FinFin - Privacy Policy

Last updated: September 9, 2025

            Snapshot (Short Form)

            Collected: Email (account), optional name, user‑entered finance data (income, expenses, assets), device & crash analytics (Firebase), optional location (only if permission granted – not required), notification token.

            Not Collected: Bank credentials, card numbers, government IDs, precise location without consent.

            Use: Core app features, sync, reminders, performance & security, lawful compliance, future contextual insights.

            Sharing: Only processors (Firebase and platform services). No selling of personal data.

            Retention: While account active; deletion request → purge ≤30 days (backups scheduled deletion).

            Security: HTTPS, Firebase security rules, least‑privilege access, crash monitoring.

            Rights: Access, correction, deletion, export, withdraw consent. Contact: support@finfinai.com.

            Quick Summary: FinFin respects your privacy and protects your financial data with bank-level security. We only collect necessary information to provide our services and never sell your personal data.
        

1. Introduction

FinFin ("app", "service", "we", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and protect your personal information when you use our personal finance management application.

2. Information We Collect

2.1 Personal Information

Email address (for account creation and authentication)
Name and profile information (optional)
Financial data (income, expenses, assets, debts you manually enter)
User preferences and settings

2.2 Automatically Collected Information

Device information (model, operating system version)
App usage statistics and analytics
Performance and crash data
IP address and general location (for security purposes)

2.3 Information We Do NOT Collect

Bank account credentials or passwords
Credit card numbers or payment information
Social security numbers or tax IDs
Precise location data without permission

3. How We Use Your Information

Provide comprehensive financial management services
Generate personalized insights and recommendations
Improve app functionality and user experience
Ensure security and prevent fraud
Provide customer support and technical assistance
Send important updates and notifications (with your consent)

4. Information Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may only share information in these limited circumstances:

Legal Requirements: When required by law, court order, or government request
Security Threats: To protect against fraud, security threats, or illegal activities
Service Providers: With trusted partners like Firebase/Google for infrastructure services
Business Transfer: In case of merger or acquisition (with user notification)

5. Data Security and Protection

            Bank-Level Security: We implement multiple layers of security to protect your financial data.
        

End-to-end encryption for all data transmission
Advanced Firebase security rules and authentication
Regular security audits and updates
Secure cloud storage with Google Cloud Platform
Multi-factor authentication support
Automatic session timeout and device management

6. Data Retention and Deletion

Your data is stored as long as your account remains active
You can delete your account and all data at any time
Deleted data is permanently removed within 30 days
Some anonymized usage statistics may be retained for app improvement
Backup data is securely destroyed according to our retention policy

7. Your Rights and Controls

Under GDPR, CCPA, and other privacy laws, you have the following rights:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal data
Portability: Export your data in a readable format
Restriction: Limit how we process your data
Objection: Object to certain data processing activities
Withdraw Consent: Revoke previously given permissions

8. International Data Transfers

Your data may be processed and stored on servers located outside your country through our use of Firebase and Google Cloud services. We ensure adequate protection through:

Google's compliance with international data protection standards
Standard Contractual Clauses for EU data transfers
Privacy Shield and other recognized certification frameworks

9. Children's Privacy

FinFin is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will promptly delete such information.

10. Cookies and Tracking

We use minimal tracking technologies to improve app performance:

Essential cookies for app functionality
Analytics cookies to understand user behavior (anonymized)
Performance cookies to identify and fix issues
No advertising or marketing cookies

11. Third-Party Services

We integrate with the following trusted third-party services:

Firebase/Google: Database, authentication, and analytics
Apple Services

12. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Major changes will be communicated through:

In-app notifications
Email notifications (for significant changes)
Updated version date at the top of this policy

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your data:

Email: support@finfinai.com
In-App Support: Use the help section within the app
GitHub: https://github.com/hsyndnz/finfin
Response Time: We typically respond within 48 hours

14. Jurisdiction and Applicable Law

This Privacy Policy is governed by the laws of Turkey and the European Union's General Data Protection Regulation (GDPR). For users in other jurisdictions, we comply with applicable local privacy laws including CCPA (California), PIPEDA (Canada), and others.

Your Privacy Matters: If you have any questions or concerns about how we handle your data, please don't hesitate to contact us. We're committed to transparency and protecting your financial privacy.

15. Region-Specific Rights & Disclosures

EU / EEA & UK (GDPR / UK GDPR): You have the rights of access, rectification, erasure, restriction, portability and objection. You also have the right to lodge a complaint with a supervisory authority (e.g. local Data Protection Authority). Age threshold for independent consent in the EU may vary (13–16). Where required, we obtain guardian consent.

Brazil (LGPD): We process data on the following legal bases: performance of contract (core app features), compliance with legal obligations (record keeping / security), legitimate interests (fraud prevention, service improvement – balanced against your rights), and consent (notifications, optional location). You may request confirmation of processing, anonymization, portability or revocation of consent.

California (CCPA / CPRA): We do not “sell” or “share” personal information as defined by CCPA/CPRA, nor do we use personal information for cross‑context behavioral advertising. You may exercise access / deletion rights by emailing support@finfinai.com.

Canada (PIPEDA): You may request access and correction; complaints can be directed to the Office of the Privacy Commissioner of Canada.

16. Legal Bases for Processing (GDPR / LGPD)

Contract Necessity: Account creation, sync, core finance features.
Legitimate Interests: Service improvement, fraud / abuse prevention, basic analytics (balanced against user rights).
Consent: Optional notifications, optional location-based enhancements (future), marketing emails (if introduced).
Legal Obligation: Security, compliance, responding to lawful requests.

17. Data Subject / Consumer Requests (DSR)

To exercise rights (access, export, correction, deletion, restriction, objection, consent withdrawal) send an email to support@finfinai.com from the address associated with your account. We respond within 30 days (or provide a justified extension up to 60 days for complex requests). Identity verification may require a one‑time code or re‑authentication.

18. International Transfers

Data may be processed on Google Cloud (multi‑regional). For EEA / UK users, transfers rely on Standard Contractual Clauses (SCCs) incorporated by Google’s terms. We periodically review sub‑processors (Firebase / Google Cloud). No high‑risk transfers to untrusted jurisdictions without additional safeguards.

19. Advertising & Tracking

No behavioral ads or third‑party ad networks. The Android AD_ID permission (if present) is restricted to analytics / diagnostics only. If marketing attribution or ads are introduced later, the policy and consent flows will be updated before activation.

20. Automated Decision Making

AI insights provide spending suggestions and categorizations. They do not create legal or similarly significant effects. Users can ignore or manually override any AI-generated recommendation.

21. Data Minimization & Retention Details

Authentication & Profile: Kept until account deletion.
Financial Entries: Kept for user convenience; deleted on account removal.
Crash / Diagnostics: Rotated & aggregated; raw crash logs routinely aged out (≤ 90 days typical).
Backups: Purged on next cycle post-deletion request (≤ 30 days).

22. Future Changes

If we materially expand data categories (e.g. open banking connections) or begin targeted advertising, we will: (1) Update this policy, (2) Provide clear in‑app notice, (3) Obtain consent where required.

23. Contact / Escalation

Primary contact / Support: support@finfinai.com. EU users may escalate to their local Data Protection Authority; California users may contact the California Privacy Protection Agency; Brazil users may contact the ANPD.