← Back

Privacy Policy

Last updated: March 7, 2026

1. Who We Are

Grounded is operated by Grounded Money Admin. For any privacy questions or data requests, contact us at support@harryzhu.com.

2. Information We Collect

Account Information

When you sign in with Google, we receive your email address, display name, and profile photo URL from Google OAuth. We store your email and first name in our database.

Onboarding Data

During onboarding, you provide financial context including age range, employment status, income range, savings, debt information, financial goals, and personal reflections. All responses are optional and can be updated at any time.

Chat Messages

Your conversations with the AI are stored so you can access chat history. Messages can be archived or permanently deleted at any time through the chat interface.

Transaction Data

All plans allow CSV transaction uploads (limits vary by tier). If you upload CSV transaction files, the data is processed by AI to categorize spending patterns. Normalized transactions (date, description, amount, category) are stored in our database. You can request deletion of this data at any time.

3. How We Use Your Information

  • Personalization: Your onboarding data and transaction history are included in the AI system prompt so Claude can provide relevant, contextual responses.
  • Health Score: We compute a financial health score (0–100) from your onboarding responses using a deterministic algorithm. No AI is involved in scoring.
  • Usage Tracking: We track message counts on your profile to enforce tier-based limits. This data is not shared.
  • Service Improvement: Aggregated, anonymized usage patterns may be used to improve the product.

4. Third-Party Services

  • Supabase: Authentication, database, and row-level security. Your data is stored in Supabase-managed PostgreSQL.
  • Anthropic (Claude): AI chat responses and transaction normalization. Your onboarding context and messages are sent to Anthropic’s API for processing. See Anthropic’s Privacy Policy.
  • Voyage AI: Transaction embedding and similarity search. When you upload transaction files, the data is sent to Voyage AI’s API to generate vector embeddings for contextual retrieval during chat. See Voyage AI’s Privacy Policy.
  • Google OAuth: Authentication only. We do not access your Google data beyond basic profile information.
  • Stripe: Payment processing for paid subscriptions. We do not store your payment card details. See Stripe’s Privacy Policy.

5. Data Security

All data is protected by Supabase Row-Level Security (RLS), meaning each user can only access their own data. API routes verify authentication before processing requests. Data is transmitted over HTTPS.

While we implement reasonable security measures, no system is 100% secure. Do not share highly sensitive information (full account numbers, SSNs, passwords) through the chat.

6. Beta Program & Administrator Access

Grounded is currently in a beta testing phase. During the beta period, designated Grounded administrators may access your personal data — including your financial profile, chat conversations, uploaded transaction data, goals, mood check-ins, and usage information — for the following purposes:

  • Providing customer support and troubleshooting issues
  • Debugging and improving the Service
  • Monitoring for abuse or misuse
  • Ensuring the quality and safety of AI responses

Administrator access is not logged on a per-query basis during beta. We are working toward implementing audit logging for future releases.

You acknowledged this access when you accepted the Beta Program Notice during onboarding. If you wish to revoke this consent, you may request account deletion by contacting support@harryzhu.com.

7. Children’s Privacy & Minor Protection

Grounded takes the safety of minors seriously.

Users must be at least 13 years old. Users between 13 and 17 must have parental or guardian consent to use the Service. If we learn that a child under 13 has created an account, we will delete the account and all associated data immediately.

Parental Oversight

We strongly encourage parents and guardians to actively monitor their teen’s use of Grounded, including reviewing chat conversations. While Grounded’s AI is designed to be warm, supportive, and focused on financial topics, AI systems can occasionally produce unexpected responses.

Recommendations for parents:

  • Review your teen’s chat history regularly — it’s accessible through the chat interface
  • Have open conversations about what topics they’re discussing with the AI
  • Set ground rules about what kind of personal financial information to share
  • Contact us immediately at support@harryzhu.com if you have any concerns about content your child has encountered

Upcoming: Parent–Teen Connected Accounts

We are actively developing a parent–teen account linking feature that will include:

  • Silent alerts: Parent accounts will receive automatic notifications when the AI detects potentially concerning topics or patterns in their teen’s conversations
  • Chat review: Parents will be able to review their teen’s conversation history from their own account
  • Usage visibility: Parents will see how often and when their teen is using the Service
  • Spending review: If the teen uploads transactions, parents will be able to view categorized spending summaries

Until these features launch, we rely on parents to provide direct oversight. We will notify existing users when connected accounts become available.

8. Data Retention & Deletion

  • Chat messages: Retained until you archive or delete them. Archived messages can be permanently deleted from the chat menu.
  • Onboarding data: Retained while your account is active. Updated when you re-take the questionnaire.
  • Transaction data: Retained until you request deletion.
  • Account deletion: Contact support@harryzhu.com to request full account and data deletion. Self-service deletion is coming soon.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (export your data)

To exercise any of these rights, email support@harryzhu.com. We will respond within 30 days.

10. Cookies & Local Storage

We use cookies solely for authentication session management (Supabase auth tokens). We do not use tracking cookies, analytics cookies, or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email on your account. Continued use after updates constitutes acceptance.

12. Contact

For privacy questions, data requests, or concerns about minor safety:

Grounded Money Admin
support@harryzhu.com

© 2026 Grounded Money Admin

Terms of Service