🔒 Privacy Policy

Last updated: February 15, 2026

GiGi Money ("we", "us", "our") respects your privacy and is committed to protecting your personal information. This privacy policy explains how we collect, use, and protect information when you use our app.

1. Who are we?

GiGi Money is a personal financial coach app developed by:

The Bair Company BV
Business Number: 1034232509
Address: Tiensesteenweg 54A, 3380 Glabbeek, Belgium
Email: [email protected]

2. What data do we collect?

2.1 Data you provide to us

Account data: Email address, name (optional), profile photo (optional)
Financial data: Income, expenses, savings goals, and other financial information you enter to use the app
Payment data: When you subscribe to a premium plan, payment data is processed by Stripe. We do not store credit card numbers.
Communication: Messages you send to GiGi (our AI coach) and support requests
Notification preferences: Your push notification settings, preferred time and day for reminders, and device information for delivering notifications

2.2 Automatically collected data

Usage data: How you use the app, which features you visit, and error messages
Device data: Device type, operating system, app version
Analytical data: Anonymized statistics to improve the app

3. How do we use your data?

We use your data for:

Delivering and personalizing our services
Processing payments and managing subscriptions
Sending important account notifications
Improving our app and developing new features
Responding to support requests
Sending optional newsletters (only with your consent)

3.1 Internal analysis and product improvement

To improve our service delivery and better assist you, we analyze anonymized and aggregated data about user behavior. This includes:

Financial profiles: Aggregated insights into income ranges, spending patterns, savings behavior and wealth building of our user groups (not individually identifiable)
User segmentation: Categorizing users to offer relevant features and tips
Product analysis: Understanding which features are most valuable for different user types
AI training: Improving GiGi's advice based on aggregated patterns

      🔒 Safeguard: In these analyses, data is always pseudonymized or anonymized. Individual users are not identifiable in our analyses. We NEVER sell this data to third parties.
    

3.2 Legal basis for processing (Art. 6 GDPR)

We process your data based on the following legal grounds:

Performance of contract (Art. 6.1.b): Delivering the GiGi Money service, payment processing, account management, and AI coaching
Legitimate interest (Art. 6.1.f): Product improvement, security, fraud prevention, and anonymized analyses
Consent (Art. 6.1.a): Newsletters, optional analytics, and marketing communications
Legal obligation (Art. 6.1.c): Retention of payment data in accordance with accounting regulations

3.3 Push Notifications and Email Communication

3.3.1 Push Notifications

When you enable push notifications, we process:

Your push subscription endpoint (technical address for delivering notifications)
Your preferred time and day for reminders
Your device type and browser (for compatibility)

      Legal basis: Consent (Art. 6.1.a GDPR). You can withdraw your consent at any time via the app settings. After withdrawal, we will delete your push subscription data.
    

3.3.2 Email Communication

We send the following types of emails:

Transactional emails: Payment confirmations, invoices, account changes, and security notifications. Legal basis: performance of contract (Art. 6.1.b GDPR)
Service emails: Important service updates and policy changes. Legal basis: legitimate interest (Art. 6.1.f GDPR)
Marketing emails: Newsletters, tips, and recommendations. Legal basis: consent (Art. 6.1.a GDPR)

You can unsubscribe from marketing emails at any time via the unsubscribe link in each email.

4. Who do we share your data with?

We share your data only with:

4.1 Service providers

Supabase: Database and authentication (EU servers)
Stripe: Payment processing (PCI-DSS certified)
Resend: Email delivery
Anthropic (Claude): AI features (GiGi buddy). Your conversations with GiGi are processed by Anthropic via their Claude API to deliver the service. Anthropic does not use this data to train their models. See Anthropic's privacy policy for more information.

4.2 Legal requirements

We may share data if required by law or to protect our rights.

⚠️ Important: We NEVER sell your personal data to third parties.

4.3 Data processing agreements

With all our service providers (sub-processors), we have concluded data processing agreements in accordance with Article 28 GDPR, which detail technical and organizational security measures.

5. How long do we retain your data?

Account data: As long as your account is active, plus 30 days after deletion
Financial data: As long as your account is active
Payment history: 7 years (legal requirement)
GiGi conversations: 90 days, unless you delete them earlier

6. Your rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

Right of access: You can request what data we have about you
Right to rectification: You can request correction of inaccurate data
Right to erasure: You can request deletion of your data
Right to restrict processing: You can limit the processing of your data
Right to data portability: You can export your data in a common format
Right to object: You can object to certain processing activities

To exercise any of these rights, contact us at [email protected].

7. Security

We take the security of your data seriously:

All data is transmitted encrypted (HTTPS/TLS)
Data is stored on secure EU servers
Access to data is restricted to authorized personnel
Regular security audits and updates

8. Cookies and local storage

Our app uses:

Strictly necessary cookies: For authentication, session management, and app functionality. These cookies are essential and cannot be disabled.
Local storage: For offline functionality, language preference, and app settings. This data never leaves your device.
Analytical cookies: Anonymized usage statistics to improve the app. You can refuse these on first use.

We use no tracking cookies for advertising or remarketing. We do not share cookie data with third parties for marketing purposes.

      Cookie management: You can change your cookie preferences at any time via app settings. Deleting essential cookies may affect app functionality.
    

9. Minors

GiGi Money is not intended for persons under 16 years of age. We do not knowingly collect data from minors. If you are a parent or guardian and discover that your child has provided data, please contact us.

10. International transfer

Your data is primarily processed within the European Economic Area (EEA). If data is processed outside the EEA (e.g., for AI features), we ensure appropriate safeguards in accordance with GDPR.

10a. Data breaches

In case of a security breach of personal data (data breach):

We will notify the competent supervisory authority (Data Protection Authority) within 72 hours in accordance with Article 33 GDPR
We will inform affected users without undue delay when the data breach poses a high risk to their rights and freedoms (Article 34 GDPR)
We will document all data breaches in an internal register, including the facts, consequences, and corrective measures taken

11. Changes to this policy

We may update this privacy policy periodically. For significant changes, we will notify you via the app or email. The "last updated" date above indicates the most recent version.

12. Contact

Do you have questions about this privacy policy or want to exercise one of your rights?

Email: [email protected]

Response time: We respond to requests within 30 days.

If you are not satisfied with our response, you have the right to file a complaint with the supervisory authority in your country:

Belgium: Gegevensbeschermingsautoriteit (GBA) (Belgian Data Protection Authority) — www.gegevensbeschermingsautoriteit.be — Drukpersstraat 35, 1000 Brussels — Tel: +32 2 274 48 00
Netherlands: Autoriteit Persoonsgegevens (AP) — www.autoriteitpersoonsgegevens.nl