Privacy Policy
Effective Date: May 18, 2026
Last Updated: May 22, 2026
Kaevo Group LLC ("Kaevo," "we," "us," or "our") operates the Kaevo household management service available at kaevo.ai (the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.
By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.
1. Who We Are
Kaevo Group LLC is a limited liability company organized under the laws of the State of Florida, United States. Our principal place of business is in Florida.
For privacy questions or to exercise your rights, contact: support@kaevo.ai
2. Information We Collect
2.1 Information you provide
- Account information: name, email address, password (stored as a one-way hash), subscription tier.
- Household information: family member names, relationships, dates of birth, ZIP code, city/state.
- Financial information: income sources, account balances, transactions, bills, recurring expenses, retirement account information, credit cards, debts, budget categories. You provide this information manually or, where you choose to enable bank linking, via Plaid (see Section 4).
- Health and medical information: any information you enter into the Medical module, including conditions, medications, providers, insurance, and visit logs. We treat this as sensitive information.
- Other household data: chores, calendar events, vehicles, home maintenance records, vacations, recipes, contacts, document descriptions, and similar information you choose to enter.
- Support communications: messages you send to us by email or other channels.
2.2 Information we collect automatically
- Usage data: pages visited, features used, errors encountered, timestamps. Used to operate and improve the Service.
- Device and connection data: IP address, browser type, operating system, device identifiers. Used for security, fraud prevention, and analytics.
- Cookies and similar technologies: we use cookies and local storage to keep you signed in, remember preferences, and operate core functionality. See Section 8.
2.3 Information from third parties
- Stripe: when you subscribe, Stripe processes your payment and provides us with confirmation, subscription status, and limited billing metadata. We do not store your full payment card information.
- Plaid (optional): if you choose to connect a bank account, Plaid provides us with account, transaction, and balance information. Bank linking is an opt-in feature; no Plaid data is shared until you explicitly connect an account through Plaid Link.
3. How We Use Your Information
- Provide the Service: store, organize, and display the household information you enter.
- Personalize features: generate insights, dashboards, projections, and AI-assisted summaries based on your data.
- Process payments: manage your subscription, billing, and renewals through Stripe.
- Communicate with you: send transactional emails (account confirmation, password resets, billing notices) and respond to support requests. We do not send marketing emails without your consent.
- Improve and secure the Service: diagnose issues, prevent fraud, monitor abuse, and develop new features.
- Comply with legal obligations: respond to lawful requests, enforce our Terms of Service, and protect rights and safety.
4. Subprocessors and Third Parties
We use the following third-party service providers to operate the Service. Each is contractually obligated to protect your information and process it only as needed to provide their service.
| Provider | Purpose | Data Categories | Location |
|---|---|---|---|
| Supabase Inc. | Database, authentication, file storage, serverless compute | All user-entered data, account credentials (hashed), session tokens | United States |
| Netlify Inc. | Web hosting, edge functions, CDN, deployment | IP address, request logs, deploy assets | United States |
| Stripe Inc. | Payment processing, subscription billing | Name, email, payment method, billing address, subscription state | United States |
| Plaid Inc. | Bank account connectivity (optional; activated when you connect an account through Plaid Link) | Bank account info, transactions, balances — collected only when you explicitly connect an account through Plaid Link | United States |
| Anthropic PBC | AI features (Claude API): transaction categorization, insights, summaries | Data necessary to perform the requested AI task; not used to train Anthropic's models | United States |
| Google LLC (Workspace) | Transactional email, support inbox | Email address, message content | United States |
We update this list when we add or change subprocessors. Material changes will be reflected in the "Last Updated" date at the top of this Policy.
5. How We Share Information
We share information only as described in this Policy:
- With subprocessors listed in Section 4, as needed to operate the Service.
- With other members of your household if you invite them. Household members can see information you have entered into the shared household.
- For legal reasons when required by law, court order, or to enforce our rights.
- In connection with a business transfer such as a merger, acquisition, or sale of assets. We will notify you of any change in ownership or use of your data.
We do not sell your personal information. We do not share your personal information with advertisers or data brokers.
6. Data Retention
We retain your information for as long as your account is active and for the periods described in our Data Retention Policy. In summary:
- Active account data: retained while your account is active.
- Closed accounts: deleted within 30 days of your deletion request.
- Financial transaction history: retained for up to 7 years to support tax record needs, unless you request earlier deletion.
- Logs and backups: retained for up to 90 days.
- Billing records held by Stripe: retained per Stripe's policies.
For the full retention schedule, see our Data Retention Policy.
7. Your Rights
7.1 Rights available to all users
- Access — request a copy of the personal information we hold about you.
- Correction — correct inaccurate or incomplete information.
- Deletion — request deletion of your account and associated data.
- Portability — request a machine-readable export of your data.
- Restriction — request that we limit our processing of your information in certain circumstances.
7.2 Additional rights for residents of the European Economic Area, United Kingdom, and Switzerland (GDPR/UK GDPR)
- Right to object to processing based on legitimate interests.
- Right to withdraw consent at any time where processing is based on consent.
- Right to lodge a complaint with your national supervisory authority.
Legal bases on which we process your data: performance of our contract with you, your consent (for optional features), legitimate interests (security, service improvement), and legal obligations.
7.3 Additional rights for California residents (CCPA/CPRA)
- Right to know what personal information we collect, use, and disclose.
- Right to delete personal information we have collected.
- Right to correct inaccurate personal information.
- Right to opt out of "sale" or "sharing" of personal information — we do not sell or share for cross-context behavioral advertising.
- Right to limit use of sensitive personal information.
- Right not to be discriminated against for exercising your rights.
7.4 How to exercise your rights
Email support@kaevo.ai with your request. We will respond within 30 days (45 days for CCPA requests, extendable to 90 days for complex requests as the law permits). We may need to verify your identity before completing your request.
8. Cookies and Tracking
We use cookies and similar technologies to:
- Keep you signed in (session and authentication tokens).
- Remember your preferences and settings.
- Operate essential Service features.
- Diagnose errors and monitor performance.
We do not use cookies for advertising or cross-site tracking. You can disable cookies in your browser settings, but doing so may prevent the Service from working correctly.
9. Security
We take reasonable measures to protect your information, including encryption in transit (HTTPS/TLS), encryption at rest for our database, multi-factor authentication on our administrative accounts, principle-of-least-privilege access controls, and regular security reviews. No system is perfectly secure; if you believe your account has been compromised, contact security@kaevo.ai immediately.
10. Children's Privacy
The Service is not directed to children under 13 (or under 16 where applicable under local law). We do not knowingly collect personal information from children. Parents and guardians may enter limited information about their minor children as part of their household; that information is treated as the responsibility of the account-holding adult. If you believe a child has provided us with personal information directly, contact us at support@kaevo.ai and we will delete it.
11. International Data Transfers
Kaevo is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. Where required by law (e.g., for EEA users), we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.
12. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will update the "Last Updated" date and, where appropriate, notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13. Contact
Kaevo Group LLC
Florida, United States
Privacy and data requests: support@kaevo.ai
Security concerns: security@kaevo.ai