Privacy Policy

KYLE is a private, single-user personal finance and life-tracking dashboard operated by one individual for their own use. It is not a commercial product and is not offered to other users. The only person whose data is processed is the operator, who is also the account holder of every connected financial institution.

The application stores data that the operator enters directly (such as tasks, notes, health logs, and budgets) and financial data retrieved from connected bank and credit-card accounts via Plaid, including account names and types, current balances, and transaction history (date, amount, description, and merchant information).

Authentication is handled by a magic-link / passkey sign-in tied to a single allowlisted email address. We do not collect advertising identifiers and do not track users across other sites.

Financial data is used solely to display and analyze the operator's own finances — importing and categorizing transactions, tracking budgets, and calculating net worth over time. Data is never sold, rented, or used for advertising.

We use Plaid Inc. ("Plaid") to securely connect to financial institutions and retrieve account and transaction data. When you link an account, you enter your credentials directly with Plaid; the application never sees or stores your banking username or password. Plaid's handling of your information is governed by Plaid's End User Privacy Policy, available at plaid.com/legal.

To automatically categorize transactions, transaction descriptions and amounts may be sent to Anthropic's Claude API. This data is processed to return a spending category and is not used by Anthropic to train its models. No banking credentials or full account numbers are sent.

The application relies on the following processors, each acting on the operator's behalf:

• Plaid — secure bank account connectivity and transaction data.
• Supabase — database, authentication, and storage.
• Vercel — application hosting.
• Anthropic — AI-based transaction categorization and in-app assistant.
• Google — optional calendar and email integration, only if connected by the operator.

Plaid access tokens are encrypted at rest using AES-256-GCM. Data is stored in a private PostgreSQL database with row-level security enabled and no public policies, denying access at the API boundary. All data access is performed server-side behind an authenticated, single-user session restricted to one allowlisted email address. Traffic is served over HTTPS.

Data is retained for as long as the operator uses the application. A connected institution can be disconnected at any time, which removes the connection at Plaid and stops further data retrieval. Because the operator controls the underlying database directly, any stored data can be permanently deleted on request to the contact below.

This policy may be updated from time to time. Material changes will be reflected by updating the "Last updated" date above.

Questions about this policy or requests regarding your data can be sent to kyleneumeier@gmail.com.