Legal

Privacy Policy

Effective Date: May 1, 2026  ·  Lattice Forge LLC

I know what it costs to hand someone your financial life. I did it myself when I connected my first account and felt the weight of that moment. Your data is not a product. Your giving history is not a signal for advertisers. Your prayer requests are not a dataset. None of it leaves this app. Not for money, not for partnerships, not for anything dressed up as "improving your experience." That is not a policy. It is a conviction.

Tee, founder

Kingdom Cents was built on the belief that your financial data is sacred, not a product. Everything below explains exactly what we collect, what we do not, and why. Your data serves you. Never us.

This Privacy Policy describes how Lattice Forge LLC ("Kingdom Cents," "we," "us," or "our") collects, uses, discloses, and safeguards information about you when you access or use the Kingdom Cents application, website, and all related services (collectively, the "Service"). By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, do not access or use the Service.

1. Information We Collect

A. Information You Provide Directly.

  • Account Information: When you register, we collect your name, email address, and password. Passwords are stored using industry-standard one-way hashing (bcrypt). We never store, transmit, or have access to your plaintext password.
  • Financial Data: Income figures, expense records, budget categories, budget limits, tithe percentages, offering amounts, and any other financial information you voluntarily enter or import into the Service.
  • Giving Reflection Data (Sensitive): When you log a gift, you may optionally record your emotional response to giving (for example: "joyful," "sacrificial," or "grateful") and a written personal reflection. This constitutes sensitive personal information under California law because it may reveal aspects of your religious beliefs and financial condition. We treat this data with the highest level of protection. It is never used for analytics, profiling, advertising, or shared with any third party for any reason other than storage on our secured infrastructure (Supabase). You may delete any reflection at any time from your account.
  • Giving Mode Selection: Your choice of whether to track giving in monetary terms or volunteer time. This preference is stored on your account and treated as sensitive personal information.
  • Uploaded Documents: If you use our PDF bank statement import feature, the document you upload is processed server-side solely to extract transaction data for your own use. Uploaded PDF files are not retained on our servers after processing is complete. We do not store, index, or share the contents of uploaded documents beyond the extracted transaction data you choose to import.
  • Goals and Notes: Financial goals, target amounts, and any notes or descriptions you attach to goals or transactions.
  • Communications: The content of any messages you send us through support channels or contact forms, including bug reports and feedback.

B. Information Collected Through Bank Account Connectivity (Stripe Financial Connections). If you voluntarily choose to connect a bank account through Stripe Financial Connections, the following data is collected and stored:

  • Bank Connection Reference: A Stripe Financial Connections account identifier that permits read-only retrieval of your transaction history. The secure connection to your bank is held by Stripe; we do not store bank access tokens or credentials, and we do not store your bank username, password, PIN, or security questions.
  • Bank Transaction History: Transaction dates, merchant names, amounts, and account identifiers retrieved from your connected institution. This data is stored on our infrastructure and associated with your account.
  • Account Identifiers: Non-sensitive account identifiers provided by Stripe to link synced data to your Kingdom Cents account. Full account numbers are never stored.

You may disconnect any linked bank account at any time from your account settings, which will unlink the account through Stripe and terminate future data retrieval. Previously synced transaction records will remain in your account until you delete them or delete your account.

C. Information Collected Automatically.

  • Log and Usage Data: IP address, browser type and version, operating system, referring URLs, pages and features accessed, timestamps, and session duration.
  • Device Information: Hardware model, operating system version, and browser-generated unique identifiers.
  • Cookies and Similar Technologies: See our Cookie Policy for full details.
  • Error and Crash Reports: Anonymized error traces, stack traces, and device metadata collected through Sentry to help us identify and fix bugs. No financial data, giving reflections, or personal account information is included in error reports.

D. Information from Third-Party Authentication Providers. If you authenticate via Google, we receive only your name and verified email address in accordance with your privacy settings with them. We do not receive your password. We do not request or access any other data from your Google account beyond what is necessary to create and maintain your Kingdom Cents account.

