← Back to CommandLife

Privacy Policy

Last updated: June 13, 2026

1. Overview

HOLO LLC (“we”, “us”, “our”) operates CommandLife. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data We Collect

Account Information

Name, email address, and password hash when you create an account. If you use Google OAuth, we receive your name and email from Google.

User-Entered Data

Financial records, goals, tasks, habits, health logs, journal entries, notes, contacts, and other data you voluntarily enter into the platform. This data belongs to you.

Connected Financial Accounts

If you choose to connect a bank, credit card, loan, or investment account, we use Plaid Inc. to access that account on your behalf. Through Plaid we receive account balances, transactions, and, where available, liability details (such as credit-card APRs and payment due dates) and investment holdings, which we use to display your finances back to you. We never receive or store your bank login credentials; those are handled directly by Plaid. Connecting an account is optional and read-only (we cannot move money), and you can disconnect it at any time from Settings. Your use of Plaid is also governed by Plaid’s privacy policy.

Usage Data

Basic analytics (page views, feature usage) to improve the Service. We do not track individual behavior for advertising purposes.

3. How We Use Your Data

  • To provide and maintain the Service
  • To display your data back to you (dashboards, charts, reports)
  • To power AI features (categorization, insights, chat)
  • To send transactional emails (password resets, billing)
  • To improve the Service based on aggregated, anonymized usage patterns

4. AI Data Processing

When you use AI features, relevant data (such as transaction descriptions or your question) is sent to our AI provider (Anthropic) for processing. This data is used solely to generate your response and is not stored by the AI provider for training purposes. We only send the minimum data needed for each AI request.

5. Data Storage & Security

Your data is stored in a managed PostgreSQL database hosted on DigitalOcean infrastructure. All connections are encrypted in transit (TLS). Passwords are hashed using bcrypt. We implement access controls to prevent unauthorized access to your data.

6. Data Sharing

We do not sell your personal data. We may share data only:

  • With your explicit consent
  • With service providers who help operate the platform (hosting, bank-account connectivity via Plaid, and AI processing)
  • When required by law or legal process
  • To protect our rights or prevent fraud

7. Your Rights

You have the right to:

  • Access— View all data we store about you via the Settings > Export feature
  • Export — Download your data in CSV format at any time
  • Delete — Request deletion of your account and all associated data
  • Correct — Update or correct any inaccurate data

8. Cookies

We use essential cookies only — specifically for authentication session management (NextAuth). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data is permanently removed within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

10. Children's Privacy

CommandLife is not intended for users under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. The “Last updated” date at the top indicates when the policy was last revised.

12. Contact

For privacy-related questions, contact us at [email protected].