Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction

Welcome to PocketWise AI, an AI-powered personal finance management platform operated by CodeSages LLC ("Company," "we," "us," or "our"). We are committed to protecting your privacy and handling your personal and financial information with the highest standards of care and security.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have regarding your data. By using PocketWise AI, you agree to the collection and use of information in accordance with this Privacy Policy.

Our Commitment: We do NOT sell your data, and we limit data sharing to only what is necessary to provide and improve our services.

2. Information We Collect

2.1 Financial Information

To provide our core financial management services, we collect:

  • Banking credentials (processed securely through Plaid Premium; we do not directly store your bank login)
  • Bank account details (balances, account types, numbers, institution names)
  • Transaction history and descriptions from connected accounts
  • Credit card information (balances, limits, payment dates, interest rates)
  • Loan and debt details (balances, interest rates, payment schedules)
  • Income sources and amounts
  • Bill information and payment history
  • Bill documents you upload (images, PDFs, text files)
  • Financial goals and savings targets
  • Business payment data from Stripe accounts (for business users)

2.2 Personal Information

  • Email address (your primary account identifier)
  • Account credentials (hashed and encrypted passwords)
  • User preferences and settings
  • Communication history with our support team

2.3 Payment Information

  • Stripe customer ID
  • Subscription tier and status (Free Trial, Basic, or Premium)
  • Payment method details (stored securely by Stripe, not directly by us)
  • Billing history and invoices
  • Trial usage status

2.4 Usage & Technical Data

  • AI query history and interactions
  • Feature usage patterns and session data
  • IP addresses, browser type, and device information
  • Cookies and tracking technologies
  • Error logs and diagnostic data
  • Cache data (Redis temporary storage)

3. How We Use Your Information

3.1 Core Service Delivery

  • AI-powered financial analysis and personalized insights using Claude AI
  • Debt optimization calculations (avalanche, snowball, AI-optimized strategies)
  • Automated bill parsing and transaction categorization
  • Financial forecasting and budget recommendations
  • Multi-bank data aggregation and synchronization via Plaid
  • Account balance tracking and payment reminders
  • Business expense tracking for Stripe-connected accounts

3.2 Service Improvement

  • Platform performance optimization and bug detection
  • AI model refinement (using anonymized data only)
  • Feature development based on usage patterns
  • Security improvements and threat analysis

3.3 Communication

  • Account notifications and security alerts
  • Subscription and billing communications
  • Service updates and customer support responses
  • Educational content (you can opt out)

3.4 Legal & Compliance

  • Fraud prevention and detection
  • Terms of Service enforcement
  • Compliance with legal obligations
  • Protection of rights and safety

4. Data Storage & Security

4.1 Storage Infrastructure

  • Primary database: Supabase (PostgreSQL) with Row-Level Security (RLS)
  • Caching layer: Redis (temporary storage for performance)
  • Hosting: Vercel secure cloud infrastructure
  • Geographic location: United States data centers
  • Backups: Regular automated backups with encryption

4.2 Security Measures

  • End-to-end encryption for data in transit (TLS 1.3+)
  • Encryption at rest for sensitive data (AES-256)
  • Row-Level Security (RLS) for database access control
  • Secure password hashing (bcrypt with salts)
  • Multi-factor authentication available
  • Regular security audits and vulnerability scanning
  • 24/7 security monitoring with automated alerting

Important Note: While we implement strong security measures, no system is 100% secure. We commit to following industry best practices and promptly addressing any identified vulnerabilities.

4.3 Data Retention

  • Active account data: Retained while your account is active
  • Transaction history: Minimum 7 years (financial record-keeping requirements)
  • Deleted account data: Removed within 30 days (some data retained longer for legal compliance)
  • Backup retention: Deleted data purged from backups within 90 days
  • Cached data: Automatically expires within 24 hours

5. Third-Party Services & Data Sharing

5.1 Plaid (Banking Data Aggregation)

Purpose: Securely connect to your bank accounts and retrieve financial data.

  • Data shared: Authorization to access accounts you select
  • Data received: Account balances, transactions, account metadata
  • Your credentials: Provided directly to Plaid (we never see them)
  • User control: Disconnect Plaid anytime via account settings
  • Security: Bank-level encryption, SOC 2 Type II certified
  • Plaid Privacy Policy: https://plaid.com/legal/#end-user-privacy-policy

5.2 Stripe (Payment Processing)

Purpose: Process subscription payments and business account integration.

  • Data shared: Email, billing address, customer ID
  • Payment data: Credit card information stored by Stripe only (we never see full card numbers)
  • Business accounts: Transaction data for users who connect Stripe
  • Security: PCI DSS Level 1 certified
  • Stripe Privacy Policy: https://stripe.com/privacy

5.3 Anthropic (AI Processing)

Purpose: Financial analysis, bill parsing, debt optimization, insights generation.

  • Data shared: Financial data for AI analysis (processed securely)
  • Model: Claude AI (Sonnet 4.5 and other models)
  • Important: Anthropic does NOT use your data to train their AI models
  • Security: SOC 2 Type II certified, encrypted transmission
  • Anthropic Privacy Policy: https://www.anthropic.com/legal/privacy

5.4 Vercel (Hosting & Deployment)

Purpose: Application hosting and content delivery.

