Privacy Policy

1.1 Nature of Our Service

Pathible is a document analysis and information organization tool designed to help families understand their financial and legal situations by:

• Analyzing documents you upload (financial statements, legal documents, etc.)
• Organizing information about your circumstances
• Providing visual representations and summaries of your data
• Offering educational insights about financial and legal concepts

IMPORTANT: Pathible does NOT:

• Provide financial advice, financial planning services, or investment recommendations
• Offer legal advice or legal services
• Act as a fiduciary, financial advisor, attorney, or licensed professional
• Make decisions on your behalf or recommend specific actions
• Guarantee the accuracy, completeness, or reliability of any analysis or information

1.2 Your Responsibility

You are solely responsible for:

• The accuracy of information and documents you provide
• Verifying any insights, analysis, or information generated by our Platform
• Consulting with qualified professionals (financial advisors, attorneys, accountants, etc.) before making any decisions
• Maintaining the confidentiality of your account credentials
• Complying with all applicable laws in your jurisdiction

2.1 Information You Provide Directly

Account Information

• Full name
• Email address
• Password (encrypted and hashed)
• Profile information (optional: phone number, address, date of birth)
• Account preferences and settings

Financial and Document Information

• Financial documents (bank statements, investment accounts, tax returns, pay stubs, etc.)
• Legal documents (wills, trusts, powers of attorney, court documents, contracts, etc.)
• Property records and ownership documents
• Insurance policies and benefits information
• Debt and loan documentation
• Income and expense information
• Asset and liability details
• Family structure information (relationships, dependents, beneficiaries)

User-Generated Content

• Notes, comments, and annotations you create
• Questions you ask our AI analysis tools
• Custom categories and tags you create
• Feedback and communications with our support team

2.2 Information Collected Automatically

Usage Data

• Device information (device type, operating system, browser type)
• IP address and general location information (city/country level)
• Log data (access times, pages viewed, actions taken)
• Application interaction data (features used, buttons clicked)
• Session duration and frequency of use
• Error reports and crash data

Cookies and Similar Technologies

• Session cookies for authentication
• Persistent cookies for preferences
• Analytics cookies for usage statistics
• Performance cookies for optimization
• Security cookies for fraud prevention

See Section 9 for detailed cookie information.

2.3 Information from Third-Party Sources

We may receive information from:

• Authentication providers (if you use social login features)
• Payment processors (transaction data, billing information)
• Analytics providers (aggregated usage statistics)
• Public records (to verify information you provide, if applicable)
• Data enrichment services (to improve our analysis capabilities)

2.4 Sensitive Personal Information

Due to the nature of our Service, you may upload documents containing sensitive personal information including:

• Financial account numbers and balances
• Social Security numbers or tax identification numbers
• Government-issued identification numbers
• Health information or insurance details
• Biometric data (if present in uploaded documents)
• Genetic information (if present in uploaded documents)
• Precise geolocation data
• Personal information about minors

3.1 Providing and Improving Our Service

• Account Management: Creating and maintaining your account, authenticating your identity, and managing your subscription
• Document Analysis: Processing and analyzing documents you upload using AI and machine learning technologies
• Insight Generation: Creating summaries, visualizations, and educational insights about your financial and legal situation
• Personalization: Customizing the Service based on your preferences and usage patterns
• Customer Support: Responding to your questions, providing technical assistance, and resolving issues
• Service Improvement: Analyzing usage patterns to improve features, fix bugs, and enhance user experience

3.2 Communication

• Sending transactional emails (account verification, password resets, subscription confirmations)
• Providing service updates and important notices
• Responding to your inquiries and requests
• Sending optional marketing communications (with your consent)
• Conducting surveys and research (with your consent)

3.3 Security and Fraud Prevention

• Detecting and preventing fraudulent activity, unauthorized access, and security threats
• Monitoring for violations of our Terms of Service
• Protecting the rights, property, and safety of Pathible, our users, and the public
• Enforcing our legal rights and complying with legal obligations

3.4 Legal Compliance and Protection

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Establishing, exercising, or defending legal claims
• Protecting against legal liability

3.5 Research and Development

• Developing new features and services
• Training and improving our AI and machine learning models (using aggregated, de-identified data only)
• Conducting internal research and analytics
• Testing new technologies and methodologies

4.1 Contractual Necessity

Processing necessary to perform our contract with you (Terms of Service), including:

• Providing access to the Service
• Processing your documents and generating insights
• Managing your account and subscription
• Providing customer support

4.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Improving and developing our Service
• Marketing and promoting our Service (where permitted)
• Detecting and preventing fraud and security threats
• Conducting research and analytics
• Managing business operations

We balance these interests against your rights and only process data where our interests are not overridden by your data protection rights.

4.3 Legal Obligation

Processing required to comply with legal obligations, including:

• Responding to lawful requests from authorities
• Complying with tax and accounting requirements
• Maintaining records as required by law
• Enforcing legal rights

4.4 Consent

Processing based on your explicit consent, including:

• Marketing communications (where consent is required)
• Optional features requiring sensitive data processing
• Cookies and tracking technologies (where required)
• Processing of special categories of personal data

You may withdraw your consent at any time, but this will not affect the lawfulness of processing based on consent before withdrawal.

5.1 Data Storage Infrastructure

We use industry-standard cloud infrastructure providers to store your data, including:

• Convex: Backend database and real-time data synchronization
• Cloud Storage Providers: Secure encrypted storage for uploaded documents
• Content Delivery Networks (CDNs): For fast, secure content delivery

All data is stored in secure data centers with:

• 24/7 physical security monitoring
• Redundant power and network systems
• Regular security audits and compliance certifications
• Geographic redundancy for disaster recovery

5.2 Security Measures

We implement comprehensive security measures to protect your data:

Technical Security

• Encryption in Transit: All data transmitted to and from our servers uses TLS 1.3 or higher encryption
• Encryption at Rest: All stored data, including documents and database records, is encrypted using AES-256 or equivalent encryption
• Secure Authentication: Passwords are hashed using industry-standard algorithms (bcrypt with salt)
• Multi-Factor Authentication: Available for additional account security
• API Security: All API endpoints are authenticated and rate-limited
• Secure File Upload: Document uploads are scanned for malware and viruses

Organizational Security

• Access Controls: Strict role-based access controls limit employee access to personal data
• Background Checks: All employees with access to personal data undergo background checks
• Security Training: Regular security awareness training for all employees
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response Plan: Documented procedures for responding to security incidents
• Regular Audits: Periodic security audits and penetration testing

5.3 Security Limitations

If you believe your account has been compromised, contact us immediately at security@pathible.com.

6.1 AI-Powered Features

Our Service uses artificial intelligence (AI) and machine learning (ML) technologies to analyze your documents and data, including:

• Document Processing: Optical Character Recognition (OCR) to extract text from uploaded documents
• Natural Language Processing (NLP): Understanding document content, structure, and meaning
• Data Extraction: Identifying and extracting financial figures, dates, names, and other relevant information
• Classification: Categorizing documents and information types
• Insight Generation: Creating summaries, identifying patterns, and generating educational explanations
• Question Answering: Responding to your questions about your documents and data

6.2 Accuracy and Limitations

YOU ARE SOLELY RESPONSIBLE FOR:

• Verifying the accuracy of all AI-generated insights and analysis
• Reviewing original documents to confirm extracted information
• Consulting with qualified professionals before making decisions based on our analysis
• Understanding that AI insights are educational tools only, not professional advice

6.3 Your Rights Regarding AI Processing

You have the right to:

• Opt out of AI processing (though this may limit Service functionality)
• Request human review of AI-generated insights
• Receive explanations of how AI processes your data
• Challenge AI-generated results you believe are inaccurate

Contact us at support@pathible.com to exercise these rights.

7.1 When We Share Your Information

We share your information only in the following limited circumstances:

With Your Consent

• When you explicitly authorize us to share your information
• When you use features that inherently involve sharing (e.g., sharing insights with family members)

Service Providers

We share information with trusted third-party service providers who perform services on our behalf:

• Cloud hosting providers (servers, databases, file storage)
• AI and machine learning service providers
• Payment processors and billing systems
• Customer support and helpdesk platforms
• Email delivery services
• Security and fraud prevention services

Legal Requirements

We may disclose your information when required by law:

• In response to valid subpoenas, court orders, or legal processes
• To comply with regulatory requirements or government requests
• To protect against legal liability or defend legal claims
• When necessary to protect the rights, property, or safety of Pathible, our users, or the public

7.2 Third-Party Services We Use

Below is a list of key third-party services that may process your data:

7.3 Data Sharing Limitations

WE DO NOT:

• Sell your personal information to third parties for monetary consideration
• Share your documents or sensitive financial/legal information except as described above
• Use your information for purposes incompatible with this Privacy Policy
• Share your data with advertisers or marketing companies (except aggregated, de-identified data)

8.1 Rights Available to All Users

Regardless of your location, you have the following rights:

Access Your Information

• Request a copy of the personal information we hold about you
• Receive information about how we process your data

Update Your Information

• Correct inaccurate or incomplete personal information
• Update your account details and preferences

Delete Your Information

• Request deletion of your personal information (subject to legal exceptions)
• Close your account and remove your data from our systems

Export Your Data

• Download your information in a portable format
• Transfer your data to another service

8.2 How to Exercise Your Rights

To exercise any of these rights, you may:

Response Timeline: We will acknowledge your request within 5-10 business days and respond substantively within 30-45 days, depending on applicable law.

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Service. We use cookies and similar tracking technologies to provide functionality, analyze usage, and improve your experience.