2. How We Use Your Information

We use the information we collect solely for the following purposes:

  • To create and maintain your account and provide you access to the Service;
  • To provide, operate, maintain, and improve the features and functionality of the Service, including budget tracking, giving analytics, goal management, financial projections, annual Wrapped summaries, and bank transaction synchronization;
  • To process AI-assisted transaction categorization through Anthropic's API using anonymized transaction descriptions only, and to screen posts you submit to the community (prayer requests, praise reports, and testimonies) for spam and safety before they are published (see Section 11);
  • To generate your annual giving summary and Wrapped report using your stored transaction history;
  • To process and respond to your support requests, inquiries, and feedback;
  • To send transactional and administrative communications, such as account confirmations, password reset emails, monthly summary emails, and security alerts;
  • To monitor, analyze, and understand usage patterns and trends at an aggregated, non-identifiable level in order to improve user experience and Service performance;
  • To detect, investigate, prevent, and address fraud, abuse, security incidents, and violations of these Terms;
  • To comply with our legal obligations, resolve disputes, and enforce our agreements; and
  • To protect the rights, safety, and property of Kingdom Cents, our users, and the public.

We do not use your financial data, giving reflections, or spiritual data for advertising, behavioral profiling, model training, or sale to third parties under any circumstances. We do not serve advertisements through the Service. Your giving reflection data is never used for any purpose other than displaying it back to you within the Service.

3. Sensitive Personal Information

Under the California Privacy Rights Act (CPRA), certain categories of personal information are classified as "sensitive personal information" and are entitled to heightened protection. The following categories of information that we collect constitute or may constitute sensitive personal information under the CPRA:

  • Financial Account Data: Bank account identifiers and transaction histories obtained through bank connectivity (Stripe Financial Connections).
  • Religious or Spiritual Data: Tithe and offering amounts, giving categories, and giving reflection content may reveal aspects of your religious beliefs and practices.
  • Giving Reflection and Emotional Data: Emotional tags and written reflections you record in connection with giving transactions.

We use sensitive personal information only for the following limited purposes expressly permitted by the CPRA: (a) performing the Service you requested; (b) ensuring the security of the Service; (c) complying with applicable legal obligations; and (d) short-term transient use within your session. We do not use sensitive personal information to infer characteristics about you, build consumer profiles, or for any purpose beyond delivery of the Service.

You have the right under the CPRA to direct us to limit our use of your sensitive personal information to the purposes listed above. Because we already comply with this limitation by policy, no separate opt-out mechanism is required. If you wish to confirm or exercise this right, contact support@kingdomcents.com.

4. Information Sharing and Disclosure

We do not sell, rent, license, trade, or otherwise disclose your personal information to third parties for their independent marketing, advertising, or commercial purposes. Period. We may share your information only in the following strictly limited circumstances:

Service Providers. We share information with carefully selected vendors that perform services on our behalf. These providers are: (a) given access only to the minimum information necessary for their specific function; (b) contractually prohibited from using your information for any purpose other than providing the contracted service; (c) required to maintain security measures at least as protective as those described in this Privacy Policy; and (d) prohibited from retaining, using, or disclosing your information after the termination of services. See Section 11 for the full list of service providers and what data each receives.

Legal Requirements. We may disclose your information if and to the extent required by applicable law, regulation, or valid legal process (including a subpoena, court order, or government request). Where legally permitted, we will notify you before complying with any such legal process.

Protection of Rights. We may disclose information where reasonably necessary, in good faith, to: (a) protect the rights, property, or safety of Kingdom Cents, our users, or the public; (b) enforce our Terms of Service; or (c) investigate or prevent fraud, abuse, or illegal activity.

