Executive Summary
Someday Forensic Finance collects financial data via Plaid solely for the
purpose of personal financial analysis.
Data is processed via Gemini Ultra on a non-training basis and is not sold to third parties.
01 — Introduction
Welcome to Someday ("we," "our," or "us"). We are committed to protecting your privacy and being
transparent about how we collect, use, and protect your information.
This Privacy Policy explains how we handle your data when you use our forensic financial auditing
application.
02 — Information We Collect
Account Information
When you sign up via Google OAuth, we collect:
- Email address
- Display name
- Profile picture URL
- Unique user ID
Financial Data via Plaid
When you connect a bank account through Plaid, we access:
- Transaction history (merchant, amount, date, category)
- Account balances (current and available)
- Institution name and account type
Your bank credentials are never transmitted to or stored by Someday.
All authentication is handled directly by Plaid using 256-bit encryption.
Access tokens are stored server-side in Firestore and are never exposed to the client.
User-Provided Data
- Portfolio allocations and budget information
- Financial goals and risk profile
- Chat messages with the Someday AI
- CSV transaction imports
Automatically Collected Data
- Login timestamps
- Feature usage analytics
- Error logs (for reliability improvements)
03 — How We Use Your Information
- Provide the Service — Analyze your financial data and generate
insights via the Shadow Ledger, Internal VIX, and AI commentary
- Personalize — Remember your preferences, risk profile, and financial
goals
- Improve — Understand feature usage to enhance the application
- Secure — Detect and prevent fraud or abuse
04 — How We Protect Your Data
- Encryption — All data is encrypted in transit (HTTPS/TLS) and at rest
- Firebase Security — Enterprise-grade infrastructure via Google Cloud
- Access Control — Only you can access your financial data via
authenticated sessions
- No Data Sales — We will never sell your data to third parties
- Minimal Collection — We only collect what's necessary to provide the
service
- Non-Training AI — Financial data processed via Gemini is not used for
model training
05 — Third-Party Services
| Service |
Purpose |
Data Shared |
| Plaid |
Bank account connection |
Financial transactions, balances |
| Google Firebase |
Auth, database, hosting |
Email, name, UID, encrypted tokens |
| Google Gemini AI |
Financial analysis |
Transaction data, chat messages |
| ElevenLabs |
Voice synthesis |
Text for speech generation |
| Alpha Vantage / FMP |
Market data |
Ticker symbols you search |
Review:
Plaid Privacy ·
Google Privacy ·
ElevenLabs Privacy ·
Alpha Vantage Privacy
06 — Your Rights
- Access — Request a copy of your data
- Delete — Request deletion of your account and all data
- Export — Download your data in a portable format
- Correct — Update inaccurate information
- Disconnect — Revoke bank access at any time via the Dashboard
To exercise these rights, email: somedayfiapp@gmail.com
07 — Data Retention
- Active Accounts — Data retained as long as your account is active
- Deleted Accounts — Permanently deleted within 30 days of account
deletion
- Backups — Backup copies deleted within 90 days
08 — Plaid Data Practices
When you connect your bank account via Plaid:
- A temporary public token is exchanged for a secure access token via an encrypted server-side
handshake
- Access tokens are stored exclusively in Firestore with server-side security rules — never exposed to
the browser
- You can disconnect your bank at any time, which immediately revokes the access token and deletes all
cached data
- Plaid is SOC 2 Type II compliant and processes data under AES-256 encryption
09 — Regulatory Compliance
GDPR (EU Users)
- Right to data portability
- Right to restrict or object to processing
- Right to lodge a complaint with a supervisory authority
CCPA (California Residents)
- Right to know what personal information is collected
- Right to know whether data is sold or disclosed (we do not sell data)
- Right to request deletion of personal information
10 — Children's Privacy
Someday is not intended for users under 18. We do not knowingly collect data from children. If you
believe a child has provided us with data, contact us immediately.
11 — Changes to This Policy
We may update this Privacy Policy. Significant changes will be communicated via email notification,
in-app banner, or an updated "Last Updated" date.
Continued use after changes constitutes acceptance.