Legal

Privacy Policy

We protect your financial data. No selling. No sharing. Full transparency.

Last updated: May 24, 2026

Quick Snapshot

Collected: Email (account), optional name, user‑entered finance data (income, expenses, assets), bank account balance & transaction history when Open Banking is connected (optional, opt-in only), device & crash analytics (Firebase), optional location (only if permission granted), notification token.

Not Collected: Bank login passwords or PINs, card numbers, government IDs, precise location without consent.

Use: Core app features, sync, reminders, performance & security, lawful compliance, AI insights.

Sharing: Only processors (Firebase and platform services). No selling of personal data.

Retention: While account active; deletion request → purge ≤30 days.

Rights: Access, correction, deletion, export, withdraw consent. Contact: support@finfinai.com

1. Introduction

FinFin AI ("app", "service", "we", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and protect your personal information when you use our personal finance management application.

2. Information We Collect

2.1 Personal Information

  • Email address (for account creation and authentication)
  • Name and profile information (optional)
  • Financial data (income, expenses, assets, debts you manually enter)
  • Bank account data — only when an Open Banking connection is established (see Section 2.4)
  • User preferences and settings

2.2 Automatically Collected Information

  • Device information (model, operating system version)
  • App usage statistics and analytics
  • Performance and crash data
  • IP address and general location (for security purposes)

2.3 Information We Do NOT Collect

  • Bank login passwords, PINs, or authentication credentials (when connecting via Open Banking, authentication happens directly between you and your bank — FinFin never sees these credentials)
  • Credit card numbers or payment information
  • Social security numbers, tax IDs, or government-issued ID numbers
  • Precise location data without permission

2.4 Open Banking Data

The Open Banking feature is entirely optional and only activated with your explicit consent. When a connection is established, FinFin receives read-only access to:

  • Account name, type, and currency
  • Account balance and available balance
  • Transaction history (date, amount, description, category)

How it works: You are redirected to your bank's secure login page via TrueLayer OAuth. You log in directly to your bank — FinFin never sees your credentials. A read-only access token is then stored exclusively server-side (Firebase Cloud Functions), encrypted, and never transmitted to your device.

Disconnecting: When you disconnect your bank, the access token and all Open Banking data on our servers are permanently deleted.

3. How We Use Your Information

  • Provide comprehensive financial management services
  • Generate personalized insights and recommendations
  • Improve app functionality and user experience
  • Ensure security and prevent fraud
  • Provide customer support and technical assistance
  • Send important updates and notifications (with your consent)

4. Information Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may only share information in limited circumstances.

  • Legal Requirements: When required by law, court order, or government request
  • Security Threats: To protect against fraud, security threats, or illegal activities
  • Service Providers: With trusted partners like Firebase/Google for infrastructure services
  • Business Transfer: In case of merger or acquisition (with user notification)

5. Data Security and Protection

Bank-Level Security: We implement multiple layers of security to protect your financial data.

  • End-to-end encryption for all data transmission
  • Advanced Firebase security rules and authentication
  • Regular security audits and updates
  • Secure cloud storage with Google Cloud Platform
  • Multi-factor authentication support
  • Automatic session timeout and device management

6. Data Retention and Deletion

  • Your data is stored as long as your account remains active
  • You can delete your account and all data at any time
  • Deleted data is permanently removed within 30 days
  • Some anonymized usage statistics may be retained for app improvement
  • Backup data is securely destroyed according to our retention policy

Detailed Retention

  • Authentication & Profile: Kept until account deletion.
  • Financial Entries: Kept for user convenience; deleted on account removal.
  • Crash / Diagnostics: Raw crash logs aged out ≤ 90 days typical.
  • Backups: Purged on next cycle post-deletion request (≤ 30 days).

7. Your Rights and Controls

Under GDPR, CCPA, and other privacy laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal data
  • Portability: Export your data in a readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain data processing activities
  • Withdraw Consent: Revoke previously given permissions

To exercise rights, send an email to support@finfinai.com from your registered address. We respond within 30 days.

8. International Data Transfers

Your data may be processed and stored on servers located outside your country through our use of Firebase and Google Cloud services. We ensure adequate protection through Google's compliance with international data protection standards and Standard Contractual Clauses for EU data transfers.

9. Children's Privacy

FinFin AI is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will promptly delete such information.

10. Cookies and Tracking

  • Essential cookies for app functionality
  • Analytics cookies to understand user behavior (anonymized)
  • Performance cookies to identify and fix issues
  • No advertising or marketing cookies

No behavioral ads or third-party ad networks. The Android AD_ID permission (if present) is restricted to analytics/diagnostics only.

11. Third-Party Services

  • Firebase/Google: Database, authentication, and analytics
  • Apple Services: iOS app functionality and App Store services
  • Google Play Services: Android app functionality and security
  • TrueLayer: Open Banking infrastructure — used to read account and transaction data from your bank when you choose to connect one. TrueLayer is an authorised Payment Services Provider (PSP) regulated under PSD2. TrueLayer Privacy Policy. No data is shared with TrueLayer unless you opt in to the Open Banking feature.

12. Updates to This Policy

We may update this Privacy Policy periodically. Major changes will be communicated through in-app notifications, email notifications, and an updated version date at the top of this policy.

15. Region-Specific Rights

EU / EEA & UK (GDPR): You have rights of access, rectification, erasure, restriction, portability and objection. You may lodge a complaint with your local Data Protection Authority.

Brazil (LGPD): Legal bases include performance of contract, compliance with legal obligations, legitimate interests, and consent. You may request confirmation of processing, anonymization, portability or revocation of consent.

California (CCPA / CPRA): We do not "sell" or "share" personal information as defined by CCPA/CPRA. Exercise access/deletion rights by emailing support@finfinai.com.

Canada (PIPEDA): You may request access and correction; complaints can be directed to the Office of the Privacy Commissioner of Canada.

16. Automated Decision Making

AI insights provide spending suggestions and categorizations. They do not create legal or similarly significant effects. Users can ignore or manually override any AI-generated recommendation.

Contact Information

For questions, concerns, or data requests regarding this Privacy Policy:

  • Email: support@finfinai.com
  • In-App Support: Settings → Help & Feedback
  • Response Time: We typically respond within 48 hours

Your Privacy Matters: We're committed to transparency. If you have questions about how we handle your data, don't hesitate to reach out.