Privacy Policy

1. Overview

This Privacy Policy ("Policy") describes how Financy, its subsidiaries and affiliates (collectively, "Financy," "we," "us," or "our") collect, use, disclose, and safeguard information about you when you access and use our services, including our website, mobile applications, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

We collect information about you in various ways when you use our Services. The categories of information we collect include:

2.1 Information You Provide Directly

• Account Information: Email address, name, and password when you create an account or join our waitlist.
• Profile Information: Optional information such as profile picture, preferences, and financial goals.
• Communications: Information you provide when you contact our support team or participate in surveys.
• Financial Data: Transaction details, budget information, savings goals, investments, debts, and financial targets you choose to enter into the application.
• Email Integration: If you enable Gmail sync, we access only transaction-related emails from authorized senders.
• SMS Data: On Android devices, if you grant permission, we can extract transaction details from SMS messages.

2.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and mobile network information.
• Usage Information: Features used, actions taken, time spent on pages, and interaction with our Services.
• Log Information: IP address, browser type, access times, and referring website addresses.
• Location Information: General location derived from IP address (we do not collect precise geolocation data).

2.3 Cookies and Similar Technologies

We use essential cookies and local storage to maintain user sessions, store preferences, and ensure the security of our Services. We do not use third-party advertising cookies or tracking pixels.

3. Use of Information

We use the information we collect for the following purposes:

1. To provide, maintain, and improve our Services and develop new features;
2. To create and manage your account and provide customer support;
3. To personalize your experience and deliver relevant content;
4. To communicate with you about service updates, new features, and promotional offers (with your consent);
5. To detect, prevent, and address technical issues, fraud, and security threats;
6. To comply with applicable legal obligations and enforce our Terms of Service;
7. To conduct research and analysis to improve our Services;
8. To protect the rights, property, and safety of Financy, our users, and the public.

4. Data Storage and Security

We employ a privacy-by-design approach with local-first data architecture. This section describes how we store and protect your information.

4.1 Local Storage

Personal financial data created within the application is stored locally on your device and encrypted using industry-standard encryption protocols. This data remains under your direct control and is protected by your device's security measures.

4.2 Cloud Storage

Should you elect to utilize optional backup or synchronization features, data may be transmitted to secure cloud servers. All data transmissions are encrypted in transit using TLS 1.3 or higher, and data is encrypted at rest using AES-256 encryption.

4.3 Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes outlined in this Policy. When you delete your account, we will delete or anonymize your information within 90 days, except where retention is required by law.

5. Artificial Intelligence and Voice Processing

Our Services may include optional artificial intelligence (AI) and voice processing features designed to enhance your experience while maintaining privacy.

5.1 AI Processing

When you use AI features, processing may occur either on-device or through authorized service providers. We implement the following safeguards:

• On-device categorization using rule-based engines for maximum privacy;
• Optional OpenAI integration for enhanced categorization (can be disabled);
• Personal identifiers are removed or encrypted before processing;
• AI models are not trained on individual user data;
• You can disable AI features at any time through settings.

5.2 Voice Processing

Voice features, when enabled, convert speech to text for transaction entry:

• Voice data is processed using OpenAI Whisper API for accurate transcription;
• Intelligent caching reduces API calls and improves response time;
• Voice recordings are processed transiently and not stored after conversion;
• All voice processing can be disabled in settings.

6. Security Measures

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

• Encryption: All data transmissions are encrypted using industry-standard protocols.
• Access Controls: Strict access controls and authentication mechanisms limit data access to authorized personnel only.
• Regular Audits: Security audits and vulnerability assessments are conducted regularly.
• Incident Response: Established procedures for detecting, responding to, and recovering from security incidents.
• Employee Training: Regular security awareness training for all personnel with access to user data.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We recommend that you:

• Use strong, unique passwords for your account;
• Enable device-level security features (PIN, biometric authentication);
• Keep your device software and applications updated;
• Report any suspected security incidents to our security team immediately.

