Privacy Policy

Last updated: May 17, 2026 · Effective: May 17, 2026

QLife Money is a personal finance management ("PFM") and small-business platform operated by VGM LLC, doing business as QLife Money ("QLife Money," "we," "us," or "our"), a Nevada limited liability company with offices in Las Vegas, Nevada. This Privacy Policy explains the personal information we collect from and about consumers and small businesses who use the QLife Money website, mobile experiences, dashboard, marketplace, and related services (the "Services"), and how we use, disclose, and protect that information.

QLife Money is not a bank and is not a money transmitter. QLife Money partners with Stripe Payments Company for money transmission services and financial account services with funds held at Fifth Third Bank, N.A., Member FDIC. QLife Money is also not a broker-dealer, registered investment adviser, tax preparer, or consumer reporting agency. Where you use a payments or money-movement feature, the underlying financial service is provided by Stripe, Inc. and its affiliates, by Fifth Third Bank, N.A., or by another regulated third party, and your data with those partners is governed by their own privacy policies. Where you link a personal account, the connection is made through Plaid Inc., governed additionally by the Plaid End User Privacy Policy.

The Short Version

• We never sell your personal or financial data. Not to advertisers, not to lenders, not to data brokers, not to lead-generation networks, not to anyone.
• We don't run ads. Our business model is the subscription you pay us. There are no third-party ads on QLife Money and we don't send your data to advertising platforms.
• Read-only by default. When you connect a financial account, we receive read-only access. We can't move money from a linked account.
• Plaid and Stripe are our financial-data partners. They handle credentials and account access; we never see your bank username or password.
• You control your data. Disconnect any account, export your data, or delete your account from your dashboard at any time.
• Identity-first. Chosen name and pronouns are first-class fields. Your legal name is stored separately and used only where a financial institution or the IRS requires it.

1. Who This Policy Covers

This Policy applies to:

• Consumers who use QLife Money for personal finance management — linking accounts, budgeting, net-worth and investment tracking, receipt capture, and exporting tax-relevant transaction data.
• Small-business owners who open a QLife Money for Business account, including the embedded small-business financial account powered by Stripe (with funds held at Fifth Third Bank, N.A., Member FDIC) and platform payments via Stripe Connect.
• Marketplace listers who publish a business profile in the QLife Money marketplace.
• Visitors to qlife.money and its subdomains.

This Policy does not cover the practices of third-party services we link to or that you authorize, including Stripe, Plaid, your financial institutions, Google or Microsoft (for optional receipt forwarding), or any business listed in the marketplace. Each operates under its own privacy policy.

2. Information We Collect

2.1 Information You Give Us

• Account & identity: email address, password (stored hashed), phone number, legal name, chosen name, pronouns, mailing address, household structure, and family or partner relationships you choose to add.
• Identity verification (KYC) for business accounts: if you open a QLife Money for Business account, Stripe collects and verifies legal name, date of birth, U.S. taxpayer identification number (SSN or EIN), business formation documents, and government-issued ID under Customer Identification Program rules. Stripe shares the result of that verification with us; we never see your full SSN unless you choose to provide it directly to us.
• Marketplace business profile: business name, address, hours, photos, owner self-identification (e.g., LGBTQ+-owned, ally), certification badges (e.g., NGLCC) you elect to display, and content you publish.
• Receipts and documents: images and PDFs you upload or forward to your QLife Money inbox address; we apply optical character recognition ("OCR") to extract structured data.
• Communications: messages you send to support, survey responses, and feedback.

2.2 Information From Linked Financial Accounts

When you connect a bank, credit card, brokerage, retirement, HSA, 529, or loan account, we receive on a read-only basis:

• Account metadata (institution, account name, account type, last four of account number, currency).
• Balances and balance history.
• Transaction history (description, merchant, amount, date, category, payee identifier where available).
• For investment accounts: holdings, lots, cost basis where the institution provides it, and investment transactions (buys, sells, dividends, interest, fees, transfers).
• For loans and liabilities: principal balance, interest rate, payment schedule, payoff date.
• For payroll connections (only if you opt in): pay period, gross/net pay, tax withholding, and equity-comp grants and vest schedules.

This data flows to us through one of two providers, depending on the institution and product:

• Plaid Inc. — for most personal-account connections.
• Stripe, Inc. — for Stripe Financial Connections (some institution connections), your QLife Money for Business financial account powered by Stripe (with funds held at Fifth Third Bank, N.A., Member FDIC), and Stripe Connect payouts.

See §5 for our specific Plaid and Stripe disclosures, including how to revoke access.

