction of any field, and request account deletion.

You can also email privacy@bursify.app from the address on your account. Put the request type in the subject line (Access, Correct, Delete, Portability, or Opt Out). We confirm receipt within 10 days and complete the request within 45 days, with one possible 45-day extension if the request is complex. We will tell you in advance if we need the extension.

You can also send the request through an authorized agent. We need written permission from you, signed and dated, before we act on an agent's request.

For an access, correction, or portability request, we match the email on file plus one additional identifier. That can be the last 4 digits of a connected bank account, a one-time code sent to the phone number on file, or a signed-in session in the app.

For a deletion request, we require the same plus a final confirmation step because deletion is not reversible. We will never ask for your bank password, full account number, or social security number to verify a privacy request.

We do not sell your personal information for money or other valuable consideration. We do not share it for cross-context behavioral advertising. We do not run ad networks, pixel-track you across other sites, or feed your data into lookalike audiences.

The vendors listed in our Privacy Policy (AWS, Plaid, Stripe, SRFax, Lob, and a few others) are service providers under CCPA. They process data on our instructions, under written contracts that forbid them from using the data for their own marketing.

The control still exists at Settings, Privacy, Do Not Sell or Share. Clicking it logs your preference, but nothing changes because we already do not sell or share.

Some of the data we process counts as sensitive personal information under California law: financial account details from Plaid, medical bill and EOB content for the medical bill audit, and credit report content for credit disputes. We only use this data to deliver the tool you connected it to. We do not use it for advertising, profiling, or any secondary purpose.

You have the right to limit the use of this sensitive information to what is reasonably necessary to deliver the service. The control is at Settings, Privacy, Limit Sensitive Use. Limiting it will disable the tools that depend on that category of data (for example, limiting medical use turns off the medical bill audit). We will tell you in the app before anything is disabled.

Bursify honors the Global Privacy Control (GPC) signal. If your browser sends GPC, we treat it as a valid opt-out of sale and sharing for that browser and, where we can match you, for your account. Colorado, Connecticut, and several other states require honoring this signal. We do it nationwide.

Bursify is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, email privacy@bursify.app and we will delete the record on verification.

If you think we mishandled a privacy request or your data, please tell us first at privacy@bursify.app. You also have the right to complain to a regulator.

• California: California Privacy Protection Agency (CPPA), or California Attorney General.
• Other states: your State Attorney General. The state law that gave you the right names the office that enforces it.
• Federal: the Federal Trade Commission (FTC) handles consumer complaints about how a company treats personal data.

Material changes to this page get a 30-day notice by email. New state laws are added as they take effect. The full revision history is available at privacy@bursify.app.