Privacy Policy

1. Introduction

Kaivest ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information. By using Kaivest, you agree to the practices described here.

2. Information We Collect

Account information

When you create an account, we collect your email address and password. If you enable multi-factor authentication (MFA), we store the necessary verification data. If you complete a user profile, we store the information you provide (e.g., name, financial goals, preferences).

Financial data you enter

Kaivest stores the financial information you choose to enter, including: transactions (expenses and income), budgets, savings goals, credit card balances and payments, investment account balances and snapshots, recurring transactions, categories, payment methods, income sources, and deposit accounts.

AI chat data

When you interact with Kai, your messages and Kai's responses are stored in your account. Daily token usage is tracked to enforce usage limits. Chat history allows Kai to reference past conversations for continuity.

Technical data

We automatically collect limited technical information including: IP address (used for rate limiting and security), browser type and version, error reports (via Sentry), and general usage patterns. We do not use tracking cookies or third-party analytics.

3. How We Use Your Information

• Provide the Service: Store and display your financial data, generate AI responses, execute recurring transactions, and enable data export.
• Personalize Kai: Your profile and financial context are used to tailor Kai's responses to your situation.
• Security: IP-based and per-user rate limiting, CSRF protection, and session management to protect your account.
• Reliability: Error monitoring and logging to diagnose and fix issues.
• Communication: Send account-related notifications (e.g., password reset emails). We do not send marketing emails.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, solely to operate the Service:

• Database & authentication: Supabase (PostgreSQL database hosting, user authentication, row-level security).
• AI processing: Anthropic (processes chat messages to generate Kai's responses). Only the minimum context needed for a response is sent.
• Application hosting: Vercel (serves the web application, runs API routes and scheduled jobs).
• Error monitoring: Sentry (receives error reports to help us identify and fix bugs; no financial data is included in error reports).
• Rate limiting: Upstash (Redis-based rate limiting to prevent abuse; stores only anonymized request counts).

We may also disclose information if required by law, regulation, legal process, or governmental request.

5. AI Processing

When you chat with Kai, relevant messages and financial context from your account are sent to our AI provider (Anthropic) to generate responses. Key points:

• Only data relevant to your current conversation is sent — not your entire account.
• Anthropic does not use your data to train its models (per their data processing terms).
• Chat history is stored in your Kaivest account, not by the AI provider.
• You can delete your chat history at any time.

6. Data Security

We implement multiple layers of security to protect your data:

• Row-level security (RLS): Database policies ensure you can only access your own data.
• Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest.
• Authentication: Passwords are hashed. Optional MFA/TOTP adds a second layer.
• CSRF protection: All state-changing API requests are protected against cross-site request forgery.
• Rate limiting: Per-IP and per-user rate limits prevent brute-force and abuse.
• Token security: Invite tokens are hashed before storage.

No system is 100% secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal, compliance, or dispute resolution purposes. Anonymized, aggregated data that cannot identify you may be retained indefinitely.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Export: Download your financial data at any time using the in-app export feature (CSV and PDF formats).
• Correction: Update or correct your personal information through the app.
• Deletion: Request deletion of your account and associated data by contacting us.
• Withdraw consent: Stop using the Service at any time. For AI processing, you can stop using the chat feature.

To exercise any of these rights, contact us at privacy@kaivest.ai. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries other than your own, including the United States and Canada, where our service providers operate. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

10. Children's Privacy

Kaivest is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will promptly delete it.

11. Cookies & Local Storage

Kaivest uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. Local storage may be used to cache UI preferences for a better user experience.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. Your continued use of the Service after changes are posted constitutes acceptance.

13. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at privacy@kaivest.ai.