Business Transfers. In connection with any merger, acquisition, asset sale, bankruptcy, or insolvency proceeding, your information may be transferred as part of such transaction. We will provide at least 30 days' advance notice by email of any such transfer and any material changes to this Privacy Policy that result from it. You will have the right to delete your account before any such transfer takes effect.

With Your Explicit Consent. We may share your information with third parties only when you have provided us with explicit, affirmative, informed consent for a specific identified purpose.

Giving Reflection Data. Your giving reflections are never shared with any third party under any circumstance, including legal process, to the maximum extent permitted by applicable law. We will assert all available legal protections, including any applicable privilege or spiritual privacy protection, before disclosing giving reflection data in response to legal process.

5. Data Retention

We retain your personal information for as long as your account remains active or as otherwise necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

Specific retention periods:

  • Transaction and financial data: Retained for the life of your account, then deleted within 30 calendar days of verified account deletion.
  • Giving reflections: Retained only for the life of your account. Deleted within 30 calendar days of account deletion. You may delete individual reflections at any time from within the Service.
  • Bank connection references (Stripe Financial Connections): Retained only while your bank account remains connected. Unlinked and deleted upon disconnection or account deletion.
  • Uploaded PDF documents: Deleted from our servers immediately upon completion of processing. Not retained in raw form beyond the processing session.
  • Error logs (Sentry): Retained for 90 days in anonymized form, then purged automatically.
  • Account information: Retained for 30 calendar days following verified account deletion, subject to legal retention obligations.

Upon verified account deletion, we will delete or permanently anonymize your personal information within thirty (30) calendar days, subject to the following exceptions: (i) information we are legally required to retain under applicable law; (ii) information retained in encrypted backup archives for up to 90 days following deletion; and (iii) information lawfully shared with third parties prior to deletion, which is subject to those parties' independent retention policies.

6. Data Security

We implement and maintain the following technical, administrative, and physical security controls designed to protect your personal information from unauthorized access, disclosure, alteration, use, and destruction:

  • Encryption of all data in transit using TLS 1.2 or higher (Transport Layer Security);
  • Encryption of sensitive data at rest, including bank access tokens encrypted with AES-256-GCM;
  • Password hashing using bcrypt with per-user salts;
  • Row-level security policies enforced at the database layer, ensuring each user can only access their own data;
  • Role-based access controls limiting employee and system access to minimum necessary data;
  • Multi-factor authentication requirements for administrative systems;
  • Regular security assessments, dependency audits, and penetration testing;
  • Automated anomaly detection and incident response monitoring; and
  • Third-party vendor security reviews prior to integration.

No method of electronic transmission or storage is one hundred percent (100%) secure. We cannot guarantee the absolute security of your information. In the event of a data breach that is reasonably likely to result in harm to you and that we are legally required to report, we will notify you in accordance with applicable law, including California Civil Code Section 1798.82 (the California data breach notification law), within the timeframes required by law and without unreasonable delay.

You are responsible for maintaining the secrecy of your account password. We encourage you to use a strong, unique password and to notify us immediately at support@kingdomcents.com if you believe your account has been compromised.

7. Your Rights and Choices

Access and Correction. You may access and update most of your account information at any time through the account settings section of the Service. For information not accessible through settings, contact support@kingdomcents.com.

Account Deletion and Data Erasure. You may request deletion of your account and associated personal data at any time through the account settings or by submitting a written request to support@kingdomcents.com. We will acknowledge your request within five (5) business days and complete the deletion within thirty (30) calendar days, subject to applicable legal retention requirements.

Data Portability. You may export your transaction data in CSV format directly from the Service at any time. Upon written request to support@kingdomcents.com, we will provide a comprehensive export of all personal information we hold about you in a machine-readable format within 30 calendar days.

Bank Account Disconnection. You may disconnect any linked bank account at any time from your account settings. Disconnection immediately unlinks the account through Stripe and terminates future data retrieval.

Giving Reflection Deletion. You may delete individual giving reflections at any time from within the Service. Deleted reflections are permanently removed and are not recoverable.

