Privacy Policy
1. Who we are
KASSIA is operated by Dolomitica Ltd, a company registered in England and Wales (company number 11844886), registered office: Flat 93 Biddulph Mansions, London, England, W9 1HU ("we", "us").
Dolomitica Ltd is the data controller for personal data processed through KASSIA.
Contact for privacy matters: privacy@meetkassia.com
2. What KASSIA does
KASSIA is an AI financial organiser for couples. You and, optionally, one other member of your household create a shared space to record income, spending, savings goals and assets, and to ask questions about them through an AI assistant.
3. Data we collect
Account data: email address, name, and authentication credentials.
Household financial data you enter: income lines, spending items, savings goals, asset records and their values, household name and membership. We only hold the financial information you choose to enter. KASSIA does not connect to your bank accounts.
Subscription and payment data: subscriptions are processed by Stripe. Your card details are entered directly into Stripe's systems and never reach our servers. We store only your subscription status, plan, and billing period dates.
Technical data: essential cookies and browser local storage used to keep you signed in and to cache your subscription status; basic server and security logs.
AI assistant data: when you use "Ask Kassia", the text of your question and the relevant household data needed to answer it are sent to our AI provider (see section 6) to generate a response.
4. Why we process your data (lawful bases)
- To provide the service (Article 6(1)(b) UK/EU GDPR — performance of a contract): operating your account, storing and displaying your household data, processing subscriptions, answering Ask Kassia queries.
- Legitimate interests (Article 6(1)(f)): securing the service, preventing abuse, fixing defects, and improving the product. We do not sell your data and we do not use your household financial data for advertising.
- Legal obligations (Article 6(1)(c)): tax, accounting and consumer law record-keeping.
- Consent (Article 6(1)(a)): only where we ask for it explicitly (for example, optional product emails). You can withdraw consent at any time.
5. Sharing within your household
KASSIA is built for couples. Financial data you enter into a household is visible to the other member of that household. Only join or invite a household member you are comfortable sharing this information with. If you leave a household, data you contributed to the shared household may remain visible to the remaining member; contact us if you need help separating data.
If we introduce features that let you share a view of your dashboard with people outside your household, sharing will only ever happen on your explicit action, and this policy will be updated to describe it.
6. Our service providers (sub-processors)
We use a small number of providers to run KASSIA. Each processes data only on our instructions:
- Supabase — database and authentication. Your data is stored in the EU (Frankfurt, Germany).
- Stripe — payment processing (Stripe acts as an independent controller for some payment data under its own privacy policy).
- Cloudflare — website hosting, content delivery and security.
- Anthropic — processes Ask Kassia conversations to generate responses. Conversations sent to the AI provider are not used by us to train AI models.
7. International transfers
Your household data is stored in the EU. Some providers (Stripe, Cloudflare, our AI provider) may process limited data in the United States or other countries; where they do, transfers are protected by recognised safeguards such as the EU/UK adequacy decisions, the EU–US Data Privacy Framework, or Standard Contractual Clauses.
8. Retention
We keep your data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except where we must retain records longer for legal, tax or accounting reasons (typically up to 6 years for billing records). Backup copies are purged on a rolling basis.
9. Your rights
Under UK and EU GDPR you have the right to: access your data; correct it; delete it; restrict or object to processing; data portability; and withdraw consent where processing is based on consent. To exercise any right, email privacy@meetkassia.com.
You also have the right to complain to a supervisory authority: in the UK, the Information Commissioner's Office (ico.org.uk); in the EU, your local data protection authority (in Austria, the Datenschutzbehörde, dsb.gv.at).
10. Security
Data is encrypted in transit (TLS) and at rest. Access to household data is restricted by row-level security so that only members of your household can read it. No method of storage is 100% secure, but we take protecting your financial information seriously and review our safeguards regularly.
11. Children
KASSIA is for adults. You must be at least 18 to create an account. We do not knowingly collect data from anyone under 18.
12. Changes to this policy
If we make material changes, we will notify you by email or an in-app notice before they take effect. The "Last updated" date at the top shows the current version.