Why we're telling you we're early
Most startups wait until everything looks finished before they say a word. We'd rather do the opposite. Buoy is early — pre-launch, still taking shape — and we think the honest version of that is also the more interesting one. When you join now, you're not a late arrival to a polished machine. You're early enough to change what gets built.
That's a deliberate choice, and it cuts both ways. There are two kinds of "early," and we want to be precise about which one we mean.
Two lanes, and we never mix them up
The product is early. The safety of your data is not.
The product — the count-up mechanics, the badges, the categories, the AI advisor's tone, what we build next — is genuinely open. We don't have all the answers, and we don't pretend to. We'd rather build the next features with the people who'll use them than guess in a room by ourselves. That's the part we're inviting you into.
The way your financial data is handled is a different lane entirely. That was architected from the first line of code, and it isn't a work in progress, a "we'll harden it later," or anything we'd ever put to a vote. A budgeting app is only worth using if the money side is boringly, unshakably safe. So here's exactly how it works, in plain English.
How Buoy connects to your bank
When you link an account, you do it through Plaid — the same connection layer behind apps like Venmo, Robinhood, and Coinbase, used by thousands of banks and finance apps. Three things follow from that, and all three are true by design:
- Read-only. Buoy can see balances and transactions so it can build your budget. It cannot move money, make a payment, or change anything in your accounts. There is no pathway for it to — that's not a policy, it's the architecture.
- We never see your bank login. You type your credentials into Plaid's own screen, which hands them to your bank. They never touch Buoy. We receive an encrypted access token, not your username and password.
- Encrypted in transit and at rest. Your data is encrypted on the way to us and while we store it. You can disconnect any institution at any time, and that cuts off access immediately.
And one more, because it shapes everything else: we make money from subscriptions, not from your data. You are the customer, not the product. We don't sell or share your financial information — the Privacy Policy spells out the specifics, and our marketing will never say anything the policy doesn't back up.
What "building in the open" actually means here
Concretely, here’s what we’re putting in place — not just a vibe:
- A public roadmap where founding members can see what's coming and vote on what matters most — the next badges, new category types, count-up tweaks.
- A "You asked, we shipped" changelog that closes the loop. When something you suggested goes live, you hear about it, and we say who asked for it.
- Founding-member access for early users — early access to new features and a real say in the direction. It’s about access and influence first; we’re shaping the rest with you.
What it does not mean: we will never publish vanity numbers we don't have, never imply a feature exists before it does, and never ask the internet to help us "figure out" how to protect your data. Build-in-public, for us, is about product decisions — never about safety.
Come build it with us
If count-up budgeting sounds like the thing you wished existed, and being early sounds like a feature rather than a risk, this is the moment to get in. Tell us the budgeting problem you're actually trying to solve when you sign up — that's not a marketing question, it's the first thing that'll shape what we build.
We're early. We're not careless. Come help us shape what's next.
Questions, feedback, or a security question? Email hello@buoy-ai.com.
