Privacy Policy

1. Introduction

KGiQ Family Finance ("we," "our," or "us") is committed to protecting your privacy and financial data. This Privacy Policy explains how we collect, use, protect, and share information when you use our family financial management application (the "Service").

2. Information We Collect

2.1 Account Information

• • Email address and password (encrypted)
• • Family name and member information
• • Profile settings and preferences
• • Multi-factor authentication data

2.2 Financial Data (via Plaid)

• • Bank account information (account numbers, balances)
• • Transaction history and descriptions
• • Account holder names and institution details
• • Account types (checking, savings, credit, etc.)

2.3 Usage Information

• • Income events, payment schedules, and budget categories
• • Transaction categorizations and custom spending categories
• • Report preferences and export requests
• • Application usage patterns and feature interactions

3. How We Use Your Information

3.1 Service Provision

• • Synchronize and display your bank account data
• • Categorize transactions and analyze spending patterns
• • Calculate cash flow, budgets, and financial insights
• • Generate reports and export financial data
• • Enable family member data sharing with appropriate permissions

3.2 Security and Authentication

• • Verify your identity and maintain secure sessions
• • Detect and prevent fraudulent activities
• • Send security notifications and alerts
• • Maintain audit logs for security monitoring

3.3 Communication

• • Send service-related notifications and updates
• • Respond to support requests and inquiries
• • Notify about account or security issues

4. Data Protection and Security

4.1 Encryption and Security

• • All data transmitted using TLS 1.3 encryption
• • Data at rest encrypted using AES-256 encryption
• • Bank-grade security headers and HTTPS enforcement
• • Multi-factor authentication required for account access
• • Regular security audits and vulnerability assessments

4.2 Banking Data Security

• • Bank connections managed by Plaid (SOC 2 Type II certified)
• • We never store your banking credentials
• • Bank account tokens securely encrypted and stored
• • Read-only access to account data (no ability to initiate transactions)

4.3 Access Controls

• • Role-based access control for family members
• • Session management with automatic timeout
• • Comprehensive audit logging of all data access
• • Regular access reviews and permission updates

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal or financial information to third parties for marketing purposes.

5.2 Service Providers

• • Plaid: Bank data aggregation and authentication
• • Neon: Database hosting and management
• • Vercel: Application hosting and content delivery
• • Supabase: User authentication services
• • Resend: Transactional email delivery

5.3 Family Member Sharing

• • Financial data shared only with invited family members
• • Role-based permissions control data access levels
• • Family members can be removed at any time
• • All sharing activities are logged and auditable

5.4 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

6. Data Retention

• • Financial transaction data: Retained indefinitely as requested by users
• • Account information: Retained while account is active
• • Audit logs: Retained for 7 years for security and compliance
• • Deleted account data: Anonymized after 30 days
• • Bank connection tokens: Deleted immediately upon disconnection

7. Your Rights and Choices

7.1 Access and Control

• • View and update your account information at any time
• • Export your financial data in CSV format
• • Delete individual transactions or entire data sets
• • Disconnect bank accounts and remove data
• • Close your account and request data deletion

7.2 Communication Preferences

• • Opt out of non-essential email notifications
• • Control alert frequency and types
• • Update contact preferences in account settings

8. Cookies and Tracking

We use essential cookies for authentication and session management. We use Vercel Analytics for basic performance monitoring, which collects anonymous usage statistics.

• • Essential cookies: Required for login and security
• • Analytics cookies: Anonymous performance data only
• • No advertising or tracking cookies
• • No third-party marketing pixels

9. International Users

Our services are hosted in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the US. We maintain appropriate safeguards for international data transfers.

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected information from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or through our Service. Your continued use of the Service after changes indicates your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: