Privacy Policy

Effective date: December 17, 2025

This Privacy Policy describes how Diablo Finance ("Diablo Finance," "we," "us," or "our") collects, uses, and shares information when you use our services at finance.diablo.systems (the "Service").

We're privacy-first: we do not sell your personal information, and we do not share member financial data with third parties for advertising. We only share data as described below (for example, with vendors that help us run the Service, like Plaid and Twilio), or when you ask us to.

If you have questions, contact us at jonas@diablo.systems.

Summary (plain English)

• We help you connect financial accounts via Plaid, then an AI agent uses your financial data to provide insights and help automate tasks you request.
• We collect information you provide, information from Plaid (like transactions and balances), and basic technical logs needed to run the Service.
• We share information with service providers (for example, Plaid, Twilio, infrastructure providers) to operate the Service.
• We use third-party AI providers (including OpenAI and Anthropic) to process some information for AI features, and they may use data sent to them for training.
• You can disconnect Plaid and request deletion of your account data.

Information we collect

Information you provide

• Account information: identifiers you provide to create and manage your account (for example, email).
• User content: messages you send to the AI agent, instructions, goals, preferences, and any information you provide through the Service or support.
• Communications: emails or messages you send us and our responses.

Information we receive from Plaid (financial account data)

If you choose to link accounts through Plaid, we receive financial data such as:

• Account data: account name/type, institution, and account masks (we do not receive full account numbers).
• Balances.
• Transactions (including merchant and transaction details Plaid provides).
• Investment data (such as holdings and related information, if you connect investment accounts).

Plaid's collection and use of your data is governed by Plaid's own policies and your settings with Plaid and your financial institution.

Information collected automatically (technical data)

• Device and usage data: IP address, browser/device information, pages/events, and timestamps.
• Logs and diagnostics: to maintain security, debug issues, and prevent abuse.
• Cookies / similar technologies: we use essential cookies required for core site functionality. We do not use advertising cookies.

How we use information

We use information to:

• Provide the Service, including connecting accounts, displaying your data, and generating insights.
• Power AI features, including analysis and recommendations based on your data and instructions.
• Perform automations you request (for example, workflows and actions initiated through the Service).
• Maintain safety and security, prevent fraud/abuse, and protect users and our systems.
• Improve the Service, including reviewing outputs and interactions to evaluate and improve product quality.
• Communicate with you, including service-related messages and support.

AI processing, human review, and automation

AI providers

We use third-party AI model providers (including OpenAI and Anthropic) to support certain AI features. Information sent to these providers may include user content (such as prompts) and, depending on the feature, relevant financial data needed to produce an answer.

Important: These providers may use data we send them for training or improving their services. If you do not want your information processed by third-party AI providers under these terms, you should not use AI features.

Human review

To improve product quality and safety, some AI interactions and outputs may be reviewed by humans (for example, to diagnose errors, evaluate responses, and improve the Service). Access is limited to authorized personnel.

Automations

The Service may help you automate tasks based on your instructions. You are responsible for reviewing and confirming actions where required, and for ensuring any information you provide is accurate.

How we share information

We do not sell personal information. We share information only as follows:

Service providers and vendors

We share information with vendors that help us operate the Service, such as:

• Plaid (to connect and refresh your linked financial account data).
• Twilio (to send SMS or related communications, if you enable them).
• Other vendors that provide hosting, storage, monitoring, customer support, and similar services.

These vendors are permitted to process information only to provide services to us (subject to their terms and any contracts we have with them).

With your direction or consent

We may share information when you ask us to—such as exporting data or sharing information with a third party you choose.

Legal, safety, and business transfers

We may share information if we believe it's necessary to:

• comply with law, regulation, subpoena, or lawful request;
• protect rights, safety, and security of the Service, users, or the public; or
• in connection with a merger, acquisition, financing, reorganization, or sale of assets (in which case we will require the recipient to honor this Policy for previously collected information).

Joint accounts and information about others

If you connect a joint account (or an account that includes information about another person), you represent that you have the authority to share that data with us and to allow us to process it as described in this Policy.

Data retention

We keep information for as long as needed to provide the Service and for legitimate business purposes such as security, dispute resolution, and legal compliance.

• Connected account data: you can disconnect Plaid at any time.
• Deletion: you can request deletion of your account data. After deletion, we will delete or de-identify information in our systems, except where we must retain certain information for legal, security, or operational reasons (for example, fraud prevention logs) and in backups for a limited time.

Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. Sensitive data is encrypted at rest, and we use encryption in transit where appropriate. No system is 100% secure, and we can't guarantee absolute security.

Your choices and controls

You can:

• Disconnect Plaid through the Service.
• Request deletion of your account data by emailing jonas@diablo.systems.
• Opt out of non-essential communications (for example, marketing, if applicable) using instructions in those messages.

Rights and regional disclosures (US and Canada)

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to withdraw consent for certain processing. To make a request, email jonas@diablo.systems. We may need to verify your identity before responding.

We do not share personal information for cross-context behavioral advertising and do not sell personal information.

Children

The Service is intended for people 18 and older. We do not knowingly collect personal information from children.

Changes to this policy

We may update this Policy from time to time. We will update the "Effective date" above, and may provide additional notice for material changes.

Contact

Email: jonas@diablo.systems