CF

COFI

Personal finance by currency

Sign inCreate account

Legal center

Privacy policy

How COFI collects, uses, stores, and discloses account, finance, session, and operational data.

These documents are a production-ready baseline for the current application flow and should still be reviewed by counsel before a final public launch.

April 23, 2026

These documents are a production-ready baseline for the current application flow and should still be reviewed by counsel before a final public launch.

1. Data categories

COFI may process account identifiers such as email, authentication metadata, active-session details, language preference, and selected base currency.

The product may also process finance records entered by users, including amounts, currencies, categories, payment methods, notes, timestamps, and uploaded receipt images where enabled.

If AI-assisted features are enabled, COFI may also process prompts, uploaded materials, and limited account or record context needed to generate requested responses, classifications, or summaries.

2. Why the data is used

Data is used to authenticate users, render dashboards and records, save preferences, support password recovery, protect the service, and maintain operational integrity.

Limited technical and audit data may also be used to investigate abuse, diagnose incidents, and verify privileged actions.

Where AI-assisted features exist, related inputs and outputs may also be processed to deliver the requested feature, monitor misuse, and improve reliability and safety.

Data submitted to AI-assisted features should not be used for model training or product improvement unless the operator clearly discloses that practice and satisfies any consent or legal basis required by applicable law.

3. Sharing and disclosure

Data may be made available to service operators, infrastructure providers, and authorized administrators who require access to run, secure, or review the platform.

Information may also be disclosed when reasonably necessary to comply with law, enforce platform rules, or investigate security incidents.

If AI-assisted features depend on specialized subprocessors or model providers, relevant inputs and outputs may be shared with those providers under the operator's technical, contractual, and security controls.

4. Storage and protection

COFI stores operational and user-submitted data in the systems that support authentication, application state, logs, and backups.

Retention depends on the active account lifecycle, security needs, legal obligations, and the document described in the data-retention policy.

5. User controls

Users can already manage certain preferences and records directly inside the application.

Before a public commercial launch, the operator should publish a contact channel or workflow for privacy requests, including access, correction, deletion, and jurisdiction-specific rights.

6. Policy updates

If the product adds new integrations, analytics tools, support channels, or data processors, this policy should be updated accordingly.

The latest published version supersedes earlier drafts.