Privacy Policy

1. INTRODUCTION

Cobalt Personal Finance Inc. ("Cobalt," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our personal finance management platform and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

We collect information that you voluntarily provide to us when you:

• Create and maintain an account with Cobalt
• Connect your financial accounts to our Services
• Use our platform features and tools
• Contact us for customer support or inquiries
• Participate in surveys or promotional activities
• Communicate with us through any channel

This information may include:

• Identity Information: Full name, email address, phone number, and date of birth
• Financial Account Information: Financial institution names, account types, account balances, transaction history, and related financial data (obtained securely through authorized third-party connection services)
• Usage Data: Information about how you interact with our Services, including features accessed, preferences set, and time spent on the platform
• Communication Records: Records of your correspondence with our support team, including emails, chat logs, and feedback submissions
• Technical Information: Device information, IP address, browser type, and operating system

2.2 Automatically Collected Information

When you access our Services, we may automatically collect certain information, including:

• Log data and analytics regarding your use of the Services
• Device identifiers and network information
• Cookies and similar tracking technologies (as described in our Cookie Policy)

3. HOW WE USE YOUR INFORMATION

Cobalt uses the collected information for the following purposes:

3.1 Service Provision and Enhancement

• To provide, operate, maintain, and improve our personal finance management platform
• To display your aggregated financial data, account balances, and transaction histories
• To generate personalized financial insights, analytics, and visualizations
• To develop new features and functionality for the Services

3.2 Communication and Support

• To send you technical notices, security alerts, and system updates
• To respond to your inquiries, comments, and support requests
• To provide customer service and resolve technical issues
• To send you information about changes to our Services or policies

3.3 Personalization

• To personalize and customize your experience with our Services
• To understand your financial management needs and preferences
• To deliver relevant content and recommendations

3.4 Security and Compliance

• To monitor and analyze usage patterns for security purposes
• To detect, prevent, and address technical issues, fraud, and unauthorized access
• To comply with legal obligations and enforce our Terms of Service

3.5 Important Limitation

Cobalt does not process, facilitate, execute, or authorize any financial transactions. Our Services are designed exclusively to help you view, track, analyze, and manage your financial information. All financial transactions, including payments, transfers, and account modifications, must be conducted directly through your financial institutions or their authorized platforms.

4. ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING

4.1 AI-Powered Features

Cobalt utilizes artificial intelligence (AI) and machine learning technologies to enhance your experience and provide intelligent financial insights. Our AI-powered features include:

• Spending Pattern Analysis: Examination of your transaction data to identify spending habits, trends, and categories
• Conversational Interface: AI-powered chat functionality to answer questions about your financial data and provide guidance
• Predictive Analytics: Generation of financial forecasts, budget projections, and cash flow predictions based on your historical data
• Anomaly Detection: Identification of unusual transactions, spending spikes, or potential issues requiring your attention
• Personalized Recommendations: Customized suggestions for budgeting, saving, and financial management based on your unique financial profile
• Continuous Improvement: Enhancement of model accuracy and relevance through systematic evaluation of system performance

4.2 Your Data and AI Model Training

We are committed to protecting the privacy of your financial information in relation to our AI systems:

• No Cross-Customer Training: Your personal financial data is never used to train AI models for deployment to other customers or users
• Account Privacy: Your financial conversations, transactions, and data remain strictly private to your account
• Aggregated Insights Only: Any improvements to our AI models based on user interactions are implemented at an aggregate, anonymized system level that does not expose or share individual user patterns, behaviors, or information

4.3 Third-Party AI Service Providers

To power certain AI features, we utilize third-party AI models and services, including but not limited to:

• Anthropic (Claude) — provided by Anthropic, PBC
• Google (Gemini) — provided by Google LLC

What Data Is Sent to Third-Party AI Providers:

When you use AI-powered features such as the conversational interface or financial insights, the following data may be transmitted to the third-party AI providers listed above:

• Your chat messages, questions, and prompts entered into the conversational interface
• Transaction descriptions, amounts, dates, and categories
• Account names, types, and balances
• Spending patterns and financial summaries generated from your connected accounts

Zero Data Retention (ZDR):

We access all third-party AI services through infrastructure that enforces zero data retention (ZDR). This means:

• Your data is transmitted to these providers solely for real-time processing of your specific request
• Your data is not stored, retained, or persisted by these providers after your request is fulfilled
• Your data is not used for training, fine-tuning, or improving these providers' AI models
• All data is transmitted using secure, encrypted connections (TLS/SSL)

Third-Party Provider Obligations:

• All third-party AI providers are contractually bound to maintain the confidentiality and security of your information
• Each provider is required to provide the same or equal protection of your data as described in this Privacy Policy
• We carefully vet all AI service providers to ensure they meet our stringent privacy and security standards

4.4 AI Transparency and Limitations

Important Disclosures:

• Not Financial Advice: AI-generated insights, recommendations, and analyses are provided for informational and educational purposes only and do not constitute professional financial advice, investment recommendations, or tax guidance
• Verification Recommended: We strongly encourage you to independently verify all AI-generated information and consult with qualified financial advisors, accountants, or other licensed professionals before making significant financial decisions
• Explanation Available: You may contact us at any time to understand how AI was utilized in generating any particular recommendation, insight, or analysis
• Human Oversight: While our AI systems are sophisticated, they may occasionally produce errors or unexpected results. We continuously monitor and improve our AI functionality

4.5 Your AI-Related Rights

You have the right to:

• Request information about how AI was used in any specific recommendation or insight
• Provide feedback on AI-generated content to help us improve accuracy and relevance

5. DATA SECURITY

5.1 Security Measures

Cobalt implements comprehensive administrative, technical, and physical security measures designed to protect your personal information against unauthorized access, alteration, disclosure, destruction, or loss. These measures include:

• Encryption: Industry-standard encryption protocols (including TLS/SSL) for data in transit and at rest
• Access Controls: Role-based access restrictions limiting employee access to personal information on a need-to-know basis
• Authentication: Multi-factor authentication options and strong password requirements
• Security Audits: Regular internal and third-party security assessments, vulnerability testing, and penetration testing
• Monitoring: Continuous monitoring systems to detect and respond to potential security incidents
• Incident Response: Established procedures for responding to and mitigating security breaches

5.2 Third-Party Security

We carefully select third-party service providers and require them to maintain security standards consistent with industry best practices and applicable regulations.

5.3 Your Responsibility

While we implement robust security measures, the security of your account also depends on your actions. You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Promptly notifying us of any unauthorized access or security concerns
• Logging out of your account when using shared devices

5.4 No Guarantee

Despite our security efforts, no system is completely secure. We cannot guarantee absolute security of your information, and you use our Services at your own risk.

6. DATA RETENTION

6.1 Active Account Data

While your account remains active, we retain the following information to provide and improve our Services:

• All connected financial account information and transaction data
• Account settings, preferences, and user profile information
• Usage history and interaction logs
• Communication records with customer support

You maintain control over your data and may:

• Delete specific financial account connections at any time through your account settings
• Modify sync preferences to control how frequently financial data is updated
• Remove individual transactions or categories of data as permitted by the platform

6.2 Account Deletion

Upon your request to delete your account:

• Initial Deletion (30 Days): We will permanently delete your personal information, including financial data, account details, and user-generated content, within thirty (30) days of your deletion request
• Irreversibility: Once the deletion process is complete, your data cannot be recovered, restored, or reinstated

6.3 Legal and Compliance Retention

Notwithstanding the above, we may retain certain categories of information for extended periods when required by law, regulatory obligations, or legitimate business purposes:

• Transaction Logs and Security Records: Retained for up to seven (7) years for fraud prevention, security investigations, financial auditing, and legal compliance purposes
• Communication Records: Customer support tickets, emails, and other communications retained for up to three (3) years for quality assurance, training, dispute resolution, and legal purposes
• Legal Obligations: Information retained as required by applicable laws, regulations, court orders, or government requests

7. THIRD-PARTY SERVICES AND DATA SHARING

7.1 Financial Account Connection Services

To enable you to connect your financial accounts to our platform, we utilize secure, industry-leading third-party financial data aggregation services, including:

• Plaid Inc.
• Snaptrade

How These Services Work:

• These services establish read-only connections to your financial institutions
• You authorize these connections by providing your financial institution credentials directly to the third-party service (not to Cobalt)
• We do not store, retain, or have access to your banking login credentials or passwords
• These services retrieve your financial data (account balances, transactions, account details) and securely transmit it to Cobalt for display within our platform
• Each third-party service is subject to its own privacy policy and security standards, which we encourage you to review

7.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Services, including:

• Cloud hosting and infrastructure providers
• Analytics and performance monitoring services
• Customer support and communication platforms
• Security and fraud prevention services

These service providers are contractually obligated to:

• Use your information only for the specific purposes we authorize
• Maintain the confidentiality and security of your information
• Comply with applicable data protection laws

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice and obtain consent as required by applicable law before your information becomes subject to a different privacy policy.

7.4 Legal Requirements

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or governmental requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of Cobalt, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

7.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7.6 No Sale of Personal Information

Cobalt does not sell, rent, or trade your personal information to third parties for monetary consideration.

8. YOUR PRIVACY RIGHTS

8.1 Access and Portability

You have the right to:

• Access the personal information we hold about you
• Request a copy of your data in a structured, commonly used, and machine-readable format
• Export your financial data and transaction history from our platform

8.2 Correction and Updating

You have the right to:

• Correct inaccurate or incomplete personal information
• Update your account details, preferences, and settings at any time through your account dashboard

8.3 Deletion

You have the right to:

• Request deletion of your account and associated personal information
• Delete specific financial account connections without deleting your entire account
• Remove individual data points or categories of information as supported by the platform

8.4 Objection and Restriction

You have the right to:

• Object to certain processing of your personal information
• Request restriction of processing under certain circumstances
• Opt out of non-essential communications and marketing messages

8.5 Exercising Your Rights

To exercise any of these rights, please:

• Access your account settings for self-service options, or
• Contact us at feedback@try-cobalt.com with your specific request

We will respond to your request within the timeframe required by applicable law, typically within thirty (30) days.

8.6 Verification

For your security, we may require verification of your identity before processing certain requests, particularly those involving access to or deletion of personal information.

9. INTERNATIONAL DATA TRANSFERS

Cobalt operates in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those of your country of residence.

By using our Services, you consent to the transfer of your information to the United States and other countries as necessary to provide the Services.

10. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect, maintain, or use personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at feedback@try-cobalt.com.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will:

• Update the "Effective Date" at the top of this Privacy Policy
• Provide notice of material changes through the Services, by email, or other appropriate means
• Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes become effective constitutes your acceptance of the updated Privacy Policy.

12. CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will make every effort to respond to your inquiry promptly and address your concerns.