Welcome to Dolfin AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered personal finance assistant application and related services (collectively, the "Service").
By using Dolfin AI, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
Email address - Used for account identification, verification, and communications
Full name - Used for personalization within the app
Username - Your unique identifier within the Service
Password - Stored securely using BCrypt encryption (we never store plaintext passwords)
Currency preference - Your preferred currency for financial tracking
2.2 Financial Data
To provide our core service, we collect and store:
Transaction records - Amounts, descriptions, dates, and categories of your income and expenses
Custom categories - Categories you create for organizing transactions
Budget information - Any budgets or financial goals you set
Important: Dolfin AI does NOT connect to your bank accounts. All financial data is manually entered by you through natural conversation. We do not have access to your bank credentials, account numbers, or payment card information.
2.3 Conversation Data
When you interact with our AI assistant, we collect:
Chat messages - Your questions and commands to the AI
AI responses - The assistant's replies to your queries
Feedback - Likes or dislikes you provide on AI responses
Conversation summaries - AI-generated summaries for context retention
2.4 Usage Patterns
To improve our service and provide personalized insights, we may learn and store:
Spending patterns - Recurring expenses and income patterns identified from your data
User preferences - Settings and preferences you configure
Usage statistics - How often you use various features
2.5 OAuth Authentication Data
If you choose to sign in with Google or other OAuth providers, we receive:
Email address associated with the OAuth account
Display name (if provided)
Profile picture URL (not stored permanently)
Unique identifier from the OAuth provider
3. How We Use Your Information
Purpose
Data Used
Legal Basis
Provide core financial tracking
Transactions, categories, chat data
Contract performance
AI-powered insights and advice
Transaction history, spending patterns
Contract performance
Personalize your experience
Preferences, usage patterns, facts
Legitimate interest
Account verification
Email address
Contract performance
Security and fraud prevention
Usage patterns, authentication data
Legitimate interest
Service improvement
Aggregated usage data, feedback
Legitimate interest
4. AI Processing and Third-Party Services
4.1 AI Language Model Processing
To power our conversational AI features, we use third-party AI services. When you chat with Dolfin AI:
Your chat messages are sent to our AI provider for processing
Recent conversation context is included to provide coherent responses
AI-generated summaries and extracted patterns help improve future interactions
What is NOT sent to AI providers:
Your passwords or authentication tokens
Raw financial amounts (only aggregated summaries when relevant)
Your email address or personal identifiers
4.2 Email Services
We use email service providers to send:
Account verification emails
Password reset requests
Important account notifications
4.3 OAuth Providers
When you sign in with Google or other OAuth providers, we receive only the data you authorize during the sign-in process.
5. Data Storage and Security
5.1 Security Measures
Encryption at rest - Your data is encrypted in our databases
Encryption in transit - All communications use HTTPS/TLS encryption
Password hashing - Passwords are hashed using BCrypt with strength 10
Access controls - You can only access your own data
Session management - JWT-based authentication with token expiration
5.2 Data Location
Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.
5.3 Data Retention
Data Type
Retention Period
Account information
Until account deletion
Transaction data
Until account deletion or manual deletion
Chat history
Until account deletion
Verification tokens
24-48 hours after generation
Cached responses
5 minutes
6. Your Rights and Choices
6.1 Access and Export
You have the right to:
Access all your personal and financial data stored in our system
Export your transaction data in CSV or PDF format
View your complete chat history with the AI assistant
6.2 Correction and Deletion
You can:
Update or correct your account information at any time
Delete individual transactions or categories
Request deletion of your entire account and all associated data
6.3 Feedback Control
You can provide feedback (like/dislike) on AI responses, which helps us improve the service. This feedback is associated with your account and can be modified.
6.4 Communication Preferences
You can opt out of non-essential communications while still receiving critical account-related emails (verification, password reset, security alerts).
7. Data Sharing
We do NOT sell your data. Your personal and financial information is never sold to third parties for advertising or marketing purposes.
We may share your data only in the following circumstances:
Service providers - With trusted third parties who help us operate the Service (AI providers, email services), under strict confidentiality agreements
Legal requirements - When required by law, court order, or government request
Protection of rights - To protect our rights, privacy, safety, or property
Business transfers - In connection with a merger, acquisition, or sale of assets (you will be notified)
8. Children's Privacy
Dolfin AI is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly.
9. International Data Transfers
Your data may be processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by:
Posting the new Privacy Policy on this page
Updating the "Last Updated" date at the top
Sending an email notification for material changes
We encourage you to review this Privacy Policy periodically for any changes.
11. Contact Us
If you have questions about this Privacy Policy, your data, or our privacy practices, please contact us:
Email: dolfinmind@gmail.com
We will respond to your inquiry within 30 days.
12. Specific Regional Rights
12.1 European Union (GDPR)
If you are in the EU, you have additional rights including:
Right to data portability
Right to restriction of processing
Right to object to processing
Right to lodge a complaint with a supervisory authority
12.2 California (CCPA)
California residents have the right to:
Know what personal information is collected
Know whether personal information is sold or disclosed and to whom
Opt-out of the sale of personal information (we do not sell data)
Access their personal information
Request deletion of their personal information
Not be discriminated against for exercising their rights