Privacy Policy

1. Information We Collect

At BlabMoney, we collect information in various ways to provide you with the best possible service:

Personal Information

• Full name and username
• Email address for account creation and communication
• Encrypted passwords using bcrypt hashing
• Profile pictures from OAuth providers (Google, LinkedIn)

Financial Portfolio Data

• Portfolio composition, asset allocations, and investment preferences
• Risk tolerance settings and investment objectives
• Asset search history and selection preferences
• Portfolio performance metrics and analytics

Technical and Usage Data

• Unique session identifiers for analytics tracking
• Page views and navigation patterns within the application
• Marketing campaign parameters (stored for 24 hours)
• Browser type, device information, and technical specifications
• IP addresses for security and fraud prevention

AI Chat and Interaction Data

• Chat conversations with our AI assistant for portfolio advice
• AI-generated recommendations and financial insights
• User feedback on AI responses (positive/negative ratings)
• Usage patterns of AI-generated recommendations

2. How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining our portfolio management services
• Personalizing AI chat responses and financial recommendations
• Analyzing portfolio performance and generating reports
• Tracking application performance and user engagement (with consent)
• Improving user experience and application functionality
• Maintaining security and preventing fraud
• Complying with legal obligations and regulatory requirements
• Providing customer support and responding to inquiries

3. Information Sharing

We do not sell, rent, or trade your personal information to third parties. We may share information in the following circumstances:

Third-Party Service Providers

• MongoDB Atlas: Database hosting and data storage services
• Azure OpenAI: AI chat functionality and natural language processing
• Financial Data Providers: Market data and financial information providers
• Email Service (Resend): Email delivery for notifications and account management

Legal Requirements

• When required by law or by competent authorities
• To comply with legal processes, court orders, or government requests
• In case of merger, acquisition, or sale of assets
• When you have given explicit consent for specific sharing

4. Cookies and Tracking Technologies

We use various types of cookies and similar technologies to enhance your experience:

Essential Cookies

• next-auth.session-token: Maintains your authenticated session (secure, httpOnly)
• next-auth.csrf-token: Prevents cross-site request forgery attacks
• next-auth.callback-url: Handles OAuth authentication redirects

Functional Cookies

• preferredCurrency: Stores your preferred currency setting
• blabmoney_cookie_consent: Remembers your cookie consent preferences (90-day expiry)

Analytics Cookies (Consent Required)

• blabmoney_session_id: Unique session identifier for our custom analytics system
• blabmoney_utm_params: Marketing campaign tracking parameters (24-hour expiry)

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• End-to-end encryption for data transmission and storage
• Strict access controls and authentication requirements
• HTTPS-only communication and secure cookie policies
• Regular security audits and vulnerability assessments
• Password hashing using industry-standard bcrypt algorithm
• Secure cookie settings with httpOnly and sameSite protection

6. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of Access: Request access to your personal data and information about processing
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Data Portability: Receive your personal data in a structured, machine-readable format
• Right to Restriction: Request restriction of processing under certain circumstances
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent for analytics cookies and optional data processing

7. Data Retention

• User Account Data: Retained until account deletion or 3 years of inactivity
• Analytics Data: Aggregated data retained for 2 years, detailed data for 6 months
• Chat Conversations: Retained for 1 year or until account deletion
• Cookie Consent Records: 90 days from last interaction or until consent withdrawal
• UTM Campaign Data: 24 hours in sessionStorage, aggregated reporting for 1 year

8. Our Custom Analytics System

BlabMoney uses a privacy-focused custom analytics system:

• Custom-built analytics instead of Google Analytics or third-party trackers
• Analytics only active when you consent to analytics cookies
• Session-based tracking with unique identifiers
• Event tracking for user interactions and application usage
• No data shared with external analytics providers

9. International Data Transfers

Your data may be transferred to and processed in countries outside the EEA:

• MongoDB Atlas: Data stored in EU regions with adequate protection
• Azure OpenAI: Processing in EU regions under Microsoft's Data Protection Addendum
• Transfers only to countries with EU adequacy decisions or appropriate safeguards
• Standard Contractual Clauses and certification schemes ensure protection

10. Changes to This Policy

We may update this privacy policy occasionally to reflect changes in our practices or applicable regulations. Significant changes will be notified through our website and by updating the 'last updated' date.

11. Contact Information

If you have questions about this privacy policy or wish to exercise your data rights, please contact us: