Privacy Policy

1. Introduction

Grace Holdings LLC ("Company," "we," "us," or "our") operates the GraceFinance platform ("Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service. By accessing or using GraceFinance, you consent to the practices described in this policy.

We are committed to protecting your privacy and handling your data with transparency. If you have any questions about this Privacy Policy, please contact us at support@gracefinance.co.

2. Information We Collect

2.1 Account Information

When you create a GraceFinance account, we collect your email address, a securely hashed password, and account creation date. We do not store plaintext passwords.

2.2 Behavioral Financial Check-In Data

The core of the GraceFinance experience involves daily financial behavior check-ins. When you complete a check-in, we collect your responses to structured financial confidence questions. This data is used to calculate your Financial Confidence Score (FCS), track your personal confidence trends, and generate behavioral insights through Grace AI.

2.3 AI Interaction Data

When you interact with Grace AI, we collect records of your AI insight requests, the number and frequency of requests (for usage limit enforcement), and the general category of insights generated. Grace AI outputs are generated based on your behavioral data and FCS score. We may retain interaction metadata for service improvement and system performance monitoring.

2.4 Usage and Technical Data

We automatically collect certain technical information when you use the Service, including IP addresses associated with login sessions, browser type and version, device information, pages visited within the Service, and timestamps of activity. This information is used for security monitoring, suspicious activity detection, and service performance analysis.

2.5 Payment Information

Payment processing is handled entirely by Stripe, Inc. When you subscribe to a paid plan, Stripe collects and processes your payment method details (such as credit card number, expiration date, and billing address). GraceFinance does not receive, store, or have access to your full payment card information. We receive only a confirmation of payment status, your Stripe customer identifier, and subscription status from Stripe.

3. How We Use Your Information

We use your information for the following purposes:

• To provide, maintain, and improve the GraceFinance Service
• To calculate and display your Financial Confidence Score
• To generate personalized behavioral insights through Grace AI
• To process subscription payments and manage billing through Stripe
• To enforce AI usage limits and rate-limiting protections
• To detect and prevent fraudulent, abusive, or automated activity
• To produce the GraceFinance Composite Index using anonymized, aggregated data
• To communicate with you about your account, billing, and Service updates
• To comply with legal obligations

4. The GraceFinance Composite Index and Anonymized Data

The GraceFinance Composite Index is a macro-level signal that reflects aggregate financial confidence across the platform's user base. To produce this index, individual FCS scores are stripped of all personally identifiable information, aggregated with all other user scores, and processed into a single composite metric.

The Composite Index does not reveal, and cannot be reverse-engineered to reveal, any individual user's identity, score, or behavioral data. By using the Service, you consent to the inclusion of your anonymized FCS data in the Composite Index.

5. Data Storage and Security

5.1 Infrastructure

Your data is stored in a PostgreSQL database hosted on secure, managed infrastructure. We use industry-standard security practices including encrypted data transmission via HTTPS/TLS, secure password hashing (bcrypt with SHA-256 pre-hashing), JSON Web Token (JWT) based authentication, and role-based access controls.

5.2 Data Retention

We retain your account and behavioral data for as long as your account is active and as needed to provide the Service. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or dispute resolution). Anonymized data that has already been incorporated into the Composite Index will not be removed, as it is no longer identifiable.

5.3 Security Measures

We implement administrative, technical, and physical safeguards to protect your data. However, no method of electronic transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.

6. Third-Party Services

6.1 Stripe

We use Stripe, Inc. to process subscription payments. When you provide payment information, it is transmitted directly to Stripe and governed by Stripe's Privacy Policy. Stripe is PCI-DSS Level 1 certified, the highest level of compliance available in the payments industry.

6.2 AI Infrastructure

Grace AI is powered by third-party language model APIs. When you request an AI insight, relevant behavioral context from your check-in data and FCS score is transmitted to the AI provider to generate your insight. We do not share your email address, real name, or other personally identifiable information with AI infrastructure providers.

6.3 Hosting

Our application is hosted on managed cloud infrastructure providers. These providers maintain their own security certifications and data handling practices.

7. Information We Do Not Collect

GraceFinance does not collect or access your bank account information, investment account data, credit card numbers (handled exclusively by Stripe), social security numbers, or tax identification numbers. GraceFinance is a behavioral insight platform, not a financial account aggregator.

8. Cookies and Tracking

The Service uses authentication tokens stored in your browser's local storage to maintain your session. We do not use third-party advertising trackers or sell your data to advertisers. We may use essential, first-party analytics to understand how users interact with the Service for the purpose of improving the product experience.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may request that we correct inaccurate or incomplete data.
• Deletion: You may request that we delete your personal data, subject to legal and contractual retention requirements.
• Portability: You may request that we provide your data in a structured, machine-readable format.
• Objection: You may object to certain processing activities, including the use of your data for the Composite Index.

To exercise any of these rights, contact us at support@gracefinance.co. We will respond to your request within 30 days.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information.

11. Data Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, in accordance with applicable law. We will also take immediate steps to contain the breach, investigate its scope, and implement measures to prevent recurrence.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice within the Service. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Information

For questions or concerns about this Privacy Policy or our data practices, contact us at:

Grace Holdings LLC
Email: support@gracefinance.co
Website: https://gracefinance.co