2.3 Information from Email and Cloud Services (Optional)

If you opt in to receipt forwarding via Gmail, Google Workspace, or Microsoft 365, we use a Google or Microsoft OAuth scope to read messages that match receipt patterns (for example, merchant order confirmations) so we can match them to transactions and store them in your Shoebox. Use of Google user data complies with the Google API Services User Data Policy, including its Limited Use requirements: we do not transfer this data to third parties for ads, do not use it for advertising, do not allow humans to read it (other than for the security or compliance purposes Google specifically permits), and do not use it to develop, improve, or train generalized AI/ML models. You can disconnect this access at any time in your dashboard or through your Google or Microsoft account settings.

2.4 Information Collected Automatically

• Device & usage data: IP address, approximate location derived from IP, browser type, operating system, device identifiers, pages viewed, features used, referrer URL, and timestamps.
• Cookies and similar technologies: see §7. We use only strictly-necessary, functional, and first-party analytics technologies. We do not use third-party advertising trackers or cross-site tracking pixels.
• Server logs: request logs for security, fraud prevention, abuse detection, and debugging.

2.5 Information From Other Sources

We may receive limited information about you from:

• Stripe and our bank partner Fifth Third Bank, N.A. (e.g., transaction confirmations, KYC verification results, dispute notices).
• Plaid (the categorized transaction and identity data you authorized them to send).
• Public business registries and the NGLCC, where you have linked your marketplace listing to a public certification.
• Service providers that help us prevent fraud, money laundering, and abuse (e.g., device-fingerprinting and sanctions-screening vendors).

3. How We Use Your Information

• Provide and operate the Services: authenticate you, sync your accounts, categorize transactions, render dashboards and net-worth views, generate budgets, run goal projections, capture and match receipts, and operate the marketplace.
• Categorize and improve sorting: we apply machine-learning models to your transactions and receipts. These models are tuned within your own account from your corrections. We do not use your data to train generalized models for other customers without your explicit, opt-in consent.
• Tax-relevant categorization and export: we tag transactions for Schedule C, deductions, and other tax-relevant categories so you can export them to your CPA, tax software, or accounting tool. QLife Money does not prepare, sign, or file tax returns and is not a "tax return preparer" under federal law.
• Customer support — respond to your questions and requests.
• Transactional and service communications: account alerts, security notifications, billing receipts, and required disclosures. You cannot opt out of these while you have an account, because they are required by law or to operate the Services.
• Marketing communications only where permitted, and you can unsubscribe at any time.
• Comply with law: KYC and sanctions screening for business accounts, court orders, subpoenas, lawful government requests, and applicable financial-services regulator examinations of our partners.
• Detect and prevent fraud, abuse, and security incidents, including by sharing limited data with fraud-prevention vendors and law enforcement where appropriate.
• Enforce our Terms of Service and protect our and others' rights, property, and safety.
• Aggregate, de-identified analytics for product improvement and benchmarking. Aggregated statistics cannot be used to identify any individual.

4. We Do Not Sell or Share Your Personal Information

We do not sell your personal information for money or other valuable consideration, and we do not share it for cross-context behavioral advertising. We do not participate in advertising-network data exchanges. We do not provide your transaction data, balances, holdings, or category history to lenders, insurers, advertisers, lead-generation platforms, or data brokers. If we ever change this practice, we will update this Policy in advance and provide the opt-out rights required by law.

5. How We Share Your Information

We share personal information only as described below.

5.1 Stripe (Payments, Financial Accounts, Connect, Financial Connections, Identity)

QLife Money partners with Stripe Payments Company for money transmission services and account services with funds held at Fifth Third Bank, N.A., Member FDIC.

If you open a QLife Money for Business account or use a payments feature, we share information with Stripe, Inc. and its affiliates as needed for Stripe to provide its services to you and to us. This includes:

• KYC and Customer Identification Program ("CIP") information, beneficial-ownership information, and Stripe Identity verification data collected under the USA PATRIOT Act and the Bank Secrecy Act;
• Transaction, payout, and dispute data for Stripe Connect;
• Financial account information for your QLife Money for Business account, where balances are held at Fifth Third Bank, N.A., Member FDIC;
• Account-link metadata for Stripe Financial Connections, where you elect to use it.

FDIC pass-through insurance disclosure. USD balances in financial accounts are eligible for FDIC pass-through deposit insurance if the accounts meet certain requirements. The accounts are eligible only to the extent pass-through insurance is permitted by the rules and regulations of the FDIC, and if the requirements for pass-through insurance are satisfied. The FDIC insurance applies up to 250,000 USD per depositor, per financial institution, for deposits held in the same ownership category. Neither Stripe nor QLife Money is an FDIC-insured institution, and the FDIC's deposit insurance coverage only protects against the failure of an FDIC-insured depository institution.

Stripe's processing is governed by the Stripe Privacy Policy, the Stripe Services Agreement, the Stripe Connected Account Agreement, the Stripe Financial Accounts for Platforms Terms, and any other agreements presented to you when you enable a Stripe-powered feature.

5.2 Plaid (Personal Account Linking)

When you link a personal account through Plaid:

• Plaid presents its own consent screen and collects your account credentials directly. We do not see your bank username or password.
• Plaid acts as our service provider for retrieving balance, transaction, identity, holdings, liability, and (where you opt in) payroll data on your behalf.
• Plaid is also a separate data controller of certain information it collects directly from you, including authentication credentials and account metadata. That handling is governed by the Plaid End User Privacy Policy.
• You can review and revoke your active Plaid connections at any time at my.plaid.com, or by removing the linked account from your QLife Money dashboard. Removing a connection in QLife Money stops new data flowing in, but does not by itself purge data already at Plaid — visit Plaid Portal for a complete revocation.
• Plaid does not share your personal financial data with third parties to power services other than the ones you requested through us, except where Plaid's policy allows (e.g., consent, fraud prevention, legal compliance).

5.3 Other Service Providers

• Cloud and infrastructure: Amazon Web Services hosts our application in the United States, including compute, storage, content delivery, and secrets management.
• Email and notification: transactional email and SMS providers under written data-processing agreements.
• Analytics: first-party analytics only, run on infrastructure under our control. We do not use Google Analytics, Meta Pixel, or third-party advertising trackers.
• OCR and document processing for receipts (operated under contracts that prohibit secondary use of your data).
• Fraud-prevention and sanctions-screening vendors.
• Professional advisors: auditors, attorneys, and accountants under confidentiality obligations.

All service providers are bound by written agreements that limit their use of your information to providing services to us and require them to protect it consistent with this Policy.

5.4 Household Members and Marketplace

If you invite a household member to share data, that person sees the data you authorized. You can revoke access at any time. If you publish a marketplace listing, the information in that listing is public.

5.5 Legal and Safety

We may disclose information when we reasonably believe disclosure is necessary to (a) comply with applicable law, lawful government requests, or court orders; (b) enforce our Terms of Service; (c) detect or prevent fraud, security incidents, or abuse; (d) protect the rights, property, or safety of QLife Money, our users, or others; or (e) respond to a verified request by a user or their authorized agent.

5.6 Business Transfers

If QLife Money is involved in a merger, acquisition, financing due-diligence process, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you and provide the choices required by applicable law before any material change in how your data is handled.

5.7 With Your Consent

We will share your information for any other purpose disclosed to you and consented to by you.

6. Tax Categorization — What We Do, What We Don't

QLife Money helps you organize tax-relevant transaction data. You can tag transactions for Schedule C, common deductions, and similar categories, and export them to a CPA, an accountant, or a third-party tax-prep tool of your choice. Our role is data organization and export only.

QLife Money does not prepare, sign, transmit, or e-file tax returns and is not a "tax return preparer" under 26 U.S.C. § 7701(a)(36) or related regulations. We do not provide tax, legal, accounting, or investment advice; consult a qualified professional about your specific situation.

7. Cookies and Tracking

We use a small number of cookies and local-storage entries:

• Strictly necessary: session tokens, CSRF tokens, and authentication state. The Services will not function without these.
• Functional: remembering dashboard layout, last-selected household, and accessibility preferences.
• First-party analytics: aggregated usage counters run on our own infrastructure. No data is sent to advertising networks.

Because we do not engage in cross-context behavioral advertising, our default response to your browser's "Do Not Track" or Global Privacy Control ("GPC") signals is the same as the default experience. Where state law treats GPC as a valid opt-out signal for a sale or sharing of personal information, we honor it as such.

8. Data Security

We use commercially reasonable, industry-standard security practices and SOC 2-aligned controls, including:

• TLS 1.2+ encryption of data in transit and AES-256 encryption at rest.
• Read-only account links — we cannot initiate transfers from your linked accounts.
• Tokenized credentials — we never see or store your bank username or password.
• Multi-factor authentication, role-based access, and least-privilege production access for our personnel.
• Continuous logging and intrusion-detection monitoring on production systems.
• Annual third-party penetration testing and ongoing vulnerability management.
• Vendor due diligence and written data-protection agreements with all service providers that process personal information on our behalf.
• An incident-response program that includes notification to affected users and regulators consistent with applicable state breach-notification laws.

No method of electronic transmission or storage is perfectly secure. While we use commercially reasonable efforts to protect your information, we cannot guarantee absolute security.

9. Data Retention

We retain personal information for as long as needed to provide the Services and for the additional periods needed to:

• comply with legal, audit, and accounting obligations (typically up to seven (7) years for financial records);
• resolve disputes and enforce our agreements;
• support fraud prevention, security investigations, and abuse detection;
• maintain backup systems (deleted data may persist in encrypted backups for up to ninety (90) days before purge).

