Privacy Policy

Effective Date: November 15, 2024

Last Updated: December 05, 2024

This Privacy Policy constitutes a legally binding document and governs the practices of Augment Inc. ("we," "our," or "us"), as the operator of Spent AI Bookkeeper (the "Service"). By utilizing the Service, you ("the User") expressly consent to the terms outlined herein, in compliance with applicable U.S. laws and global data protection frameworks, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The Service facilitates the organization, categorization, and analysis of financial transactions, employing advanced technologies, including artificial intelligence, for User convenience. This policy details how we collect, process, store, and safeguard your information.

1. Applicability and Jurisdiction

This Privacy Policy applies to all Users worldwide, subject to applicable laws and regulations. Augment Inc. is headquartered in the United States, and data processing activities are governed by U.S. laws unless otherwise stipulated by international regulatory frameworks.

2. Data Collection and Purpose Specification

Transaction Data: We collect financial transaction data from Users through:

  • Direct Uploads: Users may upload structured files containing financial transaction records.
  • Third-Party Integrations: Users may authorize the integration of financial account data through secure third-party providers, including but not limited to Plaid.

This data is collected solely for the purpose of providing financial categorization, visualization, and analysis services, as explicitly requested by the User.

Email Integration via OAuth: Users may grant explicit consent for the Service to access designated email data under Google's OAuth framework. Such access is restricted to retrieving transaction-related information and complies with all applicable terms and conditions imposed by Google.

Artificial Intelligence (AI) Processing: We utilize anonymized financial transaction data to provide tailored insights and categorizations.

  • Data Integrity: The Service does not retain personally identifiable information for AI model training purposes.
  • Limited Scope: AI functionalities operate exclusively to fulfill the Service's intended functionalities, as defined by the User.

3. Data Retention and Deletion

We adhere to the principle of data minimization and retain User data only for as long as it is necessary to provide the Service or to comply with legal obligations. Users may:

  • Revoke third-party integrations at any time. Upon revocation, associated data will be permanently deleted from our systems.
  • Request the deletion of all data linked to their account. Such requests are honored in accordance with applicable laws.

4. Data Sharing and Third-Party Involvement

Plaid Integration: Plaid is employed as a secure intermediary for financial data aggregation. All interactions with Plaid are governed by their privacy policy, available at Plaid's Privacy Policy.

  • We retain data obtained via Plaid solely to facilitate the Service as authorized by the User.
  • No data is transmitted to Plaid beyond what is necessary for authentication and data retrieval.

Third-Party Processors: We may engage vetted third-party service providers for secure data processing. Such entities are contractually obligated to comply with data protection standards equivalent to those outlined in this policy.

5. Data Security and Incident Response

Security Measures:

  • All data is encrypted during transmission (via TLS) and at rest using advanced cryptographic standards.
  • Access to User data is restricted to authorized personnel bound by confidentiality obligations.

Incident Management: In the event of a data breach, we will:

  1. Identify and mitigate vulnerabilities to prevent recurrence.
  2. Notify affected Users and relevant regulatory authorities within 72 hours, as required by law.
  3. Provide guidance to Users on protective measures.

6. User Rights

Right to Access and Portability: Users may request access to their data in a structured, machine-readable format.

Right to Deletion: Users may request the deletion of their data, subject to applicable retention requirements under U.S. or international laws.

Right to Withdraw Consent: Users may withdraw consent for specific data processing activities, including third-party integrations.

7. Exclusions and Limitations

The Service is not intended for use by individuals under the age of 13. Users affirm that they meet the age requirement under applicable jurisdictional laws.

8. Compliance with Legal Obligations

This Privacy Policy has been drafted in accordance with:

  • The General Data Protection Regulation (GDPR) for Users within the European Economic Area.
  • The California Consumer Privacy Act (CCPA) for Users within California.
  • Other applicable international and domestic privacy regulations.

9. Cookies and Tracking

The Service does not utilize cookies or other tracking technologies for analytics, marketing, or behavioral profiling.

10. Amendments to the Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in regulatory requirements or Service operations. Users will be notified of material changes, and continued use of the Service constitutes acceptance of the revised policy.

11. Contact Information

For all inquiries, requests, or concerns regarding this Privacy Policy, please contact:

Data Protection Officer

Email: rithwik@withcardlift.com

Address: Augment Inc., 505 Sleeper Avenue, Mountain View, CA, 94040

This document is enforceable under applicable laws and reflects our unwavering commitment to safeguarding User privacy.