SaveCash has not yet opened the platform to customers, and we are standing up our transparency program now so investors, regulators, and future users understand how we will handle government requests, security incidents, and platform integrity once live. This report sets expectations for the disclosures we will publish after launch and highlights the safeguards already in place.

1. Government Requests and Data Disclosure

1.1 Our Commitment

SaveCash is committed to protecting user privacy and only discloses information when legally required. We carefully review all requests and push back on overbroad or unwarranted demands.

1.2 Pre-Launch Baseline

SaveCash has not yet begun providing live services, so no government requests have been received. Once we launch, we will publish aggregate counts of subpoenas, court orders, search warrants, national security letters, and any other lawful demands in six-month intervals. Each report will note how many requests were narrowed or rejected.

1.3 Our Response Process

When we receive a government request:

• We verify the request is from a legitimate government authority
• We ensure the request is supported by appropriate legal process
• We narrow requests to the minimum data necessary
• We push back on overbroad or unconstitutional requests
• We notify affected users when legally permitted
• We require warrants for content access unless exigent circumstances exist

2. Security Incidents and Breaches

2.1 2024 Incidents

We have not processed production user data yet. Once SaveCash enters beta and general availability, we will disclose verified incidents, credential-stuffing outcomes, and denial-of-service activity in this section. Prior to launch we are stress-testing our monitoring stack and running red-team exercises so metrics are meaningful when we go live.

2.2 Our Security Practices

The control framework we have in place today will expand as soon as customer data flows through the platform:

• End-to-end encryption playbooks for all sensitive data (TLS 1.3 and AES-256) configured before onboarding the first user.
• Quarterly third-party penetration testing and continuous scanning that will continue post-launch.
• 24/7 monitoring runbooks and on-call rotations ready to activate when production traffic begins.
• Mandatory security training, background screening, and least-privilege access enforced for every employee and contractor.
• Planned bug bounty program to open alongside public availability, complementing internal red-team exercises.
• Certifications roadmap (SOC 2 Type II, PCI DSS Level 1, ISO 27001) tracked in our compliance program with target completion dates.

2.3 Breach Notification Policy

In the event of a security incident affecting user data, SaveCash will:

• Notify affected users within 72 hours of detection (where legally required)
• Report to relevant regulators per GDPR, CCPA, and state breach notification laws
• Provide clear information about the incident and steps taken to remediate
• Offer credit monitoring or identity theft protection when appropriate
• Update this Transparency Report with breach statistics

3. Content Moderation and Account Actions

3.1 Account Suspensions

We will begin publishing data about suspensions, closures, and verification holds once customer onboarding starts. Baseline metrics and definitions will be shared with investors before launch to ensure our enforcement decisions can be audited.

3.2 Our Enforcement Process

Before taking action, we:

• Review account activity and transaction patterns
• Apply our Acceptable Use Policy consistently
• Provide users with notice and opportunity to appeal
• Document our reasoning for transparency and audit purposes

4. Third-Party Data Sharing

Even before launch we are cataloging every vendor and drafting data processing agreements. Once operations commence, we will publish a live vendor roster describing categories of data shared, retention requirements, and audit cadences.

5. Encryption and Security Controls

All sensitive data is encrypted:

• In transit: TLS 1.3 with perfect forward secrecy
• At rest: AES-256 encryption
• Key management: Hardware Security Modules (HSMs)
• Authentication: Multi-factor authentication required

6. Accessibility and Compliance

WCAG 2.1 AA compliance is a launch requirement. Our design system, component library, and QA checklists all carry accessibility sign-offs. Multi-language support (English and Spanish at launch, additional languages in roadmap) will be tracked in this report to demonstrate progress.

7. Environmental and Social Responsibility

Our environmental and social impact goals will become measurable once the platform scales. Prior to launch we have already committed to renewable-energy cloud regions, paperless operations, and product design that advances financial inclusion; post-launch we will provide audited emission offsets and inclusion metrics in this section.

8. Updates to This Report

We will refresh this report at least annually and after any material incident, starting with our beta launch. Historical editions will remain available so investors can track trends over time.

9. Contact Information

For questions related to this transparency planning phase, contact our team at privacy.savecash@gmail.com with the subject line “Transparency Report (Pre-Launch)”. We will publish additional channels for investors and regulators as we approach general availability.