Last updated: October 28, 2025 PRIVACY POLICY

Your Privacy,
Our Commitment

At Thrive Finance, we understand that financial data is deeply personal. This policy explains how we protect, use, and respect your information with military-grade security and complete transparency.

Where Your Data Lives

Local-first architecture — your case file never leaves your device

Thrive Financial uses a two-tier storage model. The vast majority of your sensitive information — every document, transaction, and case detail — is stored exclusively on your device. Only a minimal set of account and platform data is held remotely.

Stored Remotely

Held in Firebase / our cloud infrastructure solely to manage your account and subscription.

  • First and last name
  • Email address
  • Subscription tier and billing status
  • AI credit usage counters
  • Account role and access permissions
  • Support and communication records
Stored Locally

Held in your browser's IndexedDB. This data never leaves your device unless you explicitly export it.

  • Financial statements and documents
  • Tax returns and affidavits
  • Assets, debts, and income records
  • Fraud investigation reports
  • Settlement proposals and worksheets
  • Discovery requests and responses
  • Audit logs and case history
  • All exported .thrive case files

When you use AI-powered document parsing, selected document text or file content may be transmitted to Google Gemini directly from the browser or through our secure AI proxy solely to generate analysis results. Raw case documents are not stored in a hosted Thrive case database — parsed output is written back to your local device. AI transmissions are encrypted in transit.

Information We Collect

The limited account and platform data we hold remotely is collected to operate and improve the service:

  • Account Identity: First name, last name, and email address provided during registration or early-access sign-up.
  • Subscription & Billing: Your active plan tier, billing status, and Stripe payment references (we never store full card numbers).
  • AI Usage Counters: The number of AI credits consumed per billing period, used solely to enforce plan limits and top-up balances.
  • Platform Usage Signals: Aggregate feature-interaction data (e.g., which modules are used most) to guide product improvements — never raw case content.
  • Technical & Security Logs: Authentication events, IP addresses, and device metadata used to detect and prevent unauthorized access.
  • Support Communications: Messages or emails you send to our team, retained for support resolution and quality assurance.

Your case file data — documents, assets, analysis results, reports — is never part of what we collect remotely. It remains on your device.

How We Use Your Information

Your information powers every secure workflow inside Thrive Financial:

  • AI Analysis: Advanced models process your financial data to surface assets, anomalies, and actionable insights.
  • Service Delivery: Tailored financial intelligence reports and recommendations drive your case strategy.
  • Platform Improvement: Aggregated usage trends inform user experience upgrades—never raw documents.
  • Communication: Critical alerts, security notices, and support responses reach you without delay.
  • Compliance: Audit-ready records ensure we satisfy regulatory and professional obligations.

Data Protection & Security

We deploy enterprise safeguards that meet—and exceed—industry standards:

  • End-to-End Encryption: AES-256 encryption protects data in transit and at rest.
  • Zero-Knowledge Architecture: Internal teams cannot access your raw financial documents.
  • Secure Infrastructure: Hosted within SOC 2 Type II facilities with 24/7 security monitoring.
  • Access Controls: Enforced multi-factor authentication and granular role permissions.
  • Regular Audits: Quarterly third-party penetration testing and compliance reviews.

Information Sharing

We never sell your data. Limited sharing happens only when essential:

  • Service Providers: Vetted partners who power secure hosting, analytics, and support.
  • Legal Compliance: Required disclosures to satisfy lawful requests or protect rights.
  • Business Transitions: Successor entities must honor this policy during mergers or acquisitions.
  • User Consent: Explicit authorization you provide for designated third parties.
  • Emergency Situations: Actions that prevent fraud or imminent harm.

Your Privacy Rights

You remain in control of your personal information at all times:

  • Access: Request a complete export of the personal data we maintain.
  • Correction: Update or amend inaccurate account information.
  • Deletion: Ask us to remove your account and purge associated data (subject to legal holds).
  • Portability: Receive machine-readable copies of your data for reuse elsewhere.
  • Preferences: Opt out of marketing or restrict processing in specific scenarios.

Data Retention

Retention schedules differ depending on where data is held:

  • Remote Account Data: Your name, email, subscription status, and usage counters are retained while your account is active and purged within 30 days of confirmed account deletion.
  • Local Case Data: Documents, assets, reports, and all case content live exclusively in your browser's IndexedDB. You control this data entirely — clearing your browser data or using the in-app "Reset Case" action permanently removes it from your device.
  • AI Transmission Logs: Text or file content sent to Google Gemini or our AI proxy for parsing is used to return analysis results. Thrive does not retain a hosted case-document database, but third-party AI provider processing is governed by the provider terms and configuration in effect for the AI service.
  • Support Records: Support tickets and communication logs are preserved for 36 months for quality and compliance purposes.
  • Regulatory Obligations: Billing and payment records may be retained longer to satisfy statutory or financial compliance requirements.

Updates to This Policy

When our practices change, you stay informed:

  • Notification: Significant revisions are shared via email and in-product alerts.
  • Review Window: Material updates include a 30-day review period before enforcement.
  • Version History: Past policy versions remain available upon request for reference.
  • Ongoing Consent: Continued platform use confirms acceptance of updated terms.
  • Direct Support: Contact our privacy team with questions about any change.