YPA-Finance is a free AI-powered personal finance app that helps users track expenses, manage budgets, plan payments, and predict cash flow.

Yes, YPA-Finance is completely free to use.

Which languages does YPA-Finance support?

YPA-Finance supports 13 languages: English, Spanish, Chinese, Arabic, Russian, Ukrainian, French, Portuguese, Polish, Hebrew, Korean, Vietnamese, and Filipino.

Can I track all my finances in one place?

Yes, you can track bank accounts, cards, cash, crypto, and offline expenses.

Does YPA-Finance predict future expenses?

Yes, it uses financial behavior to forecast upcoming expenses and cash flow.

How does YPA-Finance help avoid late fees?

The Predictive Money Calendar sends reminders and tracks upcoming payments.

Our Commitment to Your Financial Safety

At YPA-FINANCE, your security is our foundation. We partner with industry-leading providers and follow strict standards to ensure your data stays private and protected.

Data Encryption

All your data is encrypted with AES-256 at rest and TLS 1.3 in transit. These are the same encryption standards used by major financial institutions. Your information is protected at every step — from the moment it leaves your device to when it reaches our servers.

Read-Only Access via Plaid

We connect to your bank through Plaid, a trusted financial data aggregator used by millions of people and thousands of apps. Our access is strictly read-only. YPA-FINANCE cannot move money, make withdrawals, initiate transfers, or change any of your bank settings. We can only view your transaction history and account balances to help you manage your finances.

Credit Score via Equifax

Your credit score data is provided by Equifax, one of the three major US credit bureaus, through our integration with Array. Checking your credit score through YPA-FINANCE is always a soft inquiry — it will never impact your credit rating. You can check as often as you like with zero risk.

Payments via Stripe

All subscription payments are processed through Stripe, a PCI-compliant payment processor trusted by millions of businesses worldwide. We never see or store your payment card numbers. Stripe handles all payment data securely on our behalf.

What We Never Do

We never store your bank login credentials — Plaid handles authentication directly
We never see or store your Social Security Number — credit checks are handled by Equifax via Array
We never sell your personal or financial data to third parties, advertisers, or data brokers
We never move money from your accounts — our access is strictly read-only
We never share your data without your consent

SOC 2 Compliance

We have designed and implemented security controls aligned with SOC 2 standards. Our compliance program includes role-based access controls, audit logging, regular penetration testing, and security reviews. Full SOC 2 Type II certification is in progress.

Infrastructure

YPA-FINANCE runs on Google Cloud Platform (GCP) with zero-trust architecture, API security via Cloud Armor and WAF protection, rate limiting, and Terraform-managed infrastructure. Our systems are monitored 24/7 with Elastic and Sentry for real-time alerts.

Regulatory Framework

YPA-FINANCE is built to comply with the data protection laws that apply to financial technology companies serving users in the United States. Our compliance framework is aligned with the following regulations:

Gramm-Leach-Bliley Act (GLBA)

GLBA governs how U.S. financial institutions handle consumers' nonpublic personal information. As a fintech company engaged in financial activities, YPA-FINANCE follows GLBA's Safeguards Rule — administrative, technical, and physical safeguards for customer data.

FTC Safeguards Rule (16 CFR Part 314)

This rule, administered by the Federal Trade Commission, requires covered financial institutions to develop a written information security program. YPA-FINANCE has implemented a written program that includes risk assessments, access controls, encryption, monitoring, and regular testing.

Fair Credit Reporting Act (FCRA)

When we display your credit score through our integration with Equifax via Array, FCRA governs how credit report information is used, stored, and disclosed. Your access through YPA-FINANCE is always a soft inquiry — it does not affect your credit rating.

California Consumer Privacy Act (CCPA)

Users in California have specific rights regarding their personal information, including the right to know, the right to delete, the right to opt-out of the sale of personal information, and the right to non-discrimination. YPA-FINANCE does not sell personal information.

Third-Party Sub-Processors

To deliver YPA-FINANCE, we use the following third-party service providers. Each is selected for its security posture and contractually bound to protect your data.

Provider	Purpose	Location	Compliance
Plaid	Bank account connection (read-only)	USA	SOC 2 Type II, PCI DSS
Array (Equifax)	Credit score retrieval via soft inquiry	USA	SOC 2, FCRA
Stripe	Subscription payment processing	USA	PCI DSS Level 1
Google Cloud Platform (GCP)	Hosting, compute, storage	USA	SOC 1/2/3, ISO 27001
Vercel	Web hosting and CDN	USA	SOC 2 Type II
Firebase	Authentication and push notifications	USA	SOC 2, ISO 27001
Twilio	SMS verification and messaging	USA	SOC 2, GDPR
Sentry	Error monitoring (anonymized)	USA	SOC 2 Type II

Data Retention Policy

We keep your data only as long as needed to provide the service, meet legal obligations, or resolve disputes. Specifically:

Account data (name, email, profile): retained while your account is active, deleted within 30 days after deletion request
Transaction data from Plaid: retained for the active session; refreshed on each sync; deleted within 30 days after account deletion
Credit score snapshots from Array: retained for 24 months to show your progress over time; users can request earlier deletion
Payment records via Stripe: retained for 7 years to meet U.S. financial record-keeping obligations
Support conversations: retained for 2 years for quality and training
Anonymized analytics: retained indefinitely; contains no personally identifiable information

Your Rights

You have the following rights regarding your personal data:

Right to access:request a copy of all personal data we hold about you
Right to correction:request correction of inaccurate data
Right to deletion:request deletion of your account and all associated data
Right to portability:request your data in a machine-readable format
Right to opt out:opt out of non-essential communications at any time
Right to complain:file a complaint with the FTC or your state's attorney general

To exercise any of these rights, email privacy@ypa.finance. We respond within 30 days.

Incident Response

In the event of a data security incident, YPA-FINANCE will:

Notify affected users within 72 hours of confirming an incident that affects their data
Cooperate with law enforcement and regulators as required
Provide guidance on protective steps users should take
Publish a public post-mortem for any incident affecting more than 100 users

We conduct regular penetration testing and security reviews. Security vulnerabilities can be reported privately to security@ypa.finance.

“Your trust is the foundation of everything we build. If you have any questions about how we handle your data, reach out directly — I read every message.”

Svetlana Burninova

Co-Founder & CTO, YPA-FINANCE

svetlana@ypa.finance

Last updated: April 18, 2026

Questions about our security practices?

security@ypa.finance

Back to Home