Privacy Policy

1. Our Privacy Commitment

TrustyBooker by fifynow LLC is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.

2. Information We Collect

2.1 Account Information

• Email address - Used for passwordless login (magic links) and account notifications
• Account preferences - Notification settings, theme preferences, reminder configurations

2.2 Credit Card Metadata

You choose what to track. We only store what you manually enter:

• Credit card issuer name (for example, "Chase", "Capital One")
• Last 4 digits of card number (for your reference only)
• Credit limits and current balances
• APR (Annual Percentage Rate)
• Minimum payment amounts
• Statement closing dates and payment due dates

⚠️ We NEVER collect:

• Full credit card numbers (PAN)
• CVV/CVC security codes
• Card PINs
• Online banking credentials
• Social Security Numbers

2.3 Budget & Spending Data (Optional)

If you use budget tracking features:

• Monthly budget amount
• Transaction history (amount, category, description, date)
• Spending summaries and analytics

2.4 AI Chatbot Interactions

• Questions you ask Trusty (our AI chatbot)
• Trusty's responses
• Chat timestamps and usage counts (for quota enforcement)
• Note: Trusty accesses your card data and budget to provide personalized educational information, but conversations are NOT shared with third parties beyond our AI provider (OpenAI)

2.5 Quiz & Learning Progress

• Quiz answers and scores
• Progress tracking and streak counters
• Educational content accessed

2.6 Bank Account Data (Optional - If You Link Bank Accounts)

If you choose to connect your bank accounts through our secure banking partner:

• Bank account names and types (checking, savings, etc.)
• Current account balances
• Transaction history (date, amount, merchant name, category)
• Bank institution name
• Secure connection token (kept safe and private)

⚠️ We NEVER collect:

• Your online banking username or password
• Bank account numbers or routing numbers
• Debit card PINs or CVV codes

Bank connections use read-only access through Plaid, a trusted financial data network used by Venmo, Coinbase, and thousands of apps. You can disconnect anytime from Settings.

2.7 Usage & Analytics

• Page views and feature usage
• Login timestamps and session data
• Device type and browser (for compatibility)
• IP address (for security and spam protection)
• No third-party analytics: We don't use Google Analytics, Facebook Pixel, or similar tracking scripts

3. How We Use Your Information

• Provide the Service: Process your data to show credit utilization, generate payment plans, power AI chatbot responses
• Account Management: Send magic links for login, subscription confirmations, plan changes
• Notifications: Payment reminders, utilization alerts, budget notifications (if opted-in)
• Improve the Product: Analyze aggregated usage patterns to enhance features (no individual tracking)
• Security: Detect fraud, prevent abuse, enforce rate limits
• Legal Compliance: Respond to legal requests, enforce our Terms of Service

We DO NOT:

• Sell your data to advertisers or data brokers
• Share your financial information with credit bureaus
• Use your data to train external AI models (beyond what's needed for your AI coach)
• Send marketing emails without your consent

4. Third-Party Services

We share limited data with these essential service providers:

• Stripe: Payment processing for subscriptions (shares email, billing info - NOT card balances)
• OpenAI: Powers Trusty AI chatbot (shares your question + relevant card/budget context for personalized responses)
• Plaid (Optional): Secure bank account connections and transaction syncing (only if you choose to link bank accounts). Plaid keeps your data safe and private and is trusted by Venmo, Betterment, and thousands of financial apps. Your banking credentials are never shared with us.
• Redis (Optional): Fast session storage for improved performance at scale (no personal data stored, only anonymous session tokens)
• Email Provider (SMTP): Sends magic links and notifications (shares email address only)
• Database Hosting (Neon/PostgreSQL): Stores your data with strong security protections

All providers are contractually obligated to protect your data and use it only for services we request. Banking data from Plaid is kept secure and private, and you can disconnect bank accounts anytime.

