Financial Fitness Passport

1. Introduction

Financial Fitness Passport, Inc. ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use the Financial Fitness Passport App ("App").

By using our App, you agree to this Privacy Policy. If you do not agree, please do not use the App.

2. Information We Collect

Personal Information

We collect information that you provide directly to us, including:

Account Information: Name, email address, password (encrypted), and account credentials
Verification Data: Email verification status and verification timestamps
Profile Information: User preferences, settings, and customization choices

Financial Information

You may choose to provide sensitive financial data, including:

Income, savings, and emergency fund amounts
Debt balances, interest rates, and repayment plans
Investment account balances and contribution rates
Insurance coverage details and estate planning status
Cash flow data (income sources and expense categories)
Tax information (filing status, deductions, state tax data)

Note: We do not connect to your bank accounts or financial institutions. All financial data is manually entered by you and stored securely in our encrypted database.

AI Inputs & Outputs

When you use our AI-powered Pro features (Penny AI Assistant, AI Coach, Personalized Roadmap, Progress Interpreter), we collect:

Questions, prompts, and messages you submit to the AI
AI-generated responses and recommendations
Context data (your financial profile used to personalize AI outputs)
Chat history and conversation logs

Payment Information

Processed by Stripe: Credit card information is collected and processed by Stripe, Inc. We do not store full credit card numbers
Subscription status, billing history, and payment method type
Promotional codes used and discount applications

Usage Data & Analytics

We automatically collect:

Device information (type, operating system, browser)
IP address and approximate geographic location
App interactions, page views, and feature usage
Login count and session duration
Error logs and crash reports (via Sentry)
Firebase Analytics data (with opt-out available)

Cookies & Tracking Technologies

We use cookies and similar technologies for authentication, preferences, analytics, and performance monitoring. You can manage cookie preferences through your browser settings.

3. How We Use Information

We use your data to:

Operate and improve the App: Provide core features, calculate your Financial Fitness score, generate badge assessments, and track progress
Provide AI-powered insights: Generate personalized financial recommendations, coaching, roadmaps, and progress analysis using third-party AI engines
Process payments: Manage Pro subscriptions, apply promotional codes, and handle billing
Communicate with you: Send account notifications, educational content, feature updates, security alerts, and customer support responses
Analyze trends and enhance user experience: Understand how features are used, identify bugs, and develop improvements
Provide benchmarking (opt-in): Aggregate anonymized data for community comparisons
Comply with legal obligations: Respond to subpoenas, prevent fraud, enforce our Terms, and maintain audit logs
Maintain security: Detect and prevent unauthorized access, abuse, and security threats

4. How We Share Information

Service Providers

We share data with trusted third-party service providers:

Firebase (Google): Authentication, Firestore database, Firebase Storage, and Analytics
Stripe: Payment processing and subscription management
OpenAI: AI-powered features (GPT-4o-mini API for Penny AI, Coach, Roadmap, Progress Interpreter)
Sentry: Error tracking and performance monitoring
Vercel: Application hosting and deployment infrastructure

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Third-Party AI Processing

Important Notice: When you use AI-powered Pro features, your inputs and financial data are transmitted to third-party AI platforms (OpenAI) for processing.

We send minimal necessary context to generate relevant insights
AI providers may temporarily process and cache your data
We do not control third-party AI data practices
OpenAI's data usage policies apply to API requests

Legal Requirements

We may disclose information when required by law or to:

Comply with legal process (subpoenas, court orders)
Protect rights, property, and safety
Prevent fraud or security threats
Enforce our Terms and Conditions

Business Transfers

During a merger, acquisition, sale, or reorganization of our business, your information may be transferred to the successor entity. We will notify you of any such change.

Aggregated & Anonymized Data

We may share de-identified or aggregated data that cannot reasonably identify you for research, marketing, or analytics purposes.

We Do Not Sell Your Data

We do not sell your personal information to third parties for monetary consideration.

5. Use of Artificial Intelligence and Data Processing

Our App integrates third-party AI services (OpenAI GPT-4o-mini) that process user data to generate insights, coaching, roadmaps, and progress analysis.

AI Data Processing Acknowledgment

We do not guarantee the accuracy or reliability of AI outputs
AI models are probabilistic and may produce errors or hallucinations
Your data is transmitted to external AI providers for processing
AI providers may use data according to their own privacy policies
We implement privacy-first logging (hashed user identifiers, no PII in logs)

By using AI-powered features, you consent to your data being transmitted to and processed by external AI providers. You can avoid this by using only the free features of the App.

6. Data Retention

We retain personal and financial data as long as your account is active or as needed to:

Provide Services and support
Comply with legal obligations (tax records, financial regulations)
Resolve disputes and enforce agreements
Prevent fraud and abuse

Account Deletion

You may request deletion of your account and data at any time by:

Using the "Delete Account" feature in your Profile settings, or
Emailing support@financialfitnesspassport.com

Upon deletion, we will remove your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution, archival logs for compliance).

7. Security

We use reasonable technical and organizational measures to protect your data, including:

Firebase Authentication with bcrypt password hashing
Encrypted data transmission (HTTPS/TLS)
Firestore Security Rules to restrict unauthorized access
Firebase Storage Security Rules for file protection
Server-side authentication verification via Firebase Admin SDK
Email verification enforcement before accessing protected features
Rate limiting on AI API endpoints
Comprehensive security headers (CSP, HSTS, X-Frame-Options)
Regular security audits and dependency updates
Archival logging with SHA-256 hashing for audit trails

Security Limitations

However, no system is completely secure. We cannot guarantee absolute protection against unauthorized access, hacking, data loss, or breaches. You use the App at your own risk.

8. Your Rights

Depending on your jurisdiction (GDPR, CCPA, or other applicable laws), you may have rights to:

Access & Portability

Access and download your personal data
Request a copy of your data in a portable format (JSON export available in Profile)

Correction & Deletion

Correct inaccurate information
Request deletion of your account and data

Consent & Opt-Out

Withdraw consent to data processing
Opt out of marketing communications
Opt out of community benchmarking (Profile settings)
Opt out of Firebase Analytics (Profile settings)
Do Not Sell My Personal Information (CCPA) - We do not sell data

Complaints

File a complaint with a data protection authority in your jurisdiction

To exercise your rights, email us at support@financialfitnesspassport.com. We will respond within 30 days.

9. Children's Privacy

Our App is intended for adults (18+). We do not knowingly collect information from minors under 18.

If we become aware that a child has provided information, we will delete it promptly. If you believe we have collected data from a minor, please contact us immediately.

10. International Users & Data Transfers

Our App is operated in the United States. If you access it from outside the U.S., your information will be transferred to, stored, and processed in the United States.

By using the App, you consent to the transfer and processing of your data in the U.S., which may have different data protection laws than your country. We use Firebase and other services with global infrastructure that may process data in multiple jurisdictions.

GDPR (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR, including data portability, erasure, and the right to lodge complaints with supervisory authorities.

CCPA (California Users)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, request deletion, and opt out of data sales (we do not sell data).

11. Cookies & Tracking Technologies

We use cookies and similar technologies for:

Essential cookies: Authentication, session management, security
Analytics cookies: Firebase Analytics (opt-out available), usage patterns
Preference cookies: Remember your settings and customization
Performance cookies: Monitor errors and app performance (Sentry)

You can control cookies through your browser settings. Disabling certain cookies may limit App functionality.

12. Email Communications

We may send you:

Transactional emails: Account verification, password resets, billing notifications (cannot opt out)
Service updates: Feature announcements, security alerts, Terms changes
Educational content: Financial wellness tips, academy lessons (opt-out available)
Marketing communications: Promotions, product news (opt-out available)

You can manage email preferences in your Profile settings or click "unsubscribe" in any marketing email.

13. Community Benchmarking (Opt-In)

Pro users may opt in to share anonymized data for community benchmarking. When you opt in:

Your passport score and debt metrics are aggregated with other users' data
All data is fully anonymized before aggregation (no names, emails, or identifiers)
You can view community averages and compare your progress
You can opt out at any time from Profile settings

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notification will be sent to your registered email address without undue delay.

15. California Privacy Rights (Shine the Light)

California residents may request information about disclosures of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. The latest version will always be posted in the App with a revised "Last Updated" date.

Material changes will be announced via email or in-app notification. Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

17. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your data, contact:

Email: support@financialfitnesspassport.com

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. If you have questions or concerns, please reach out to us at any time.