Consumer Consent Policy

1. Introduction

Finance AI (“the Company,” “we,” “our”) is committed to transparency about how we collect, process, and store your personal and financial data. This policy explains what data we collect, why we collect it, how it is used, and the rights you have over your information.

By creating an account and checking the consent box during registration, you acknowledge that you have read, understood, and agree to the practices described in this policy.

2. Data We Collect

2.1 Account Information

When you register, we collect your name, email address, and a hashed version of your password. If you sign in with Google, we receive your name, email, and profile picture from Google.

2.2 Financial Data via Plaid

When you connect a bank account through Plaid, we receive account balances, transaction history, and account metadata (institution name, account type, account mask). We access this data through Plaid’s secure API using tokens that are encrypted before storage.

2.3 Manually Entered Data

You may provide additional financial information such as stock holdings, mortgage details, and family member profiles. This data is provided voluntarily.

2.4 Payment Information

Payment details (credit/debit card) are collected and processed exclusively by Stripe. We do not store your card number, CVC, or billing address on our servers.

2.5 Usage Data

We collect anonymized analytics data (page views, feature usage) via Vercel Analytics to improve the product. This data is not tied to your identity.

3. How We Use Your Data

• Provide the service: Display your financial accounts, transactions, balances, and AI-powered insights on your personal dashboard
• Process payments: Manage your subscription and billing through Stripe
• Improve the product: Analyze anonymized usage patterns to fix bugs and build better features
• Communicate: Send account-related notifications such as subscription confirmations, payment failures, or security alerts

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes.

4. Third-Party Data Processors

We share data only with the following service providers, solely to operate the service:

• Plaid — bank account linking and financial data retrieval
• Stripe — subscription billing and payment processing
• Neon — managed PostgreSQL database hosting
• Vercel — application hosting and analytics
• OpenAI — AI-powered financial insights (only anonymized/aggregated transaction data is sent; no personally identifiable information is included in AI prompts)

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated personal and financial data will be permanently deleted from our systems within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard safeguards to protect your data, including encryption in transit (TLS 1.2+), encryption at rest (AES-256), application-layer encryption for sensitive tokens, and strict access controls. For full details, see our Information Security Policy.

7. Your Rights

You have the right to:

• Access the personal and financial data we hold about you
• Correct inaccurate data associated with your account
• Delete your account and all associated data
• Disconnect any linked bank account at any time, which revokes our access to that institution’s data
• Withdraw consent by deleting your account; note that withdrawing consent means the service can no longer be provided

To exercise any of these rights, contact us at the address below.

8. Changes to This Policy

We may update this policy from time to time. If we make material changes to how we collect, use, or share your data, we will notify you via email or an in-app notice before the changes take effect. Continued use of the service after notification constitutes acceptance of the updated policy.