Is Dniro a good alternative to Mint in Canada?

Yes. Dniro was built specifically for Canadians after Mint shut down. Unlike US alternatives, Dniro tracks TFSA, RRSP, and FHSA contribution room, connects to Canadian banks, and stores your data in Canada.

What Canadian banks does Dniro support?

Dniro connects to 100+ Canadian financial institutions through Plaid, including TD, RBC, BMO, CIBC, Scotiabank, National Bank, Desjardins, Tangerine, Simplii, EQ Bank, Wealthsimple, and Questrade.

Is my financial data safe?

Your data is encrypted in transit and at rest, stored in Canada (Montreal), and protected by row-level database security. Dniro is fully PIPEDA compliant.

Yes. The free plan includes 1 bank connection, 2 accounts, 1 budget, 90 days of transaction history, and monthly auto-refresh. Pro adds unlimited connections, daily sync, and TFSA/RRSP tracking for $9.99/month.

How does Dniro track my TFSA and RRSP?

When you connect a bank that holds registered accounts, Dniro detects TFSA, RRSP, and FHSA accounts automatically. You enter your contribution room from CRA MyAccount, and Dniro tracks your year-to-date contributions.

dniro

Privacy Policy

Effective April 1, 2026

Dniro Ltd. ("Dniro", "we", "us") operates the personal finance application at dniro.ca. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy laws.

1. Information We Collect

Account Information

When you create an account we collect your name, email address, and password (hashed). You may optionally provide your date of birth and gender.

Financial Data

When you connect a bank account through our third-party provider Plaid, we receive account names, types, balances, and transaction history. We do not store your bank login credentials — Plaid handles authentication directly.

Payment Information

If you subscribe to a paid plan, payment is processed by Stripe. We store your Stripe customer ID and subscription status but never your credit card number.

Usage Data

We collect anonymized usage analytics (page views, feature usage) through Vercel Analytics. We use Sentry for error monitoring, which may capture technical details about errors you encounter. No personally identifiable information is sent to Sentry by design.

2. How We Use Your Information

Provide, maintain, and improve the Dniro service
Display your financial accounts, balances, transactions, and budgets
Send transactional emails (password resets, subscription confirmations, payment receipts)
Send optional weekly spending digest emails
Process subscription payments
Detect and prevent fraud or abuse
Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We do not share data with third parties for marketing or analytics purposes. We share data only with the following service providers, solely as necessary to deliver their service:

Service	Purpose	Data Residency
Plaid	Bank account connection and sync	United States
Stripe	Subscription billing	United States
Supabase	Database and authentication	AWS (US/Canada)
Vercel	Application hosting	Global CDN (US primary)
Resend	Transactional email delivery	United States
Sentry	Error monitoring (no PII)	European Union

Each provider processes data only as necessary to deliver their service and is bound by their own privacy policies. By using Dniro, you acknowledge that your data may be processed in the jurisdictions listed above.

4. Data Storage and Security

Your data is stored in Supabase (cloud infrastructure). We implement the following security controls:

Encryption in transit: All communication uses TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) is enabled.
Encryption at rest: All database data is encrypted using AES-256 encryption.
Row-level security: Database policies ensure users can only access their own data — accounts, transactions, budgets, and goals are isolated per user.
Server-side only: Plaid access tokens, Stripe keys, and database credentials are never exposed to client-side code or stored in browser storage.
MFA required: Multi-factor authentication is enforced on all production infrastructure systems.
Webhook verification: All incoming webhook requests (Plaid, Stripe) are cryptographically verified.

Household Data Sharing (Family Plan)

Family plan subscribers can create a household and invite one other person. When you share an account with your household partner:

Your partner can view the account name, type, and balance of shared accounts
Your partner can view transactions belonging to shared accounts
Sharing is opt-in per account — you choose exactly which accounts to share
You can revoke sharing at any time via Settings
If either member cancels their Family subscription or deletes their account, the household is dissolved and all sharing stops immediately
No shared data is retained after a household is dissolved

By inviting someone to your household or accepting a household invitation, both parties consent to the mutual sharing of selected financial account data as described above.

5. Data Retention

We retain your personal information according to the following schedule:

Data Type	Retention Period
Profile, accounts, transactions, budgets, goals	Duration of active account
Plaid access tokens	Until account disconnected or deleted
Stripe payment records	7 years (tax/legal requirement, managed by Stripe)
Transactional emails	90 days (managed by Resend)
Error logs	90 days (managed by Sentry)
Server/deployment logs	30 days (managed by Vercel)

Account Deletion

When you delete your account (via Settings or by emailing us), the following actions are executed immediately:

All Plaid access tokens are revoked, stopping bank data access and billing
Active Stripe subscription is cancelled
All data is permanently deleted from our database: transactions, accounts, budgets, goals, category rules, notifications, and household memberships
Your profile and authentication record are deleted
A deletion confirmation email is sent to you

All deletion requests are processed within 30 days in compliance with PIPEDA. In practice, we process deletions immediately.

Inactive Accounts

To prevent indefinite retention of data for abandoned accounts:

After 12 months of inactivity: we send a re-engagement email
After 18 months: we send a final warning that your data will be deleted in 30 days
After 19 months with no login: your account and all data are permanently deleted, including Plaid token revocation

Unconfirmed Signups

If you sign up but do not confirm your email address within 72 hours, your unconfirmed account is automatically deleted.

6. Consent

By creating a Dniro account, you explicitly consent to the collection, use, and processing of your personal information as described in this Privacy Policy. You provide additional consent during the Plaid Link flow, which includes Plaid's own consent disclosure.

You may withdraw consent and request data deletion at any time via Settings or by contacting us.

7. Your Rights Under PIPEDA

As a Canadian user, you have the right to:

Access your personal information we hold
Correct inaccurate personal information
Delete your account and all associated data (Settings → Danger Zone)
Withdraw consent for optional data processing (e.g., weekly digest emails)
Revoke bank access directly via Plaid Portal at my.plaid.com
File a complaint with the Office of the Privacy Commissioner of Canada

8. Cookies

We use essential cookies for authentication (Supabase session). We use Vercel Analytics which is cookie-free and privacy-friendly. We do not use advertising or third-party tracking cookies. No consumer financial data is stored in localStorage, sessionStorage, or cookies.

9. Children

Dniro is not intended for users under the age of 18. We do not knowingly collect information from children.

10. Data Minimization

Dniro only requests data necessary for its stated purpose (personal financial management): account balances, transaction history, and investment holdings. No bank authentication credentials are stored — Plaid handles all bank authentication directly. No data is sold to or shared with third parties for marketing purposes.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the app. Continued use after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:

Email: hello@dniro.ca

Dniro Ltd.
Ontario, Canada