Privacy Policy

1. Introduction

Welcome to EaseFi ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our budgeting application.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

Email address
First and last name
Password (encrypted)
Phone number (if you enable SMS-based two-factor authentication)

2.2 Financial Data

With your explicit consent, we collect:

Bank account information (via Plaid)
Transaction data and categorization
Budget and goal information
Spending patterns and analytics
Receipt images (for AI-powered receipt scanning)
Household sharing preferences and member data
AI coach conversation history

2.3 Usage Data

We automatically collect:

Device information
Browser type and version
IP address (anonymized)
Usage patterns and preferences

2.4 SMS and Phone Communications

If you enable two-factor authentication (2FA) via SMS:

Opt-In Only: SMS messages are only sent after you explicitly enable 2FA and provide your phone number
Verification Codes Only: We only send one-time verification codes (OTP) for security purposes
No Marketing: We will never send marketing or promotional messages via SMS
Message Frequency: You will only receive SMS when you initiate a login or enable 2FA
Opt-Out: You can disable SMS 2FA at any time in your account settings
Standard Rates: Message and data rates from your carrier may apply

          SMS Consent: By enabling SMS-based 2FA, you consent to receive automated verification code messages from EaseFi. You can opt-out at any time by disabling 2FA in your account settings.
        

3. How We Use Your Information

We use your information to:

Provide and maintain our budgeting services
Sync and automatically categorize your transactions
Generate AI-powered spending insights and budget analytics
Provide personalized AI coaching and financial guidance
Process receipt images using AI for automatic expense tracking
Enable household budget sharing and collaboration
Detect recurring bills and subscriptions
Send important notifications about your budgets and spending
Improve our AI models and user experience
Detect and prevent fraud or unauthorized access
Comply with legal obligations

4. Data Security

We implement industry-standard security measures:

Encryption: All sensitive data is encrypted at rest and in transit using AES-256 and TLS 1.3
Access Controls: Role-based access control (RBAC) and row-level security
Authentication: Secure password hashing (bcrypt) and JWT tokens
Bank Connections: We use Plaid, a bank-grade security provider, for all financial data connections
Regular Audits: Security audits and vulnerability assessments

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with:

Plaid: For secure bank account connections and transaction data (read-only access)
Supabase: Our backend database, authentication, and data storage provider (encrypted storage)
OpenAI: For AI-powered coaching, receipt scanning (OCR), spending insights, and transaction categorization (data anonymized where possible)
Twilio: For SMS delivery of two-factor authentication verification codes
Resend: For email delivery of verification codes and notifications
Vercel: Cloud infrastructure and application hosting under strict confidentiality agreements
Household Members: Data you choose to share with household members you invite
Legal Requirements: When required by law or to protect our rights

6. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data
Export: Download your data in a portable format
Opt-Out: Unsubscribe from email notifications
Disconnect: Remove bank account connections at any time

To exercise these rights, visit your Settings page or contact us at privacy@easefi.ai

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, we permanently delete your personal data within 30 days, except where required by law or for legitimate business purposes (e.g., fraud prevention).

8. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. You can manage cookie preferences in your browser settings.

9. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place through standard contractual clauses and data protection agreements.

11. Changes to This Policy

We may update this privacy policy periodically. We will notify you of significant changes via email or in-app notification. Continued use of our service after changes constitutes acceptance.

12. Contact Us

If you have questions about this privacy policy or our data practices:

Email: privacy@easefi.ai
Support: support@easefi.ai
Security Issues: security@easefi.ai

GDPR Compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

Consent: For bank account connections and optional features
Contract: To provide our budgeting services
Legitimate Interests: For security, fraud prevention, and service improvements
Legal Obligation: To comply with applicable laws

CCPA Compliance (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell data)
Right to non-discrimination for exercising CCPA rights