Privacy Policy

This policy applies to Dome websites, Dome Desktop, authentication flows, hosted connector services, support channels, release downloads, and related services we provide. It does not apply to websites, financial institutions, identity providers, model providers, app stores, or other third-party services that have their own privacy notices.

Dome is built for personal financial work. That means the service can process sensitive information such as financial account data, transaction data, investment data, email metadata and content you choose to connect, authentication data, and device diagnostics.

We collect information in the following categories:

• Account and profile information, such as your name, email address, authentication identifiers, organization membership, and settings.
• Financial connection information, such as institution names, accounts, balances, transactions, holdings, statements, categories, merchant data, connection status, and provider tokens or references.
• Inbox and document connection information, including Gmail or other inbox data you authorize Dome to read, such as message metadata, message bodies, attachments, receipts, statements, alerts, and labels needed to provide requested features.
• Desktop app and device information, such as app version, operating system, install identifier, local runtime status, diagnostic logs, crash data, network status, and configuration values.
• AI interaction information, such as messages, prompts, agent task state, generated outputs, tool calls, selected connectors, and contextual data you ask Dome to use.
• Website and usage information, such as pages visited, download events, approximate location derived from IP address, browser type, referral source, cookie identifiers, and analytics events.
• Communications and support information, including messages you send us, feedback, bug reports, survey answers, and records of support interactions.
• Billing information if we offer paid services, such as plan, invoices, payment status, and limited payment metadata. Payment card details are expected to be handled by a payment processor rather than stored directly by Dome.

We collect information from:

• you, when you create an account, use Dome, or contact us;
• connected financial providers, banks, brokerages, data aggregators, and open banking providers you authorize;
• connected inbox, document, and productivity providers, including Google services such as Gmail when you grant access;
• authentication, security, cloud infrastructure, analytics, and support providers that help us operate the service;
• your device and local runtime when Dome Desktop runs, syncs, or reports diagnostics.

We use information to:

• provide, maintain, personalize, and improve Dome;
• authenticate users, secure accounts, prevent fraud, and enforce access controls;
• connect to banks, brokerages, inboxes, and other sources you choose;
• normalize, categorize, reconcile, search, summarize, and explain connected financial and inbox information;
• operate AI features, including agent messages, generated views, background tasks, and requested automations;
• debug errors, monitor reliability, measure performance, and support product development;
• communicate with you about the service, security, support, policy changes, and product updates;
• comply with legal obligations, resolve disputes, and enforce our terms.

Dome may send prompts, messages, tool results, and selected context to AI model providers or hosted model infrastructure so the agent can respond to your requests. We aim to send only the context needed for the requested task, but that context may include personal information or sensitive financial and inbox content if the task requires it.

We do not use your connected financial account data or Gmail content to train third-party foundation models unless you explicitly agree or the provider's enterprise terms allow processing only for service delivery and abuse prevention. We may use aggregated, de-identified, or synthetic data to improve reliability, security, and product quality.

If you connect Gmail or another Google service, Dome will use Google user data only to provide and improve the user-facing features you request, such as finding receipts, statements, alerts, or other financial context for your Dome. Dome's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell Google user data, use it for advertising, or allow humans to read it except when you ask us to help, when access is necessary for security or abuse investigation, when required by law, or when the data has been aggregated or de-identified.

We may share information with:

• service providers that host infrastructure, authenticate users, deliver support, send email, process payments, monitor reliability, and secure the service;
• financial data aggregators, open banking providers, institutions, and connector providers when needed to create or maintain a connection you requested;
• AI model and tool providers when needed to process your request or operate a feature you use;
• professional advisors, auditors, insurers, regulators, law enforcement, or courts when reasonably necessary;
• counterparties in a merger, financing, acquisition, reorganization, bankruptcy, or sale of assets, subject to appropriate protections;
• other parties with your direction or consent.

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising as those terms are commonly used in US state privacy laws.

We may use cookies, local storage, pixels, and similar technologies to operate the website, remember preferences, measure downloads, understand site performance, and protect against abuse. Browser controls can usually block or delete cookies, but some features may not work correctly without required cookies.

We keep personal information for as long as needed to provide Dome, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and operate backups. Retention periods vary by data type. For example, account and connection records may be kept while your account is active, diagnostic logs may be shorter lived, and legal or security records may be retained longer.

If you delete your account or disconnect a provider, we will begin deleting or de-identifying related data unless retention is required for legal, security, backup, or legitimate business reasons. Connected providers may keep their own records under their own policies.

We use administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit, access controls, environment separation, logging, monitoring, and vendor review. No service can guarantee perfect security. You are responsible for protecting your device, account credentials, and any recovery methods.

Depending on your location, you may have rights to:

• access, correct, delete, or export personal information;
• object to or restrict certain processing;
• withdraw consent where processing is based on consent;
• opt out of certain sales, sharing, targeted advertising, or profiling if those activities apply;
• appeal a privacy rights decision.

You can also disconnect banks, inboxes, and other providers inside the product or through the provider's own authorization settings. To make a privacy request, contact us at privacy@dome.financial. We may need to verify your identity before fulfilling a request.

California law treats many categories of data as personal information, including identifiers, online identifiers, internet activity, geolocation, commercial information, inferences, financial account information, and the contents of certain communications. Dome may collect these categories as described above.

Dome may collect sensitive personal information, including financial account data, account login-related data, precise content from connected communications, and authentication data. We use sensitive personal information only to provide the service, secure it, comply with law, and for other permitted purposes. We do not use sensitive personal information to infer characteristics unrelated to providing Dome.

Where UK or EEA data protection law applies, our legal bases may include performance of a contract, legitimate interests, consent, and compliance with legal obligations. You may have the right to complain to your local data protection authority. If we transfer personal data internationally, we use appropriate safeguards where required.

Dome is not intended for children under 13, or under the age required by local law to use online services without parental consent. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as through the service or by email. Continued use of Dome after an update means the updated policy applies.

Questions can be sent to privacy@dome.financial. These terms should be read together with our Terms of Service.