Marketing Communications. We do not send marketing or promotional emails. If this ever changes, any such communication will include a clear, conspicuous one-click unsubscribe mechanism.

Withdrawal of Consent. Where we process your information based on your consent, you may withdraw that consent at any time by contacting support@kingdomcents.com, without affecting the lawfulness of processing that occurred prior to withdrawal.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together, "CCPA/CPRA"):

  • Right to Know. You have the right to request disclosure of: (a) the categories of personal information we have collected about you; (b) the categories of sources from which it was collected; (c) the business or commercial purpose for collecting it; (d) the categories of third parties with whom we share it; and (e) the specific pieces of personal information we hold about you.
  • Right to Delete. You have the right to request deletion of personal information we have collected from you, subject to certain legal exceptions (such as information we are required by law to retain).
  • Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing. Kingdom Cents does not sell or share your personal information as those terms are defined under the CCPA/CPRA, and has not done so since our founding. We do not sell your data to data brokers, advertisers, or any third party for their commercial benefit. We do not engage in cross-context behavioral advertising. No opt-out is required because we do not engage in these practices. You may nonetheless submit a formal Do Not Sell or Share request to support@kingdomcents.com and we will confirm in writing within 15 calendar days.
  • Right to Limit Use of Sensitive Personal Information. We do not use sensitive personal information (including giving reflection data, bank account data, and spiritual/religious data) for any purpose beyond the limited, permitted purposes described in Section 3. You may direct us to further limit use by contacting support@kingdomcents.com.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your privacy rights.
  • Right to Opt-Out of Automated Decision-Making. Kingdom Cents uses AI (Anthropic) for two limited purposes: suggesting transaction categories, and screening posts you submit to the community for spam and safety before they are published. Categorization suggestions are not binding or automatically applied; you review and confirm or reject every one. Community moderation may hold a post for human review, and you may contact us to appeal any moderation outcome. No adverse legal or similarly significant decision is made about you based solely on automated processing.

How to Exercise California Rights. Submit a verifiable consumer request to support@kingdomcents.com with the subject line "CCPA Request" and include: (a) your full name; (b) the email address associated with your account; and (c) the specific right(s) you are exercising. We will verify your identity using information associated with your account before processing your request. We will respond within forty-five (45) calendar days of receiving a verifiable request. If we require additional time (up to an additional 45 days), we will notify you within the initial 45-day period. You may designate an authorized agent to submit requests on your behalf; such agent must provide proof of authorization.

Shine the Light (Cal. Civ. Code Section 1798.83). California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. Kingdom Cents does not disclose personal information to third parties for their direct marketing purposes and has not done so in the preceding calendar year. No response is required, but you may confirm by emailing support@kingdomcents.com.

9. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of their personal information under Nevada Revised Statutes Chapter 603A. Kingdom Cents does not sell personal information as defined under Nevada law. Nonetheless, Nevada residents may submit a confirmed opt-out request to support@kingdomcents.com and we will confirm receipt and non-sale practice in writing.

10. Minors: Users Under 18

The Service is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from any person under the age of 18. If we become aware that a user under 18 has created an account or provided us with personal information, we will immediately terminate the account and delete all associated personal information from our systems.

If you are a parent or legal guardian and believe that your child under 18 has registered for or used the Service, contact us immediately at support@kingdomcents.com. We will investigate and, upon confirmation, promptly terminate the account and delete all associated information without unreasonable delay.

11. Third-Party Service Providers

The Service relies on the following third-party service providers. We share only the minimum data necessary for each service to function. Each provider is bound by a data processing agreement and is prohibited from using your data for their own independent commercial purposes.

