Privacy Policy
Last updated: July 14, 2026
1. Who we are
donoevil.ai ("we", "us") operates this website and a personal finance application currently in private development (the "Service"). The Service helps individuals understand and manage their finances by securely connecting to their financial accounts. This policy explains what information we collect, how we use it, and the choices you have.
2. Information we collect
When you use the Service and choose to link a financial account, we collect:
- Financial account data, accessed through Stripe Financial Connections with your explicit consent: account details (such as institution name, account name, type, and masked account numbers), account balances, and transaction history.
- Contact information you provide directly, such as your email address when you create an account or contact us.
- Basic technical data generated by serving this website, such as server logs. This website itself sets no cookies and runs no analytics or tracking scripts.
3. How we use your information
We use the information described above solely to:
- Provide the Service's personal finance features, such as showing your balances, transactions, and spending insights.
- Maintain the security and integrity of the Service.
- Respond to your requests and communicate with you about the Service.
- Comply with legal obligations.
We will never sell your personal or financial information to a third party. We do not use your financial data for advertising, and we do not share it with third parties for their marketing purposes.
4. Stripe Financial Connections
Account linking is powered by Stripe, Inc. When you connect a financial account, you authenticate directly with your financial institution through Stripe Financial Connections, and Stripe shares the data described above with us based on your consent. Your institution login credentials are provided to Stripe or its partners, never to us, and we never see or store them.
Stripe's handling of your data is described in the Stripe Privacy Policy and the Stripe Linked Financial Account Terms.
5. Data retention and deletion
We retain financial account data only for as long as you keep the account linked to the Service, plus any period required by law. When you unlink an account or delete your Service account, we delete the associated financial data from our systems within 30 days, except where retention is legally required.
6. Your rights and choices
- You can disconnect a linked financial account at any time from within the Service, which stops all further data access.
- You can request access to, correction of, or deletion of your personal data by emailing us.
- Depending on where you live (for example the EU/EEA, UK, or California), you may have additional statutory rights, including the right to object to processing, the right to data portability, and the right to non-discrimination for exercising your rights. We honor these requests regardless of location.
To exercise any of these rights, contact privacy@donoevil.ai. We respond within 30 days.
7. Security
All user data is encrypted in transit using TLS and encrypted at rest. Financial records are additionally encrypted at the record level with per-user keys. Access is restricted to what is necessary to operate the Service. No method of transmission or storage is completely secure, but we work to protect your information using industry-standard practices.
8. Children
The Service is not directed at children under 13, and we do not knowingly collect personal information from them.
9. Changes to this policy
We may update this policy as the Service evolves. We will post the updated policy on this page and revise the "Last updated" date above. Material changes will be communicated to registered users.
10. Contact
Questions or requests: privacy@donoevil.ai.