Privacy Policy

Last updated: August 22, 2025

This Privacy Policy describes Our policies and procedures on the collection, use, storage, and disclosure of Your information when You use the Service, and informs You about Your privacy rights and how the law protects You.

By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation
The words with initial capital letters have meanings defined under the following conditions. The definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions
For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service.
  • Application refers to CatAI, the accounting software program provided by the Company.
  • Company (referred to as “the Company,” “We,” “Us,” or “Our” in this Agreement) refers to Adroitie LLC, 431 Elmhurst Pl, Fullerton, CA 92835, USA.
  • Country refers to: California, United States.
  • Device means any device that can access the Service such as a computer, cellphone, or digital tablet.
  • Personal Data is any information relating to an identified or identifiable individual.
  • Service refers to the Application.
  • Service Provider means any natural or legal person who processes data on behalf of the Company. This includes third-party companies or individuals employed by the Company to facilitate the Service or analyze its use.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
  • You means the individual using the Service, or the company/legal entity on whose behalf the Service is accessed.

Collecting and Using Your Personal Data

Types of Data Collected

  1. User Credentials
    • Email address
    • Password hash (bcrypt)
      Purpose: Authenticate You securely.
  2. Financial Data
    • Bank transactions
    • Chart of Accounts
    • Recurring-description mappings
    • Custom account-name mappings
      Purpose: Provide bookkeeping, categorization, reporting, and insights.
  3. Third-Party Portal Tokens
    • Plaid tokens and related identifiers
      Purpose: Securely retrieve bank transaction data with Your consent.
  4. Usage & Diagnostic Data
    • Crash logs
    • Error messages
    • Device and session information (IP address, browser type, timestamps)
      Purpose: Improve stability, troubleshoot, and enhance Service performance.

We do not store copies of Your uploaded bank statements. Only parsed transaction data is retained.

Data Storage and Transfer

  1. Local Database
    • An SQLite database is created on Your machine.
    • Passwords stored within the database are hashed with bcrypt.
    • Other contents are stored in plain text; We recommend enabling operating-system-level disk encryption (e.g., BitLocker, FileVault) until SQLCipher-based encryption is implemented.
  2. Server Storage
    • The local database may periodically sync to Our servers via TLS.
    • Server copies are encrypted at rest and protected by least-privilege access controls.
  3. International Data Transfers
    • Your Personal Data is processed and stored exclusively in the United States.
    • At present, We do not transfer Personal Data outside of the United States.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain the Service.
  • To manage Your Account and authenticate Your access.
  • To deliver accounting features including transaction categorization, reporting, and bookkeeping.
  • To process crash logs and diagnostics for Service improvement.
  • To facilitate third-party services You authorize, such as bank integrations via Plaid.
  • To comply with applicable legal obligations.
  • For business transfers (mergers, acquisitions, or sale of assets).
  • With Your consent, for any other specific purpose.

Sharing of Your Personal Data

We may share Your personal information in the following situations:

  • With Service Providers:
    • OpenAI (USA) — for processing transaction text snippets for categorization and PDF parsing.
    • Plaid (USA) — for securely fetching bank transactions using token-based access.
  • With Affiliates: Our parent company or subsidiaries, subject to this Policy.
  • For Business Transfers: In connection with mergers, acquisitions, or similar corporate events.
  • With Your Consent: For any other purpose explicitly authorized by You.

We do not sell or rent Your personal information. All processors act under Our instructions and are contractually bound by data-protection obligations.

Retention and Deletion of Data

  • Data on Your local machine remains until You delete it.
  • Server backups are retained until You request deletion.
  • Upon request to young@adroitie.com or andrew@adroitie.com, We will delete stored data within 30 days, except where legal obligations require longer retention.
  • When You request account deletion, Personal Data such as Your name, email address, and login credentials will be deleted from both local and server storage.
  • Anonymized financial transaction data and fuzzy match rules may be retained in de-identified form for analytical and product improvement purposes. Such retained data cannot be linked back to You.

Security of Your Personal Data

We implement appropriate technical and organizational measures to protect Your data, including:

  • Bcrypt password hashing
  • TLS-encrypted network traffic
  • Encrypted server storage at rest
  • Least-privilege access controls
  • Continuous monitoring and penetration testing

No security system is perfect. While We strive to protect Your Personal Data, We cannot guarantee absolute security.

Data Minimization

We collect and retain only the minimum Personal Data necessary to deliver and improve the Service, and only for the purposes outlined in this Privacy Policy.

Data Breach Notification

In the unlikely event of a data breach affecting Your Personal Data, We will notify affected users without undue delay. Such notice will include the nature of the breach, the categories of data affected, and steps You may take to protect Yourself. Notice will be provided by email and/or in-application alerts.

Your Rights

Depending on Your jurisdiction, You may have the right to:

  • Access, correct, or delete Your Personal Data.
  • Request deletion of data stored on Our servers.
  • Opt out of certain processing activities.
  • Exercise CCPA rights (for California residents).
  • Withdraw consent at any time where consent is the basis for processing.

Requests can be submitted via the contact information below.

Children’s Privacy

Our Service does not target or knowingly collect data from individuals under the age of 13. If We become aware that We have collected Personal Data from a child without parental consent, We will take steps to delete such information promptly.

Cookies and Tracking

The Application does not use cookies, trackers, or other persistent identifiers for advertising or marketing purposes. Diagnostic and usage information may be collected solely to improve the stability and functionality of the Service. Such information is never sold or monetized.

Links to Other Websites

The Service may contain links to external websites. We are not responsible for the content, policies, or practices of third-party sites. You are encouraged to review the Privacy Policy of each external site you visit.

Changes to This Privacy Policy

We may update this Policy periodically. Notice of material changes will be provided via email or in-application notice at least 14 days before they take effect. Updates are effective once posted on this page.

Contact Us

If You have questions, concerns, or requests regarding this Privacy Policy, You may contact Us:

  • By email: young@adroitie.com or andrew@adroitie.com
  • By mail: Adroitie LLC, 431 Elmhurst Pl, Fullerton, CA 92835, USA