Privacy Policy

Last updated: March 2026

1. Introduction

Kronvis ("the Application") is a personal finance tracking tool. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Information

• Name and email address (used for account identification and login)
• Password (stored as a bcrypt hash -- we never store or see your plaintext password)

Financial Data

• Financial account names and balances you enter manually
• Income sources and amounts
• Expense categories and estimated amounts
• Transaction records (amounts, dates, descriptions)
• Receipt images you upload

Plaid Data

If you use the Plaid integration to connect a bank account, the Application temporarily accesses your account balances and recent transactions through Plaid's secure API. This data is used in-session only and is not stored in our database. Plaid access tokens are not persisted beyond the active browser session.

Technical Data

• IP addresses (used for rate limiting only, not stored long-term)
• Session tokens (JWT-based, used for authentication)

3. How We Use Your Data

Your data is used exclusively to provide the Application's features:

• Authenticating your identity and securing your account
• Displaying your financial dashboard, forecasts, and history
• Storing your income, expense, and transaction records
• Generating financial projections based on your data

4. Data Protection

• Encryption at rest: Personal data (names, emails, account names, descriptions) is encrypted using AES-256-GCM with per-user encryption keys.
• Password security: Passwords are hashed with bcrypt (cost factor 12) and never stored in plaintext.
• Receipt files: Uploaded receipt images are encrypted on disk when encryption is enabled.
• Multi-factor authentication: TOTP-based two-factor authentication is available to protect your account.

5. Third-Party Services

The Application uses Plaid to facilitate bank account connections. When you connect a bank account through Plaid Link, Plaid's own privacy policy governs how they handle your banking credentials and data. You can review Plaid's privacy policy at plaid.com/legal.

No other third-party services receive your personal or financial data. The Application does not use analytics trackers, advertising networks, or data brokers.

6. Data Retention

Your data is retained for as long as your account is active. There is no automatic purging of active account data. Password reset tokens are deleted after use or upon expiry.

7. Your Rights

• Access:You can view all your data through the Application's dashboard.
• Export:You can export all your data as a JSON file via Settings > Export Data.
• Deletion:You can permanently delete your account and all associated data via Settings > Delete Account. This removes all database records and receipt files.
• Correction: You can update your profile information, financial records, and other data through the Application at any time.

8. Children's Privacy

The Application is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

This privacy policy may be updated from time to time. Significant changes will be communicated through the Application.

10. No Sale or Sharing of Data

We do not sell, rent, lease, or otherwise commercially share your personal or financial data with any third party. Your data is used exclusively within the Application to provide its features and is never monetized, used for advertising, or transferred to data brokers.

11. Contact

For questions about this privacy policy or your data, please contact the application operator through the channels provided in the Application.