How Granite handles your data

Introduction

By accessing or using our Service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring your personal information is handled responsibly.

1. Information We Collect

We collect information in the following ways:

• Information You Provide Directly: This includes your email address when you create an account, as well as any financial information you manually enter, such as your monthly income, fixed expenses, and savings or investment goals.
• Financial Information via Plaid: When you connect your financial accounts to our Service, we use a third-party service provider, Plaid Inc. ("Plaid"), to retrieve transaction data. This includes information about your account balance, transaction history, merchant names, amounts, and categories. We do not receive or store your bank account login credentials.
• Usage Information: With your consent, we collect analytics data through Google Analytics to understand how you interact with the Service. This includes information such as pages visited, time on page, device type, and general location derived from your IP address. We only load Google Analytics after you accept our cookie notice, and you can change that preference at any time via the cookie settings button in the footer.
• Assistant Interaction Data: If you use Granite Assistant or connect Granite to an AI assistant integration, we collect the prompts you submit, the tool calls made on your behalf, limited request and response metadata, and the categories of financial data accessed to answer your request.
• AI Processing Preference: We store whether you have enabled or disabled external AI processing, the consent version, and the date of that choice.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain our Service, including calculating your daily budget.
• To personalize your experience.
• To communicate with you, including sending optional notifications and responding to your inquiries.
• To monitor and analyze usage to improve and enhance the Service.
• To provide AI-assisted budgeting, forecasting, categorization, and financial-insight features.
• To maintain security and transparency logs for fraud prevention, abuse detection, incident investigation, and user-visible audit history when automated assistant actions access your data.
• To enforce our Terms and Conditions.

We do not use customer financial data from assistant interactions to train generalized AI models unless we clearly disclose that practice to you and obtain any consent required by applicable law.

3. How We Share Your Information

We do not sell your personal information. We may share your information with trusted third-party service providers under the following circumstances:

• Financial Data Aggregators: We share information with Plaid to connect to your bank accounts. Plaid's use of your information is governed by their privacy policy, which we encourage you to review.
• Infrastructure and Cloud Providers: We use a backend server to host our application, database, and authentication services. Your data is stored securely on their platform.
• AI and Automation Service Providers: If you use assistant features, we may share the minimum information necessary with model, inference, hosting, or workflow providers that process requests on our behalf under contract and subject to confidentiality and security obligations.
• Notification Services: If you opt-in to notifications, we will share necessary information (like your email address and relevant budget data) with our notification provider to deliver those alerts.
• Analytics Providers: Once you opt into analytics cookies, we use Google Analytics to measure usage patterns so we can improve the Service. Google acts as our processor for this purpose. You can review their privacy practices at policies.google.com/privacy.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4. AI Processing

Granite may use AI models to turn deterministic budget, transaction, and savings results into plain-language insights. When external AI processing is enabled, Granite may send your prompt and the minimum financial context needed to answer it to an AI provider acting on our behalf. This may include selected transaction summaries, categories, balances, budget context, goals, and assistant tool results. We do not send bank login credentials.

External AI processing is used to provide requested insights, improve the clarity of Granite responses, maintain safety and abuse controls, and keep an audit trail of assistant access. Granite does not use AI-assisted outputs to make solely automated legal, credit, insurance, employment, housing, or essential-service eligibility decisions.

You can enable or disable external AI processing in your account settings. If you disable it, Granite may still provide deterministic budget calculations, but AI-generated summaries or Savings Insights may be unavailable or limited.

For European users, Granite treats AI-assisted savings insight generation as profiling only to the extent it uses personal financial data to infer spending patterns or budget opportunities. Granite is designed to avoid solely automated decisions that produce legal or similarly significant effects. Where required, we will rely on your consent for external AI processing and will provide controls to withdraw that consent.

5. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. We rely on the security infrastructure of our provider, which includes industry-standard security practices. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that no security measures are perfect or impenetrable.

6. Google Sign-In Data

If you choose to sign in with your Google account, this section explains how we handle your Google data:

7. Your Rights and Choices

You have the right to review, update, or delete the personal information you provide in your account settings. You can also disconnect your financial accounts at any time. If you wish to permanently delete your account and all associated data, please contact us.

Depending on where you live, you may also have rights to access, correct, export, restrict, or object to certain processing of your personal data. If you are located in the European Economic Area, United Kingdom, or another jurisdiction with similar protections, you may also request human review where you believe a solely automated decision with legal or similarly significant effects has been made about you. Granite Assistant is designed as an advisory tool and is not intended to make such decisions.

8. Data Retention and Deletion

We retain your information as long as your account is active. When you delete your account, all associated data is permanently deleted from our servers within 30 days.

Automated assistant actions and data-access events are logged for 7 days for user transparency, security, and abuse prevention. We may retain related records longer where necessary to comply with law, investigate misuse, resolve disputes, or preserve evidence in connection with a security or fraud incident.

We may retain limited records when required by law or for legitimate business purposes (for example, payment processor transaction records needed for tax, accounting, chargeback, or fraud prevention obligations). These records are access-limited and retained only as long as required.

You can request data deletion at any time by emailing hi@granitefinance.io with the subject line "Delete My Data." You can also submit a request at granitefinance.io/delete-account.

9. Children Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children.

10. Third-Party Services

We use third-party providers like Plaid (see Plaid's Privacy Policy), Supabase for backend hosting and data storage, AI model or inference providers for external AI processing where enabled, and Google Analytics for product analytics (only after you consent to analytics cookies).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, please email hi@granitefinance.io.