Privacy Policy

At Kiwi, your privacy is our priority. This Privacy Policy explains how we collect, use, and protect your information when you use our personal finance app.

1. Information We Collect

Information You Provide Directly

• Email address (required for account creation and communication)
• Full name (optional, for personalization)
• Phone number (optional, for account security)
• Payment information (payment card number and billing information)
• Customer service communications and feedback

Financial Information via Data Sources

• Account balances and transaction history (via Plaid and other secure providers)
• Investment holdings and cryptocurrency wallet data
• Subscription and recurring payment information
• Budget and spending category data you create
• Financial goals and preferences
• API keys and credentials necessary for financial data source integrations

Automatically Collected Information

• Device Information: Browser type, operating system, IP address, unique device identifiers
• Usage Information: App features used, time spent, access times, error logs, email interactions
• Location Information: GPS coordinates (with permission), city, state, ZIP code from IP address

Information from Other Sources

• Information from other users of the Services
• Payment service providers (Stripe, Apple, Google) for transaction data
• Analytics and security service providers
• Third-party login services (Sign in with Apple, Google)

2. How We Use Your Information

• Core App Functionality: Track spending, categorize transactions, identify subscriptions, and provide financial insights
• Account Management: Create and maintain your account, process payments, and provide customer support
• Communication: Send transactional emails (receipts, account notices) and optional marketing updates
• Product Improvement: Analyze usage patterns to improve features and user experience
• Security: Detect fraud, prevent unauthorized access, and maintain data security
• Legal Compliance: Comply with applicable laws and regulations, respond to legal requests
• Business Operations: Establish, exercise, or defend legal rights, enforce our Terms of Service

Combined and Aggregate Information

We may combine information from different sources to provide better services. We may also create aggregate or de-identified information that cannot be linked to you personally, which we may use for any purpose including:

• Research and analytics to improve our services
• Marketing and business development purposes
• Sharing with third parties for industry insights (anonymized only)

3. Information Sharing

We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:

Service Providers

• Plaid: Securely connects your financial accounts
• Stripe: Processes subscription payments
• Cloud providers: Host and secure your data
• Analytics services: Help us understand app usage (anonymized data only)

Other Users and Public

Any content you post in publicly accessible areas (forums, comments) can be read and used by others with access to those areas.

Corporate Transactions

We may transfer your information in connection with mergers, acquisitions, or sales of assets, subject to appropriate confidentiality protections.

Legal Requirements

We may disclose information if required by law, court order, or to protect our rights and users' safety.

With Your Consent

We may share information with third parties when you direct us to do so or have provided consent.

4. Data Security

• Encryption: All data is encrypted in transit and at rest using industry-standard AES-256 encryption.
• Authentication: Multi-factor authentication available for enhanced account security.
• Access Controls: Strict employee access controls and regular security audits.
• Third-Party Security: We only work with SOC 2 Type II certified providers like Plaid and Stripe.
• No Credential Storage: We never store your banking login credentials.

5. Data Retention

• Account Data: Retained while your account is active and for 2 years after account closure for legal compliance.
• Financial Data: Retained for up to 7 years as required by financial regulations.
• Marketing Data: Deleted immediately when you opt out of marketing communications.
• Usage Data: Anonymized and aggregated data may be retained indefinitely for product improvement.

6. Your Privacy Rights

Account Control

• Update your profile information anytime in Settings
• Disconnect linked accounts at any time
• Download your data in a portable format
• Delete your account and associated data

Communication Preferences

• Opt out of marketing emails anytime (transactional emails like receipts cannot be opted out)
• Control push notification preferences
• Choose your preferred communication frequency

Legal Rights (Where Applicable)

Under CCPA, GDPR, and other privacy laws, you may have additional rights including access, correction, deletion, and portability of your data.

7. Cookies & Tracking

• Essential Cookies: Required for app functionality (login sessions, preferences)
• Analytics Cookies: Help us understand app usage (you can opt out)
• No Advertising: We do not use tracking cookies for advertising purposes
• Third-Party Services: Some integrated services may use their own cookies per their privacy policies

8. Children's Privacy

Kiwi is intended for users 18 and older. We do not knowingly collect information from children under 18. If we discover we have collected information from a child, we will delete it immediately.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email and in-app notifications. Continued use of Kiwi after changes constitutes acceptance of the updated policy.

10. Notice to California Residents

California's “Shine the Light” law gives California residents the right to request information about how we share certain categories of personal information with third parties for direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information. For CCPA requests, please contact us using the information below.

11. Notice to Nevada Residents

Nevada consumers may opt out of the sale of personally identifiable information for monetary consideration. We do not engage in such activity; however, Nevada residents may submit opt-out requests for potential future sales by contacting us at legal@kiwifinance.app with “Nevada Opt-Out” in the subject line.

12. Third-Party Links and Services

Our Services may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

13. Location Data and Background Processing

Background Location Access: With your explicit consent, the App will access your device's location in the background, including when the App is closed or not in use. This permission is necessary to detect when you are in motion.

Real-Time, Ephemeral Processing: This background location data is processed in real-time solely to determine your movement status (i.e., starting or stopping). This continuous location data is not stored on our servers or your device.

Contextual Feature Activation: When the App detects that you have stopped moving, it will capture your precise location at that specific moment. This single location point is then processed (geocoded) to identify if you are at a commercial venue or point of interest (such as a retail store, restaurant, or event) where our Services may be relevant.

Live Activities: If your location is identified as a relevant commercial venue, the App may use this information to initiate a Live Activity on compatible iOS devices. This feature is designed to provide you with context-aware information and services related to that location.

Your Control: You maintain full control over this feature. You can manage or disable background location permissions for the App at any time through your device's system settings. Please note that disabling this permission will prevent the App from providing these proactive, location-based features.