Privacy Policy

Last updated: March 4, 2026

Kronokash ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (kronokash.com), web application (app.kronokash.com), and related services (collectively, the "Service").

1. Information We Collect

Account Information: When you create an account, we collect your email address, display name, and authentication credentials (password hash or passkey data). We never store plaintext passwords.

Financial Data: To provide our Service, we collect income streams, transactions, budget categories, debt items, savings goals, and tax profile information that you manually enter or import.

Bank Connection Data: If you connect a bank account via Plaid, we receive transaction data, account balances, and institution information. We do not store your bank login credentials — Plaid handles authentication directly.

Usage Data: We collect device type, browser information, IP address (for rate limiting and security), and general usage patterns to improve the Service.

Communications: If you contact us via email or feedback forms, we retain those messages to respond and improve our Service.

2. How We Use Your Information

• Provide, maintain, and improve the Service
• Calculate life days, budgets, tax estimates, and financial projections
• Send transactional emails (magic links, bill reminders, weekly digests)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Communicate product updates and marketing (with your consent)

3. Data Storage and Security

Your data is stored on Cloudflare's global network using D1 (SQLite) databases with encryption at rest. All data transmission uses TLS 1.3 encryption. We implement:

• Application-level data isolation: Every database query is scoped to your authenticated user ID
• PBKDF2 password hashing with unique salts
• JWT token rotation with short-lived access tokens
• Rate limiting on authentication endpoints
• Immutable audit logging for financial operations

4. Data Sharing

We do not sell your personal or financial data. We share data only with:

• Plaid: To connect and sync bank accounts (subject to Plaid's Privacy Policy)
• Stripe: To process subscription payments (subject to Stripe's Privacy Policy)
• Resend: To deliver transactional and marketing emails
• Law enforcement: When required by law, subpoena, or court order

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data (export via CSV in Settings)
• Correct inaccurate data
• Delete your account and all associated data
• Opt out of marketing communications
• Data portability — download your data in a standard format

To exercise these rights, use the Data & Privacy section in the app or email [email protected].

6. California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, email [email protected].

7. European Residents (GDPR)

If you are in the European Economic Area, our legal basis for processing your data is: (a) your consent, (b) performance of a contract (providing the Service), and (c) legitimate interests (security, fraud prevention). You may withdraw consent at any time by contacting us.

8. Cookies

We use essential cookies only — authentication tokens stored securely in your browser. We do not use third-party tracking cookies or advertising pixels.

9. Data Retention

We retain your data as long as your account is active. When you delete your account, all personal and financial data is permanently removed within 30 days. Anonymized, aggregated data may be retained for analytics.

10. Children's Privacy

Kronokash is not intended for users under 18. We do not knowingly collect data from minors. If we learn that we have collected data from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: [email protected]