Privacy Policy

1. INTRODUCTION

This Privacy Policy (“Policy”) describes how Steve (“we,” “our,” “us,” or the “Company”), accessible at https://www.meetsteve.ai/, collects, uses, stores, shares, and protects your personal information. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. APPLICABILITY AND AGE RESTRICTIONS

2.1. This Policy applies to all users of Steve’s services, website, mobile applications, and related features (collectively, the “Services”).

2.2. The Services are strictly intended for individuals who are 18 years of age or older. We do not knowingly collect or solicit personal information from anyone under the age of 18. If we learn that we have collected personal information from a person under 18, we will promptly delete such information.

3. INFORMATION WE COLLECT

3.1. Financial Information

• Account balances and transaction history
• Financial goals and preferences
• Other financial data accessed through Plaid’s services

As part of our financial services, we use Plaid to securely link your financial accounts and access financial data. Plaid’s services are subject to their own privacy policy, and we recommend that you review Plaid’s Privacy Policy to understand how they handle your financial data. Plaid’s privacy practices may differ from ours, and we are not responsible for their policies or practices.You can view Plaid’s Privacy Policy here.

3.2. Personal Information

• First name
• Email address
• Device information (including device identifiers, operating system, browser type)
• Location data
• Usage patterns and interaction data
• Chatbot conversations and queries

3.3. Automatically Collected Information

• IP addresses
• Browser and device characteristics
• Operating system details
• Language preferences
• Referring URLs
• Access times and dates
• Network connection information

4. USE OF PERSONAL INFORMATION

4.1. Core Functionality

We use your personal information to:
• Provide and maintain our Services
• Authenticate your identity
• Communicate with you regarding your account
• Respond to your inquiries and support requests
• Fulfill our contractual obligations

4.2. Financial Recommendations

We analyze your financial data to:
• Generate personalized financial insights
• Provide automated financial advice
• Identify relevant financial products and services
• Create customized financial planning strategies
• Monitor and alert you about important financial events

5. DATA RETENTION AND DELETION

5.1. Retention Period

We retain your personal information for one (1) year following account closure, or longer if required by applicable law, regulation, or legitimate business purposes.

5.2. Data Deletion Requests

Upon receiving a verifiable deletion request, we will:
• Delete your personal information from our active systems within 30 days
• Ensure deletion from backup systems within 90 days
• Retain only those records required by law or necessary for legitimate business purposes
• Provide written confirmation of deletion completion
• Notify third-party service providers to delete your data

6. THIRD-PARTY DATA SHARING

6.1. We share your personal information with the following third-party service providers:
a) Analytics and Performance Monitoring
• Amplitude: Usage analytics and behavioral data
• Google Analytics: Website performance and user interaction metrics
• Sentry: App usage and error detection
b) Infrastructure and Security
• MongoDB: Database management and storage
• AWS Bedrock: General chatbot conversations
• Clerk: Authentication and identity verification
c) Financial Services
• Plaid: Financial account connection and data aggregation
d) Communication
• Mailchimp: Email communications and marketing

6.2. Data Sharing Restrictions

All third-party service providers are contractually obligated to:
• Use your information solely for authorized purposes
• Maintain appropriate security measures
• Comply with applicable privacy laws and regulations
• Process data according to our instructions
• Not sell or redistribute your personal information

7. DATA SECURITY

7.1. Security Measures

We implement and maintain appropriate technical and organizational security measures, including:
• Industry-standard encryption for data in transit and at rest
• Multi-factor authentication
• Role-based access controls
• Physical and environmental security controls
• Network security monitoring and intrusion detection
• Secure backup systems
• Incident response procedures

7.2. Data Breach Notification

In the event of a data breach, we will:
• Notify affected users within 72 hours of discovery
• Provide detailed information about the breach
• Outline steps taken to address the incident
• Recommend actions to protect affected users
• Cooperate with law enforcement and regulatory authorities
• Implement additional security measures as necessary

8. COOKIES AND TRACKING TECHNOLOGIES

8.1. Cookie Usage

We employ essential cookies and basic analytics with the following expiration periods:
• Google Analytics cookies: 24 months
• Facebook cookies: 3 months
• Essential session cookies: 7 days

8.3. Cookie Control

Users may:
• Modify cookie preferences through browser settings
• Delete cookies at any time
• Opt-out of non-essential cookies
• Use “Do Not Track” browser settings

9. USER RIGHTS AND CHOICES

9.1. Data Subject Rights

You have the right to:
• Access your personal information
• Correct inaccurate data
• Request data portability
• Withdraw consent
• Object to processing
• Request data deletion
• Restrict processing
• File a complaint with supervisory authorities

9.2. Exercise of Rights

To exercise these rights:
• Email: support@meetsteve.ai
• Mail: 131 Continental Dr Suite 305 Newark, DE, 19713 US
• Response Time: Within 30 days
• Identity Verification: Required
• No Fee: Unless requests are excessive or unfounded

10. INTERNATIONAL DATA TRANSFERS

10.1. Data Processing Location

• All data processing occurs within the United States
• No international data transfers
• Data centers located in the United States
• Backup facilities within the United States

10.2. Territorial Scope

This Policy applies to:
• All United States residents
• Users accessing our Services from within the United States
• Data processed within United States jurisdiction

11. CHANGES TO PRIVACY POLICY

11.1. Notification of Changes

We will notify users of material changes to this Policy through:
• Email notifications
• In-app notifications
• Website announcements
• Push notifications (where applicable)

11.2. Notice Period

• Minimum notice: 15 days
• Maximum notice: 30 days
• Implementation date clearly specified
• Summary of material changes provided
• Comparison version available upon request

11.3. Continued Use

• Continued use of Services after changes constitute acceptance
• Users disagreeing with changes may terminate their account
• Prior versions of Policy available upon request

12. AI CHATBOT PRIVACY

12.1. Data Processing

• Chatbot conversations are anonymized
• Personal identifiers removed before AI processing
• Conversation data used for service improvement
• Training data anonymized and aggregated

12.2. AI Provider Restrictions

• Contractual limitations on data use
• Prohibition on data retention
• Regular compliance audits
• Strict security requirements
• Data minimization principles applied

13. CONTACT INFORMATION

13.1. Privacy Inquiries

For privacy-related questions or concerns:
• Email: support@meetsteve.ai
• Address: 131 Continental Dr Suite 305 Newark, DE, 19713 US
• Data Protection Officer: Steven Buchko

13.2. Response Times

• General inquiries: 2 business days
• Data subject requests: 30 days
• Urgent privacy concerns: 24 hours
• Breach notifications: 72 hours

14. GOVERNING LAW

14.1. This Privacy Policy shall be governed by and construed in accordance with the laws of the United States and the State of Delaware, without regard to its conflict of law provisions.

14.2. Any disputes relating to this Policy shall be subject to the exclusive jurisdiction of the courts located in New Castle County, Delaware.

15. SEVERABILITY

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be replaced with a valid, enforceable provision that most closely matches the intent of the original provision.