  • Supabase (Supabase Inc.) - Database, authentication, file storage, and real-time infrastructure. Stores your account credentials, financial data, giving reflections, goals, and application state. Data is stored in U.S.-based infrastructure. Privacy policy: supabase.com/privacy
  • Stripe (Stripe, Inc.) - Subscription billing and payment processing. When you subscribe to a paid plan, Stripe handles your payment card data directly through its secure, PCI-DSS compliant infrastructure. We never receive, store, or transmit your full card number or CVV. Privacy policy: stripe.com/privacy
  • Stripe — Financial Connections (Stripe Payments Company / Stripe, Inc.) - Read-only bank account connectivity and transaction retrieval. When you choose to connect a bank account, Stripe securely facilitates the connection with your financial institution and provides us with read-only access to your transactions and balances. Your bank credentials are never stored by Kingdom Cents. Stripe does not sell your financial account data or use it for advertising; Stripe may process it to provide, secure, and improve its services as described in its privacy policy. Privacy policy: stripe.com/privacy
  • Anthropic (Anthropic, PBC) - AI-powered transaction categorization suggestions and community-content moderation. When you import or enter transactions, anonymized transaction description text (for example: "WHOLE FOODS #123") is sent to Anthropic's API to generate a suggested budget category. No account-identifying information, amounts, giving reflection data, or personal identifiers are transmitted to Anthropic. Suggested categories are presented to you for review; they are not automatically applied. Separately, when you submit a post to the community (a prayer request, praise report, or testimony), the text of that post is sent to Anthropic's API to screen it for spam and safety before it is published; only the post content you chose to share is sent, never your financial data. Anthropic's current API terms prohibit training on customer API inputs. Privacy policy: anthropic.com/privacy
  • Resend (Resend Inc.) - Transactional email delivery. Your email address and first name are transmitted to Resend to deliver account confirmation, password reset, monthly summary, and security notification emails. No financial data or giving reflections are transmitted to Resend. Privacy policy: resend.com/legal/privacy-policy
  • Sentry (Functional Software, Inc.) - Error monitoring and crash reporting. Collects anonymized error traces, browser and device type, and limited request metadata to help us identify and resolve bugs. Financial data, giving reflections, and personal account information are explicitly excluded from Sentry error payloads. Privacy policy: sentry.io/privacy
  • Cloudflare (Cloudflare, Inc.) - Bot protection (Turnstile CAPTCHA) on login, registration, and password reset flows. Processes IP address and browser signals to distinguish humans from automated bots. Also provides DDoS mitigation and content delivery. Privacy policy: cloudflare.com/privacypolicy
  • Google (Google LLC) - Optional OAuth single sign-on authentication. If you sign in with Google, we receive only your verified name and email address. We do not receive your password, contacts, calendar, or any other data from your Google account. Privacy policy: policies.google.com/privacy

This Privacy Policy does not govern information collected by third parties through your direct interaction with their services. Kingdom Cents is not responsible for the privacy practices of any third party. Links to third-party privacy policies are provided for your convenience.

12. International Users

The Service is operated and managed from the United States and is designed for users located within the United States. We do not actively target or market to users outside the United States. If you are located outside the United States, please be aware that information we collect about you will be transferred to, processed in, and stored in the United States, where data protection laws may differ from those in your country of residence. By using the Service, you expressly consent to such transfer, processing, and storage.

13. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will: (a) post the updated Privacy Policy on this page with an updated "Effective Date"; and (b) for material changes affecting how we use your data, provide email notification to the address associated with your account at least fourteen (14) days before the change becomes effective.

Your continued use of the Service after the effective date of any modification constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must discontinue use of the Service and may request deletion of your account as described in Section 7.

Contact Us. For all questions, concerns, or requests regarding this Privacy Policy or our data practices: Lattice Forge LLC · San Diego, California · support@kingdomcents.com

Do Not Sell Requests: support@kingdomcents.com (subject line: "CCPA Request")

Security Issues: support@kingdomcents.com

Terms of ServiceCookie Policysupport@kingdomcents.com

2026 Kingdom Cents. All rights reserved.