Draft — pending legal review

These documents are scaffolds operating as plain-language defaults while Firstfruits is in family alpha. Before public launch on August 1, 2026, they'll be replaced with a counsel-reviewed version. Email hello@firstfruits.app with concerns.

Legal

Privacy Policy.

Last updated: April 29, 2026

What we collect.

Account data — your name, email, and household membership.

Financial data you enter — transactions, accounts, categories, recurring rules, and giving destinations. Stored encrypted at rest.

AI conversation content — when you chat with an agent, the conversation is sent to our AI inference partner. We send the relevant household-specific context (your firstfruits rule, recent activity) so the agent can answer with specifics. We do not retain a persistent transcript of the conversation beyond the audit log of which tools were called.

Usage telemetry — none. We do not run third-party analytics, session-replay, or behavioral tracking on authenticated pages.

What we don't do.

We do not sell your data. We do not share it with advertisers. We do not use your conversations or transactions to train AI models. We do not aggregate household data for marketing claims.

Sub-processors.

Firstfruits uses a small set of third-party service providers strictly required for service delivery: managed application hosting, managed database, authentication, AI inference, transactional email, and payment processing. All providers we use carry SOC 2 Type II certification and encrypt data in transit and at rest.

The current list of sub-processors is provided to institutional subscribers under our Data Processing Addendum. Other subscribers can request the list by emailing hello@firstfruits.app.

We do not introduce new sub-processors that touch household financial data without notifying subscribers in advance.

Your rights.

Export — you can export your transactions to CSV at any time from /transactions, or your full household data as JSON from /settings/billing.

Delete — you can delete individual transactions inline, wipe imports with typed confirmation, or close your account by emailing us. Account closure deletes the household after a 30-day restoration window.

Correct — edit your name, email, household name, covenant categories, tithe rule, and per-tx data through the application. We do not maintain "shadow" copies.

Audit — every agent action and every financial-mutation server action is recorded in an audit log accessible to household admins from Settings → Agents.

Kid privacy (post-launch).

When kid accounts ship, parents will not see kid chat content by default. The Pastoral Handoff flow (when a child becomes an adult) cleanly revokes parent visibility and exports the kid's data to them. Per-child data is governed by additional guardrails detailed in our forthcoming Kid Privacy Addendum.

Security disclosure.

If you've found a security issue, please email security@firstfruits.app and do not disclose publicly until we've had a chance to respond.

Contact.

ITABWODI LLC · Apex, NC · hello@firstfruits.app for any privacy question or request.