For QLife Money for Business accounts powered by Stripe, we and our financial-service partners apply additional retention periods required by the Bank Secrecy Act, the USA PATRIOT Act, and OFAC rules — typically at least five (5) years from account closure for transaction, KYC/CIP, sanctions-screening, and complaints records. We also retain records of marketing materials, application flows, customer consent, statements, receipts, and customer communications for at least five (5) years as required by our financial-service partners. Our partners' retention is governed by their own policies.

10. Children

The Services are not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen (13) under the Children's Online Privacy Protection Act ("COPPA"). To open a financial account, you must be at least eighteen (18). If you believe a child has provided us with personal information, contact privacy@qlife.money and we will delete it.

11. International Users

QLife Money operates in the United States and is intended for U.S. residents. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the U.S., where data-protection laws may differ from those in your jurisdiction. We are not currently designed for or directed at users in the European Economic Area, the United Kingdom, or other regions whose laws would impose additional cross-border-transfer obligations.

12. U.S. State Privacy Rights

Depending on where you live, you may have one or more of the rights below regarding personal information we hold about you. We honor these rights subject to verification and the exceptions allowed by the applicable statute (for example, information we must keep to comply with law, prevent fraud, or detect security incidents).

• Right to know / access: request a copy of the personal information we hold and information about how we use it.
• Right to correct: request that we correct inaccurate personal information.
• Right to delete: request deletion, subject to applicable exceptions.
• Right to portability: receive your data in a portable, machine-readable format.
• Right to opt out of the sale or sharing of personal information and of targeted advertising. We do not sell or share for cross-context behavioral advertising, so there is no sale or sharing to opt out of.
• Right to limit the use of sensitive personal information.
• Right of non-discrimination for exercising your rights.
• Right to appeal a denial of your request — reply to our denial email and we will reconsider.

12.1 California (CCPA / CPRA)

• Categories of personal information collected in the past twelve (12) months: identifiers (name, email, account ID, IP); commercial information (subscription, transaction metadata you provide or that flows from linked accounts); financial information; internet/network activity (pages, actions, device data); approximate geolocation (from IP); inferences (categorization tags); professional information (if you opt in to payroll); and the sensitive categories of account log-in credentials, government identifiers (where Stripe collects them for KYC), and contents of communications you send to support.
• Categories disclosed for a business purpose: identifiers, commercial information, financial information, and the related sensitive categories — to service providers under written contracts. Recipients include Stripe, Plaid, our cloud and email providers, our OCR/document vendor, and fraud-prevention vendors.
• Categories sold or shared for cross-context behavioral advertising: none.
• Categories of sensitive personal information used or disclosed for purposes other than those allowed under §7027(m): none.
• Retention: as described in §9.
• An authorized agent may submit a request on your behalf with proof of authorization.
• Shine the Light: California Civil Code §1798.83 lets California residents request information about disclosures to third parties for direct marketing. We do not make such disclosures.

12.2 Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, New Jersey, Delaware, New Hampshire, Minnesota, Maryland, Rhode Island, and Nebraska have substantially similar rights under their respective state privacy laws. The rights described above apply, subject to each statute's verification requirements and exceptions.

12.3 Nevada

Nevada residents may direct us not to sell their "covered information" under Nevada Revised Statutes §§ 603A.300–603A.360. We do not sell covered information; if our practices change, we will honor verified requests submitted to privacy@qlife.money.

12.4 FCRA Notice

QLife Money is not a consumer reporting agency under the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq. We do not assemble or evaluate consumer information for the purpose of furnishing consumer reports to third parties. The insights and reports we show you about your own finances are for your own informational use and are not consumer reports.

12.5 Submitting a Privacy Request

Submit privacy requests through the Privacy & Data section of your dashboard, or by email to privacy@qlife.money with the subject line "Privacy Request." We will verify your identity using information we already have on file (or, where appropriate, a one-time link to your registered email and a request-specific code). We will respond within forty-five (45) days, with one extension of up to forty-five (45) additional days where reasonably necessary, and will explain any reason we cannot fulfill a request.

13. Changes to This Policy

We will update this Policy when our practices change. The "Last updated" date at the top reflects the most recent revision. For material changes, we will give you advance notice by email or in-product notice. Your continued use of the Services after the effective date constitutes acceptance of the revised Policy.

14. How to Contact Us

• Privacy: privacy@qlife.money
• General support: support@qlife.money
• Postal mail: QLife Money — Privacy, VGM LLC, Las Vegas, Nevada

If you are not satisfied with our response, you may contact your state attorney general or the U.S. Consumer Financial Protection Bureau at consumerfinance.gov.