9.2 Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the Service to function and cannot be disabled:

• Authentication: Keeping you logged in to your account
• Security: Protecting against fraud and unauthorized access
• Session Management: Maintaining your session as you navigate the Service

Functional Cookies (Optional)

These cookies enhance functionality and personalization:

• Preferences: Remembering your settings and preferences
• UI State: Saving your interface customizations
• Language: Remembering your language selection

Analytics Cookies (Optional)

These cookies help us understand how you use the Service:

• Usage Statistics: Pages visited, features used, time spent
• Performance Metrics: Load times, errors, response times
• User Flow: Navigation patterns and user journeys

9.3 Managing Cookies

Browser Settings: Most browsers allow you to block or delete cookies. Access your browser's privacy settings to manage cookies.

Do Not Track (DNT): We currently do not respond to DNT browser signals as there is no industry standard for DNT interpretation.

10.1 Age Requirements

Our Service is NOT intended for children under the age of 18.

• You must be at least 18 years old to create an account
• Users under 18 may not use the Service, even with parental consent
• We do not knowingly collect information from individuals under 18

10.2 If We Discover Underage Users

If we learn that we have collected information from a child under 18:

• We will immediately delete the account and all associated data
• We will not use or disclose the information for any purpose
• We will not knowingly retain any information from the child

10.3 Parental Notification

If you are a parent or guardian and believe your child under 18 has created an account, contact us immediately at privacy@pathible.com. We will promptly delete the account and all data.

11.1 Data Storage Locations

Your information may be stored and processed in countries other than your country of residence, including the United States of America.

11.2 EEA/UK Data Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure adequate protection for data transfers through:

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with service providers outside the EEA
• Adequacy Decisions: We may transfer data to countries deemed “adequate” by the European Commission
• Additional Safeguards: Encryption of data in transit and at rest, contractual obligations, and regular audits

12.1 Retention Principles

We retain your information only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

12.2 Retention Periods by Data Type

12.3 Account Closure and Data Deletion

To close your account and request data deletion:

• Log into your account settings
• Select "Close Account" or "Delete My Data"
• Confirm your request via email verification
• Your account will be closed within 24-48 hours
• Data will be deleted according to schedules above

13.1 Our Commitment to Security

We take data security seriously and implement comprehensive measures to protect your information. Despite our efforts, no system is entirely secure from all threats.

13.2 User Notification

We will notify you if a breach:

• Involves your personal information
• Creates a risk of identity theft, fraud, or harm
• Is required to be reported under applicable law

Notification will include:

• Description of the incident and when it occurred
• Types of information that were involved
• Steps we have taken to address the breach
• Measures you can take to protect yourself
• Contact information for questions

14.1 Your California Privacy Rights

California residents have the following rights:

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt Out: Opt out of “sale” or “sharing” of personal information (Note: We do not sell or share personal information)
• Right to Non-Discrimination: Equal service and pricing regardless of exercising privacy rights

14.2 Sale and Sharing of Personal Information

We do NOT “sell” or “share” personal information as defined by CCPA. We do not sell personal information to third parties for monetary consideration, and we do not share personal information for cross-context behavioral advertising.

15.1 Your GDPR Rights

You have the following rights under GDPR:

• Right of Access (Article 15): Obtain confirmation that we process your data and access your personal data
• Right to Rectification (Article 16): Correct inaccurate personal data
• Right to Erasure (Article 17): Request deletion of your personal data (“right to be forgotten”)
• Right to Restriction (Article 18): Restrict processing in certain circumstances
• Right to Data Portability (Article 20): Receive your data in a structured, commonly used format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Article 7): Withdraw consent at any time
• Right to Lodge a Complaint (Article 77): File a complaint with your supervisory authority

15.2 Data Protection Authority

EEA Supervisory Authorities: Find your local authority at edpb.europa.eu

UK Information Commissioner's Office (ICO): ico.org.uk

17.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices
• New features or services
• Changes in applicable laws and regulations
• Feedback from users and regulators
• Changes in technology or security practices

17.2 Material Changes

For material changes that significantly affect your privacy rights, we will:

• Provide prominent notice on our Service (banner, popup, etc.)
• Send email notification to registered users
• Provide at least 30 days' notice before changes take effect
• Give you the opportunity to review changes and make decisions about your account

17.3 Your Options After Changes

If you disagree with changes to this Privacy Policy:

• You may close your account (see Section 12)
• You may exercise your privacy rights (see Section 8)
• You may contact us with concerns at privacy@pathible.com

Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

19.1 Informal Resolution

We encourage you to contact us first. Many privacy concerns can be resolved through direct communication. Email privacy@pathible.com with your concerns, and we will work with you in good faith to resolve issues.

19.2 Regulatory Complaints

You have the right to file complaints with regulatory authorities:

• European Union: European Data Protection Board (EDPB)
• United Kingdom: Information Commissioner's Office (ICO)
• United States: Federal Trade Commission (FTC), California Attorney General
• Canada: Office of the Privacy Commissioner