Privacy Policy

Goji ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services. Please read this policy carefully. By using Goji, you agree to the practices described here.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile photo (if signing in via Google). Authentication is handled securely by Google Firebase — we do not store your password.

Financial Data You Enter

We collect financial information you manually enter into the app: transaction amounts, descriptions, categories, account balances, budget limits, savings goals, and bill details. This data is stored securely in your personal account and is never sold or shared with advertisers.

Bank Account Data (Optional)

If you choose to connect a bank account, the connection is handled by Plaid Inc., a third-party financial data aggregator. Goji never sees or stores your bank login credentials. We receive read-only access to your transaction history and account balances via Plaid. Plaid's own Privacy Policy governs how they handle your banking credentials.

Voice Input

If you use voice commands, your spoken input is transcribed on your device and sent to our secure Cloud Functions for processing. Before being passed to our AI model (Google Gemini), all financial values, account numbers, and personally identifiable information are stripped. We do not store raw voice recordings.

AI Coach Conversations

Messages you send to the Goji AI coach are processed via Google Cloud Functions and Google Gemini. Conversation context is constructed without including raw account numbers, balances, or Plaid tokens — only aggregated financial summaries relevant to your question. Free tier conversations are not stored persistently. Premium conversations may be stored to provide continuity across sessions.

Usage Data

We collect anonymized analytics about how you interact with the app (screens viewed, features used, session length) to improve the product. This data cannot be used to identify you personally and is never linked to your financial information.

Cookies and Local Storage

Goji uses cookies and browser local storage solely for functional purposes — not for advertising or third-party tracking:

• Region Cookie: A session cookie (goji-region) remembers your detected region (US, UK, Nepal, etc.) so we show you the correct pricing, currency, and content without redirecting you on every page load.
• Rate Limiting: LocalStorage stores a timestamp when you submit the waitlist form to prevent accidental double-submissions (60-second cooldown).
• Vercel Analytics: Anonymized performance monitoring for our website (goji.today) that helps us identify crashes and slow page loads. No personal data or financial information is collected.

These are essential cookies that improve your experience and allow the site to function properly. Under GDPR and most privacy laws, functional cookies do not require your consent. We do not use advertising, marketing, or third-party tracking cookies.

Safe to Spend Calculator

The Safe to Spend calculator at goji.today/us/safe-to-spend does not collect, store, or transmit any data you enter. All calculations run entirely in your browser. No account is required and nothing you enter is sent to our servers.

Data Sharing Controls

You control whether your anonymized data is used for research or product improvement. These settings are off by default and can be changed at any time in Settings → Privacy → Data & Research:

• Research participation: Share anonymized spending patterns to contribute to academic research on immigrant household finance. Data is aggregated and never individually identified.
• Product analytics: Share anonymized usage patterns to help us improve the app. No financial data is included.

If you signed up via an institutional invite link (university or employer), your institution receives aggregated weekly active user reports only. No individual financial data is shared.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Goji app and its features
• Calculate your Safe to Spend amount, budget summaries, and financial insights
• Process voice commands and AI coach interactions securely
• Sync bank transaction data when you have enabled Plaid integration
• Send you relevant in-app notifications and alerts you have opted into
• Improve and personalize your experience
• Respond to support requests
• Comply with legal obligations

We do not use your financial data to serve you advertisements, and we never sell your personal data to third parties.

3. Data Storage and Security

Your data is stored in Google Firebase (Firestore), a secure cloud database. All data in transit is encrypted via HTTPS/TLS. Access to your Firestore data is restricted to your authenticated session — no other user or Goji team member can access your financial records through the client application.

Data cached on your device is encrypted using a key stored in your phone's secure keychain, not in the app code or on our servers.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We encourage you to enable biometric authentication within the app for an additional layer of protection.

4. Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal information. We work with the following third-party services to operate Goji:

• Google Firebase & Google Cloud: Authentication, database storage, cloud functions, and AI processing (Gemini). Your data is stored in Firebase under your authenticated account.
• Plaid Inc.: Bank account connection and transaction syncing (optional). Your bank credentials are never shared with Goji — only with Plaid directly.
• RevenueCat: Subscription management for Premium users. RevenueCat receives your subscription status and purchase history but does not have access to your financial data within Goji.
• Sentry: Error monitoring and crash reporting. All financial values (balances, amounts, account numbers, tokens) are stripped from error reports before transmission. Sentry only receives anonymized technical diagnostics.
• Vercel: Hosting and analytics for our website (goji.today). Website analytics are anonymized and do not include your in-app financial data.
• Open Exchange Rates: Daily USD exchange rates (NPR, INR) are fetched from openexchangerates.org to power real-time currency conversion. No personal data is shared — only a server-side API call is made.

We may also share data if required by law, court order, or governmental authority, or in the event of a merger or acquisition where your data may be transferred as part of that transaction.

5. Push Notifications

If you enable push notifications, we use Firebase Cloud Messaging to deliver alerts such as bill reminders, budget threshold warnings, and weekly summaries. Notification payloads do not contain your financial amounts or account details — only the type of alert. You can disable notifications at any time through your device settings.

6. International Data Transfers

Goji is built for users across multiple countries, including the United States, Nepal, and India. Your data is stored on Google Firebase servers, which may be located in the United States or other jurisdictions. By using Goji, you consent to the transfer and processing of your information in these locations. We take appropriate measures to ensure your data is protected in accordance with this policy regardless of where it is processed.

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate data through the app's Profile screen.
• Deletion: Permanently delete your account and all associated data at any time via Profile → Delete Account. Deletion is immediate and irreversible.
• Portability: Export your transaction data from within the app.
• Opt-out: Disable analytics and notification permissions at any time in your device settings.
• Plaid disconnection: Revoke Goji's access to your bank accounts at any time via Settings → Connected Accounts → Disconnect. This immediately revokes our read access.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is permanently removed from our systems within 30 days. Connected Plaid access tokens are revoked immediately upon account deletion. Anonymized, aggregated usage analytics may be retained indefinitely as they cannot be linked to you.

9. Children's Privacy

Goji is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page and, where appropriate, through an in-app notification. Continued use of Goji after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at: