Privacy Policy

1. Introduction

Kipta ("we", "us", or "our") operates the website kipta.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Kipta, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

Account Information: Email address, full name, and authentication credentials (hashed passwords or Google OAuth tokens).

Financial Documents: Bank statement PDFs that you upload for processing. These may contain transaction details, account numbers, balances, and merchant information.

Derived Financial Data: Extracted transactions, categorized spending, account summaries, and AI-generated financial insights produced from your uploaded documents.

Usage Data: Session cookies, login timestamps, and basic interaction patterns necessary to provide the service.

3. How We Use Data

• To provide the core statement parsing, transaction extraction, and financial analysis features.
• To generate personalized financial insights and budgeting recommendations.
• To authenticate you and maintain your account securely.
• To improve the accuracy of our AI models and categorization rules.

4. AI Processing (Claude API)

When you upload a bank statement with AI extraction enabled, your PDF document is sent to Anthropic's Claude API for intelligent text extraction and analysis. Key points:

• PDF content (including transaction details and account numbers) is transmitted to Anthropic's servers via encrypted HTTPS connections.
• Anthropic processes this data solely to return extraction results to us. Per Anthropic's API terms, your data is not used to train their models.
• You may disable AI extraction and use the local regex-based parser instead, which does not send data externally.
• Extraction results may be cached on our servers to avoid redundant API calls.

5. Third-Party Services

Anthropic (Claude API): AI-powered document extraction and financial analysis.

Google OAuth: Optional sign-in/sign-up authentication.

Cloud Hosting Provider: Application and database hosting with encrypted storage.

We do not sell, rent, or share your personal or financial data with any other third parties.

6. Data Storage & Security

Your data is stored in a secured database with the following protections:

• All data is scoped per-user (multi-tenant isolation). You can only access your own data.
• Passwords are hashed using industry-standard algorithms and never stored in plain text.
• All connections are encrypted via HTTPS/TLS.
• Security headers (HSTS, X-Frame-Options, CSP) are enforced on all responses.

7. Data Retention

We retain your account and financial data for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us. Upon account deletion, all uploaded documents, extracted transactions, and personal information are permanently removed.

8. Cookies & Sessions

We use a single session cookie (pfi_session) to maintain your login state. This cookie expires after 7 days. We do not use tracking cookies, advertising cookies, or third-party analytics.

9. Your Rights

You have the right to:

• Access all personal and financial data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Export your transaction data.
• Withdraw consent for AI processing at any time (by disabling AI extraction).

10. Children's Privacy

Kipta is not intended for use by individuals under the age of 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].