  • Data access: Infrastructure-level access to hosted application
  • Security: Enterprise-grade security, DDoS protection, SOC 2 Type II certified

5.5 Data Sharing Limitations

We Do NOT:

  • Sell your personal or financial data to anyone
  • Share your data with third parties for marketing purposes
  • Provide your data to data brokers or advertising networks
  • Use your financial data for purposes other than providing services to you

6. User Rights & Data Control

6.1 Access Rights

You can view and access all your personal and financial data through your PocketWise AI dashboard. For comprehensive data access requests, contact us at privacy@codesages.net.

6.2 Correction Rights

Update your account information, correct financial data, and modify preferences through your account settings. For bank data inaccuracies, contact your financial institution directly.

6.3 Deletion Rights

Delete your account and associated data at any time through Account Settings → Delete Account. Most data is deleted within 30 days, though some financial records may be retained longer for legal compliance.

6.4 Portability Rights

Export your transaction history, financial reports, and AI-generated insights in CSV or JSON format through the Export features in your dashboard.

6.5 Control Features

  • Connect and disconnect bank accounts anytime
  • Disable specific AI features
  • Control notification preferences
  • Manage connected services (Plaid, Stripe)
  • Adjust privacy settings

7. AI & Automated Decision Making

7.1 AI Processing

We use Anthropic's Claude AI for:

  • Financial data analysis and personalized insights
  • Automated transaction categorization
  • Bill parsing from uploaded documents (OCR)
  • Debt payoff strategy optimization
  • Financial forecasting and projections
  • Natural language queries and answers

7.2 User Control

AI features are optional. You can disable specific AI features, manually override AI suggestions, and review all recommendations before acting. You make all final financial decisions.

IMPORTANT: AI INSIGHTS ARE NOT FINANCIAL ADVICE

  • AI-generated insights are algorithmic suggestions only, not professional financial advice
  • Accuracy is not guaranteed; AI may misinterpret transactions or provide incomplete analysis
  • We are NOT registered financial advisors or investment advisors
  • Consult qualified professionals for important financial decisions
  • AI models have limitations and may not account for your complete circumstances

7.3 Data Used for AI

  • AI analysis is performed exclusively on YOUR personal financial data for YOUR personalized insights
  • Your data is NOT used to train Anthropic's AI models (per Anthropic's API policies)
  • Your data is NOT shared with other users
  • AI processing occurs in secure, isolated environments with encryption

8. Children's Privacy

PocketWise AI is NOT intended for users under 18 years of age. We do not knowingly collect information from minors. Account registration requires confirmation that you are 18 or older.

If you believe your child under 18 has provided information to PocketWise AI, please contact us immediately at privacy@codesages.net. We will promptly delete all associated data and terminate the account.

9. International Users & Data Transfers

9.1 Primary Jurisdiction

CodeSages LLC is a United States company. PocketWise AI is operated from the United States, and data is primarily processed and stored in US-based servers. If you access PocketWise AI from outside the United States, your information will be transferred to, stored in, and processed in the United States.

9.2 GDPR Compliance (EU Users)

EU/EEA/UK residents have additional rights under GDPR:

  • Right of access: Obtain confirmation and copies of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request data deletion
  • Right to data portability: Receive data in machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to lodge a complaint: File with your national data protection authority

9.3 CCPA Compliance (California Users)

California residents have rights under CCPA/CPRA:

  • Right to know: What personal information we collect and how we use it
  • Right to delete: Request deletion of personal information
  • Right to opt-out: We do NOT sell personal information
  • Right to correct: Request correction of inaccurate information
  • Right to non-discrimination: No denial of service for exercising rights

To exercise California rights, email privacy@codesages.net with subject line "California Privacy Rights Request".

10. Financial Data Privacy & Compliance

10.1 Gramm-Leach-Bliley Act (GLBA)

We implement administrative, technical, and physical safeguards to protect your non-public personal information. We limit access to your information to employees and service providers who need it to provide services. We do not disclose your information to third parties for marketing purposes.

10.2 Electronic Funds Transfer Act (Regulation E)

Important Disclosure: PocketWise AI is NOT a financial institution and does NOT process electronic fund transfers or payments on your behalf. We do not transfer funds, make payments, or execute transactions. We are a financial data aggregation and analysis platform that provides read-only access to your financial data.

11. Data Breach Notification

In the event of a data breach, we will:

  • Investigate immediately and contain the breach
  • Notify affected users via email within 72 hours (GDPR requirement)
  • Provide clear information about what happened and what data was compromised
  • Recommend actions to protect yourself
  • Notify relevant authorities as required by law

For security incidents, contact security@codesages.net.

12. Changes to Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide 30 days' advance notice via email. Continued use after changes become effective constitutes acceptance. You may close your account if you disagree with changes.

13. Contact Information

Privacy Questions or Data Rights Requests:

Email: privacy@codesages.net

Response Time: We respond to privacy inquiries within 7 business days for general questions and 30 days for formal data rights requests.

General Support:

Email: help-desk@codesages.net

Security Issues:

Email: security@codesages.net

Mailing Address:

CodeSages LLC
Attn: Privacy Officer
[Street Address]
[City, State ZIP]

Thank you for trusting PocketWise AI with your financial data. Your privacy and security are our highest priorities.

PocketWise AI is a product of CodeSages LLC. All rights reserved.