Privacy Policy

1. Data We Collect

Account Information

When you create an account, we collect your email address, display name, and authentication credentials (managed securely via Supabase Auth). If you sign in with Google, we receive your name, email address, and profile picture from Google. If you sign in with another third-party provider, we receive your name and email from that provider.

Financial Data

To provide FI Score calculations, geo-arbitrage comparisons, and tax optimization, you may voluntarily provide financial data such as income, expenses, savings, investments, and tax information. This data is stored encrypted at rest and is never shared with third parties.

Usage Data

We automatically collect usage data including pages visited, features used, device type, browser type, IP address, and referral source. We use PostHog (EU cloud) for product analytics and session replay, Umami for privacy-friendly web analytics, and Resend for transactional and marketing email delivery.

Cookies & Local Storage

We use essential cookies for authentication and session management. Analytics cookies are used for product improvement. See our Cookie Policy for details.

2. Google API Data

Data Received from Google

When you sign in with Google, we receive the following data from your Google account via Google OAuth2: your profile name, email address, and profile picture URL. We request only the standard scopes (openid, email, profile) necessary to create and manage your account.

How We Use Google Data

The data received from Google is used exclusively to: create and identify your IndepAI account; display your name and profile picture within the Service; communicate with you at your email address. Google user data is not used for any other purpose.

No Selling or Sharing of Google Data

We do not sell, rent, or share your Google user data with any third parties for advertising, marketing, or any other purpose. Google user data is not used for AI or machine learning model training.

Storage of Google Data

Google user data is stored in our Supabase database hosted in the EU region, with encryption at rest and in transit.

Retention and Deletion of Google Data

Google user data is retained for as long as your IndepAI account is active. Upon account deletion, all Google user data is permanently deleted within 30 days.

Revoking Google Access

You can revoke IndepAI's access to your Google data at any time by: visiting your Google Account permissions page and removing IndepAI; or by deleting your IndepAI account, which will remove all associated Google data within 30 days.

3. How We Use Your Data

We use your data to: provide and maintain the Service; calculate your FI Score and financial projections; generate personalized AI coaching advice; process payments via Stripe; send transactional emails (account verification, password resets); improve the Service through anonymized analytics; comply with legal obligations.

4. Data Sharing

We do not sell your personal data. We do not sell, rent, or share your Google user data with third parties for advertising or marketing purposes. We share data only with: Supabase (database hosting, EU region); Stripe (payment processing); OpenRouter.ai (AI features, with anonymized prompts); PostHog (product analytics and session replay, EU cloud); Resend (transactional and marketing email delivery). All processors are GDPR-compliant and bound by data processing agreements.

5. Data Retention

We retain your account data for as long as your account is active. Financial data you provide is retained until you delete it or close your account. Usage analytics are retained for 24 months. After account deletion, we remove personal data within 30 days, except where retention is required by law.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability (export your data); object to processing; withdraw consent at any time. To exercise these rights, contact us at privacy@indepai.app.

7. Security

We implement industry-standard security measures including: encryption at rest and in transit (TLS 1.3); Row Level Security (RLS) on all database tables; secure authentication via Supabase Auth; regular security audits; infrastructure hosted on EU-based servers.

8. International Transfers

Your data is primarily stored in the EU (Supabase EU region). Where data is transferred outside the EU (e.g., Stripe for payment processing), we ensure adequate safeguards are in place, including Standard Contractual Clauses.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Google API Services Limited Use Disclosure

IndepAI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related inquiries, contact us at privacy@indepai.app or write to: IndepAI Systems Inc., Krakow, Poland.