Privacy Policy

1. Introduction

LazeeFish ("we," "us," or "our") operates the personal finance tracking application available at lazeefish.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By creating an account and using LazeeFish, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account information. When you register, we collect your email address and, if you use password authentication, a one-way cryptographic hash of your password (we never store your password in plain text). If you sign in with Google, we receive your email address and a Google-issued identifier.

Bank connection data. When you connect a bank account through Plaid, Plaid provides us with an access token representing your connection. We store this token securely to retrieve your transactions. We do not store your bank login credentials.

Transaction data. We import and store transaction records from your connected bank accounts, including merchant names, amounts, and dates. You may also add manual transactions. All transaction data is stored exclusively in association with your account.

Usage and log data. We record authentication events (sign-in, sign-out, registration) and data-import events (Plaid syncs) along with your IP address and browser user-agent. This data is used for security monitoring and debugging.

3. How We Use Your Information

• To provide and operate the LazeeFish service, including importing and displaying your transactions.
• To authenticate you and secure your account.
• To detect and investigate unauthorized access or misuse.
• To improve the reliability and performance of the application.

We do not sell, rent, or share your personal or financial data with third parties for advertising or marketing purposes.

4. Third-Party Services

Plaid. Bank account connectivity is provided by Plaid Inc. When you link a bank account, you interact directly with Plaid's interface and agree to Plaid's End User Privacy Policy (plaid.com/legal). Plaid transmits transaction data to us on your behalf; we do not share your data back to Plaid beyond what is required to maintain the connection.

Google OAuth. If you choose to sign in with Google, your authentication is handled by Google's OAuth 2.0 service. We receive only your email address and a stable identifier from Google. Google's Privacy Policy applies to that interaction (policies.google.com/privacy).

5. Cookies and Authentication

LazeeFish uses a single HttpOnly cookie (lf_auth) to store a signed JSON Web Token (JWT) that authenticates your session. This cookie is not accessible to JavaScript and is not used for advertising or tracking. It expires when your session ends or the token's validity period lapses.

6. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on servers located in the United States. We use industry-standard practices including encrypted connections (TLS), hashed passwords (bcrypt), and access controls to protect your information.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your account and financial data for as long as your account is active. If you request deletion of your account, we will remove your personal information and financial records within 30 days, except where retention is required by applicable law or for legitimate security purposes (e.g., fraud investigation logs).

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at the address below. You may also disconnect a bank account at any time through the Bank Connections settings in the application, which will revoke Plaid's access token for that institution.

9. Children's Privacy

LazeeFish is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of LazeeFish after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us at privacy@lazeefish.com.