Privacy Policy

Last updated: October 25, 2025

1. Introduction

Welcome to CashAI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using CashAI, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Account credentials (password, stored securely and encrypted)
  • Profile information you choose to provide
  • Authentication data (Apple Sign-In, Google Sign-In, or email/password)

2.2 Financial Data

Through our secure integration with Plaid Inc., we collect:

  • Bank account information and balances
  • Transaction history (merchants, amounts, dates, categories)
  • Spending patterns and financial trends
  • Subscription and recurring payment information

Important: We use Plaid to securely connect to your financial institutions. Your bank credentials are never stored on our servers. Plaid's services are subject to their own privacy policy.

2.3 Device and Usage Information

  • Device type, model, and operating system version
  • Unique device identifiers
  • IP address and general location data
  • App usage data and interaction patterns
  • Crash reports and performance data
  • Session recordings (via UXCam) for app improvement

2.4 AI and Machine Learning Data

We collect and analyze your financial data using artificial intelligence to:

  • Categorize transactions automatically
  • Provide personalized spending insights
  • Detect subscription services
  • Generate financial recommendations

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide, maintain, and improve CashAI's features and functionality
  • Personalization: To deliver personalized financial insights, recommendations, and AI-powered analysis
  • Security: To protect your account, prevent fraud, and ensure service security
  • Communication: To send transactional emails, important updates, and customer support responses
  • Analytics: To understand how users interact with our app and improve user experience
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Business Operations: To operate, maintain, and enhance our business operations

We do not:

  • Sell your personal or financial information to third parties
  • Use your data for advertising purposes without consent
  • Share your information with third parties except as described in this policy

4. Data Security

We implement industry-leading security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256 encryption)
  • Secure Infrastructure: Our servers are hosted on secure, SOC 2 compliant cloud infrastructure
  • Access Controls: Strict authentication, authorization, and role-based access controls
  • Regular Audits: Continuous security monitoring, vulnerability assessments, and penetration testing
  • Data Minimization: We only collect and retain data necessary for service provision
  • Employee Training: All team members undergo security and privacy training

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security but continuously work to protect your information.

5. Third-Party Service Providers

We work with trusted third-party service providers to operate our Service:

  • Plaid Inc.: Secure bank account connection and transaction data retrieval
  • Firebase (Google): Authentication, analytics, and cloud infrastructure
  • UXCam: Session recording and user experience analytics
  • BrandFetch: Merchant logo and brand information retrieval
  • OpenAI: AI-powered chat and financial insights

These providers have access only to information necessary to perform their functions and are obligated to protect your information and use it only for authorized purposes.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: With third-party vendors who assist in operating our Service (see Section 5)
  • Legal Requirements: When required by law, court order, or government request
  • Protection of Rights: To protect our rights, property, safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
  • Aggregated Data: We may share anonymized, aggregated data that cannot identify you

7. Your Privacy Rights

7.1 General Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and personal data
  • Portability: Export your data in a machine-readable format
  • Restriction: Request limitation of processing of your data
  • Objection: Object to certain types of data processing
  • Opt-Out: Unsubscribe from marketing communications

7.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by businesses
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising CCPA rights

7.3 European Residents (GDPR)

If you are in the European Economic Area (EEA) or UK, you have rights under the General Data Protection Regulation (GDPR):

  • Right to access, rectify, erase, restrict, and port your data
  • Right to object to processing and withdraw consent
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at info@nxtstopny.com.

8. Data Retention

We retain your personal information only for as long as necessary to:

  • Provide you with our Service
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Improve our AI algorithms and service quality

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes. Financial transaction data used for AI training may be retained in anonymized form.

9. Children's Privacy

CashAI is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country.

When we transfer your personal information internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Privacy Shield certification (where applicable)
  • Other legally approved transfer mechanisms

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Remember your preferences and settings
  • Analyze app performance and usage patterns
  • Provide personalized content and features
  • Ensure security and prevent fraudulent activity

You can control cookie settings through your device or browser preferences. However, disabling cookies may limit your ability to use certain features of our Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or in-app notification for material changes
  • Provide you the opportunity to review the updated policy

Your continued use of CashAI after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • General Inquiries: info@nxtstopny.com

We will respond to all legitimate requests within 30 days.

Contact Us