Privacy Policy

1. Information We Collect

We collect information that you provide directly to us and information we collect automatically when you use our services:

• Personal identification information: name, email address, phone number, and profile photo (if provided via Google OAuth)
• Financial data: transaction records, account names and balances, budget configurations, savings goals, invoice details, and payment information you enter into the platform
• Usage data: features used, time spent on pages, interactions with the platform, AI Advisor conversations, and notification preferences
• Device and technical information: IP address, browser type, operating system, device identifiers, and referral URLs

2. Financial Data Collection & Storage

Since Albetech Finance is a financial tracking platform, we want to be especially transparent about how we handle your financial information:

• Manual entries: All financial data (transactions, accounts, budgets, goals) is entered by you. We store this data securely in our database to provide our services.
• Bank connections (future): We plan to integrate with Plaid to offer automatic bank account syncing. When available, Plaid will act as an intermediary — we will receive transaction data but never your bank login credentials. You will be able to disconnect bank accounts at any time.
• Data storage: Your financial data is stored in MongoDB Atlas with encryption at rest. We use industry-standard security practices including encrypted connections, access controls, and regular backups.
• We never sell your financial data. Period. Your transaction history, account balances, and financial information are never shared with advertisers or data brokers.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our financial tracking and management services
• Power AI Advisor features that analyze your spending patterns and provide personalized financial insights (your data stays within our platform and is not used to train AI models)
• Communicate with you about account updates, security alerts, bill reminders, and customer support
• Analyze usage patterns in aggregate to enhance user experience and develop new features
• Detect, prevent, and address technical issues, fraud, and security threats
• Process subscription payments and manage your account billing through Stripe

4. Third-Party Services

We use trusted third-party services to operate our platform. Here's exactly who has access to what:

• MongoDB Atlas: Database hosting — stores your account data, transactions, and financial records with encryption at rest
• Stripe: Payment processing — handles subscription billing. Stripe receives your payment method details; we never store your full credit card number
• Amazon Web Services (AWS S3): File storage — stores uploaded documents, invoice attachments, and profile images
• Brevo (formerly Sendinblue): Email service — sends transactional emails (verification, password reset, bill reminders). Receives your email address and name
• Google OAuth: Authentication — if you sign in with Google, we receive your name, email, and profile picture. We do not access your Google Drive, Gmail, or other Google services
• Google Gemini AI: Powers the AI Advisor feature — processes your financial queries with relevant context from your data to provide insights

5. Information Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

• With the service providers listed above, solely to operate our platform
• When required by law, court order, or governmental request
• In connection with a merger, acquisition, or sale of assets (you would be notified in advance)
• With your explicit consent for any other purpose

6. Data Retention

We retain your data based on the following policies:

• Active accounts: Your data is stored for as long as your account is active and you continue to use our services
• Deleted accounts: When you delete your account, we remove all your personal and financial data within 30 days. Some data may be retained in encrypted backups for up to 90 days before being permanently purged
• Billing records: We retain payment transaction records as required by tax and accounting regulations (typically 7 years)
• Usage logs: Anonymized usage analytics are retained for up to 12 months for product improvement purposes

7. Data Security

We implement industry-standard security measures to protect your data, including: TLS 1.3 encryption for all data in transit, AES-256 encryption for data at rest in MongoDB Atlas, secure authentication with JWT tokens and bcrypt password hashing, rate limiting to prevent abuse, regular security reviews, and strict access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. If you discover a security vulnerability, please contact us immediately at security@albetechsolution.com.

8. Cookies and Tracking

We use essential cookies and local storage to maintain your session, remember your preferences (language, theme), and keep you logged in. We do not use third-party advertising cookies or trackers. If we add analytics in the future, we will update this policy and give you the option to opt out.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request that we delete your personal information. You can do this directly from your account settings or by contacting us
• Right to Opt-Out: We do not sell your personal information, so there is no need to opt out of sales
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

10. Your Rights

Regardless of your location, we believe you should have control over your data. You have the right to:

• Access and download a copy of all your personal and financial data
• Request correction of any inaccurate information
• Request deletion of your account and all associated data
• Export your data in a standard format (data portability)
• Restrict or object to certain types of data processing

11. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take immediate steps to delete that information and terminate the associated account.

12. International Data Transfers

Our services are hosted in the United States. If you access our services from outside the US, your data will be transferred to and processed in the United States. By using our services, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data in accordance with this privacy policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email and display a notice in the platform. We encourage you to review this policy periodically. The 'Last Updated' date at the top indicates when this policy was last revised.