5. Data Security

We protect your information with industry-standard security measures:

• Protected Data: Your data is secured during transmission and when stored on our servers
• Simple Login: Easy email login with no passwords to forget or steal
• Auto Logout: Sessions end automatically after 24 hours for your protection
• Access Controls: Different permission levels ensure only authorized people can access sensitive features
• Spam Protection: Prevents automated attacks and abuse
• Safe Inputs: All information you enter is checked for safety
• Privacy Guards: AI chatbot blocks Social Security numbers, full card numbers, CVV codes, and passwords

While we use best practices, no system is 100% secure. Never share sensitive data (full card numbers, CVV) even in our AI chat.

6. Data Retention

• Active Accounts: Data retained as long as account is active
• Deleted Accounts: All personal data purged within 7 days of deletion request (includes credit card data, bank connections, transactions, AI chats)
• Bank Account Disconnection: When you disconnect a bank account, we delete all associated transaction data within 24 hours
• Audit Logs: Security logs retained for 90 days, then anonymized
• Billing Records: Financial records retained for 7 years (tax/legal requirement)
• AI Chat History: Retained for 1 year, then deleted (or until account deletion)

7. Your Privacy Rights

Depending on your location (GDPR, CCPA, etc.), you have rights to:

• Access: Download all your data via Settings -> Export Data (JSON/CSV format)
• Correction: Edit card data, budget, bank accounts, and preferences anytime
• Deletion: Delete account permanently from Settings -> Delete Account (removes ALL data including credit cards, bank connections, transactions, AI chats)
• Disconnect Bank Accounts: Remove bank account connections anytime from Settings -> Connected Accounts (deletes all transaction data within 24 hours)
• Portability: Export data in machine-readable formats (includes bank transactions if connected)
• Opt-Out: Unsubscribe from emails, disable notifications
• Restrict Processing: Downgrade to Free plan to limit data usage, or disconnect bank accounts to stop transaction syncing

To exercise rights: Email privacy@trustybooker.com or use Settings page

8. Cookies & Tracking

• Essential Cookies: Session management, CSRF protection (required for functionality)
• Preference Cookies: Theme selection (dark/light mode), UI settings
• No Advertising Cookies: We don't use cookies for ads or cross-site tracking

Disabling cookies will prevent login and core functionality.

9. Children's Privacy

TrustyBooker is not intended for users under 18. We do not knowingly collect data from minors. If you believe a child has provided us with personal information, contact us immediately for deletion.

10. International Users

Your data may be transferred to and processed in the United States where our servers are located. By using TrustyBooker, you consent to this transfer.

• EU/UK Users: We comply with GDPR requirements including data protection agreements with processors
• California Users: See Section 7 for CCPA-specific rights (access, deletion, opt-out)

11. Data Breach Notification (Florida Law Compliance)

In compliance with the Florida Information Protection Act (FIPA), fifynow LLC maintains formal data breach response procedures:

• 30-Day User Notification: If a security breach compromises your personal information, we will notify affected users within 30 days of discovering the breach
• Florida Attorney General Notification: If a breach affects 500 or more Florida residents, we will notify the Florida Department of Legal Affairs within 30 days (may be delayed if law enforcement requests delay for investigation purposes)
• Notification Method: Email notification to your registered email address, plus in-app banner alerts for logged-in users
• Breach Response Plan: Immediate containment, forensic investigation, affected user identification, notification execution, and remediation implementation
• Information Provided: Nature of the breach, types of data potentially compromised, steps we're taking, protective measures available to you
• Contact Point: For breach-related inquiries, contact security@trustybooker.com
• Law Enforcement Cooperation: We will notify appropriate authorities and cooperate fully with investigations when legally required

Prevention Measures: We protect your data with strong security measures, regular safety checks, spam protection, and continuous monitoring to prevent unauthorized access to your data.

12. Changes to Privacy Policy

We may update this Privacy Policy periodically. Material changes will be announced via:

• Email notification to registered users
• In-app banner notification
• "Last Updated" date at top of this page

Continued use after changes means acceptance of updated policy.

13. Contact & Data Protection Officer

Questions, concerns, or data requests?

• Email: privacy@trustybooker.com
• Support: Contact Form
• DPO: For GDPR inquiries, email dpo@trustybooker.com

🔒 Privacy Promise: We collect only what's necessary to help you manage credit cards. We never sell your data, never share your financial details with advertisers, and give you full control to export or delete everything anytime.