Kfinance Privacy Policy
How Kfinance collects, processes and protects your personal and financial data, in line with Brazil’s LGPD and with safeguards equivalent to the EU GDPR.
1. Data Controller
Jesus Malave (userateris@gmail.com). Independent developer. For data requests: userateris@gmail.com.
2. Data we collect
Email address (authentication), optional username, and the financial records you enter or import. We do not collect device data, IP addresses, or browsing behavior.
3. Legal basis (LGPD / GDPR)
Contract performance — to provide the service. Legitimate interest — security and fraud prevention. Legal obligation — when required by applicable law.
4. Data processors
Supabase Inc. — database storage with Row Level Security (RLS); data on AWS us-east-1. Stripe Inc. — payment processing; we never store card data. Google LLC / Gemini AI — statement analysis; PDF/CSV files are processed in real time and never stored.
5. International data transfers
Your data is stored on Supabase servers (AWS us-east-1, USA) under EU Standard Contractual Clauses and the equivalent safeguards required by Brazilian LGPD (art. 33).
6. Cookies
Only strictly necessary cookies: a Supabase Auth session cookie (expires on logout) and Stripe cookies (active only during checkout). No advertising, analytics, or third-party tracking cookies.
7. Data retention
Your data is kept while your account is active. When you delete your account, all your records are permanently and immediately erased. Stripe may retain transaction records as required by law.
8. Security
RLS-protected access. Passwords managed by Supabase Auth (bcrypt). TLS-encrypted connections. Bank credentials are never stored on our servers.
9. Your rights (LGPD / GDPR)
Access, correct, delete, port, withdraw consent, and object to processing. To exercise these rights: userateris@gmail.com or the "Delete account" button in the app (immediate deletion).