← Kash.ai

Privacy Policy

Effective date: April 14, 2025 · Last updated: April 14, 2025

1. Who we are

Kash.ai ("we", "us", "our") is a personal finance tool that helps you detect and dispute bank fees. We are headquartered in the United States. If you have questions about this policy, contact us at hello@kashlabsai.com.

2. Information we collect

  • Account information — your email address and password (stored securely via Supabase Auth, passwords are hashed and never stored in plaintext).
  • Financial account data — when you connect a bank via Plaid, we receive read-only access to your account balances and transaction history. We do not store your bank login credentials at any point.
  • Transaction data — transaction descriptions, amounts, dates, and merchant categories, used to identify fees and generate insights.
  • Usage data — anonymous analytics events (e.g. which tabs you visit, button clicks) collected via PostHog, and session recordings and heatmaps collected via Microsoft Clarity. No personally identifiable information is attached to these events.
  • Email preferences — your opt-in/opt-out status for marketing and digest emails.

3. How we use your information

  • To detect bank fees in your transaction history and alert you
  • To generate personalized spending insights and peer comparisons
  • To send transactional emails (fee alerts, account activity)
  • To send marketing and digest emails (only if you have not opted out)
  • To operate, maintain, and improve the Kash.ai service
  • To comply with legal obligations

4. Bank data and Plaid

Bank account linking is powered by Plaid Inc. Plaid's privacy policy governs the data transmitted between your bank and Plaid. We receive only the data Plaid shares with us: account names, balances, and transactions.

We connect read-only by default. Free plan users have read-only access at all times. Pro plan users may optionally enable automatic transfers (e.g. moving funds to avoid overdraft fees) — this requires explicit consent and can be disabled at any time. Your money moves only when you say so.

5. Data sharing

We do not sell your personal data. We share data only with:

  • Plaid — to connect your bank accounts (read-only by default; write access only if you enable automatic transfers on Pro)
  • Supabase — our database and authentication provider
  • Resend — to deliver transactional and marketing emails
  • PostHog — for anonymous product analytics
  • Microsoft Clarity — for session recordings and heatmaps to understand how users interact with the product. Clarity may collect mouse movements, clicks, and scrolling behavior. You can opt out at aka.ms/clarity-opt-out. See Microsoft's privacy policy for details.
  • Law enforcement — if required by valid legal process

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or compliance purposes. Transaction data synced from Plaid is retained for 24 months to power year-over-year insights.

7. Security

All data is encrypted in transit (TLS) and at rest. Plaid access tokens are encrypted in our database using AES-256-GCM before storage. We do not log or store your bank passwords at any point.

8. Your rights

  • Access — request a copy of all data we hold about you
  • Deletion — request deletion of your account and data
  • Correction — update inaccurate information
  • Opt-out — unsubscribe from marketing emails at any time via the link in any email or at kashlabsai.com/unsubscribe

To exercise any right, email us at hello@kashlabsai.com and we will respond within 30 days.

9. Cookies and tracking

We use minimal cookies required for authentication (session cookies from Supabase). We do not use third-party advertising cookies. Our analytics providers (PostHog and Microsoft Clarity) may set first-party cookies to distinguish unique visitors; no personally identifiable data is stored in these cookies.

10. Children

Kash.ai is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email.

12. Contact

Kash.ai
hello@kashlabsai.com

Terms of ServiceBack to Home