Privacy

• Your email, name, and hashed password (bcrypt, cost factor 12). We never see your plaintext Kitta password.
• Each MeroShare account you add: username, bank, and your MeroShare password, PIN, and CRN — all encrypted with AES-256-GCM before they reach the database.
• A history of your applications, allotments, and holdings, so you can read the morning report and the historical charts.
• Sync logs and audit events (login, password change, credential reveal) for diagnostics and your own forensics.

• Your MeroShare session tokens past their TTL.
• Any third-party tracking pixels, ad identifiers, or behavioural profiles.
• Payment info — while Kitta is free, we don't take cards at all. If paid tiers launch, we'll process through a PCI-DSS-compliant partner and tell you first.

No one outside the Kitta team. We don't sell, rent, or share credentials or holdings data. Operators with database access are bound by a signed confidentiality obligation; access is gated and logged.

The master key used for credential encryption lives in our secrets manager — not in source control, not in the database. A full database dump, if ever leaked, would still not expose your MeroShare credentials.

Delete your account and we wipe everything — user record, credentials, applications, holdings, logs — within 30 days. No retention policy, no "analytics" residue. Email hello@kitta.app if you want a confirmation.

Write to hello@kitta.app — we read every message.