7. Data Backup and Portability

7.1 Backup Options

Users may create encrypted backups of their data with the following characteristics:

• Backups are encrypted using your account credentials;
• Backups can be stored locally or exported to your preferred cloud service;
• Automatic backup scheduling is available with customizable frequency;
• Version history allows restoration of previous data states.

7.2 Data Export and Portability

We support your right to data portability through comprehensive export functionality:

• CSV Format: For compatibility with spreadsheet applications and financial software;
• JSON Format: For data migration and integration with other services;
• PDF Format: For human-readable reports and record-keeping;
• OFX Format: For compatibility with financial institutions and accounting software.

8. Third-Party Service Providers

We engage carefully selected third-party service providers to assist in delivering our Services. These providers are contractually obligated to:

• Process personal information solely in accordance with our instructions;
• Implement appropriate technical and organizational security measures;
• Maintain the confidentiality of all personal information;
• Delete or return all personal information upon termination of services;
• Allow us to audit their data protection practices.

Categories of service providers we may engage include:

• Firebase (Google) for optional cloud sync and crash reporting;
• OpenAI for enhanced expense categorization (optional);
• Google Sign-In for Gmail sync authentication (optional);
• Shorebird for seamless app updates;
• Local notification services for reminders and insights.

9. Legal Basis and International Data Transfers

9.1 Legal Basis for Processing

For individuals in the European Economic Area (EEA), United Kingdom, and other jurisdictions with similar requirements, we process personal information based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Services pursuant to our Terms of Service;
• Legitimate Interests: Processing for our legitimate business interests, such as improving our Services and ensuring security;
• Consent: Processing based on your explicit consent, which may be withdrawn at any time;
• Legal Obligations: Processing necessary to comply with applicable laws and regulations.

9.2 International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

• Standard Contractual Clauses approved by the European Commission;
• Adequacy decisions recognizing certain countries as providing adequate protection;
• Other valid transfer mechanisms under applicable data protection laws.

10. Your Rights and Choices

Subject to applicable law, you have the following rights regarding your personal information:

10.1 Data Subject Rights

• Access: Request access to your personal information and receive a copy of the data we hold about you;
• Rectification: Request correction of inaccurate or incomplete personal information;
• Erasure: Request deletion of your personal information under certain circumstances;
• Restriction: Request restriction of processing of your personal information;
• Portability: Receive your personal information in a structured, commonly used, and machine-readable format;
• Objection: Object to processing of your personal information based on legitimate interests;
• Automated Decision-Making: Not be subject to decisions based solely on automated processing;
• Consent Withdrawal: Withdraw consent where processing is based on consent.

10.2 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within the timeframe required by applicable law (generally within 30 days). We may require proof of identity before processing your request.

10.3 Communication Preferences

You may opt out of receiving promotional communications from us by following the unsubscribe instructions in those communications or by updating your preferences in your account settings.

11. Children's Privacy

Our Services are not intended for individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a child without verification of parental consent, we will take prompt steps to delete such information from our systems.

For users between the ages of 13 and 18, we recommend parental guidance when using financial management tools and features within our Services.

Anonymous Analytics and Improvements

With your explicit consent, we may collect anonymized usage data to improve our services:

STT Analytics Program

Our optional Speech-to-Text (STT) analytics program helps improve expense categorization accuracy:

• Participation is completely voluntary and requires explicit opt-in consent;
• Only anonymized transaction descriptions and categories are collected;
• No personal identifiers, amounts, or account information are included;
• Data is used solely to improve categorization models for all users;
• You can opt out at any time from Settings > Privacy.

Crash Reporting

We use Firebase Crashlytics to identify and fix app stability issues:

• Only technical error logs and device information are collected;
• No personal or financial data is included in crash reports;
• Reports help us improve app reliability and performance;
• You can disable crash reporting in Settings.

Privacy Rights for India Residents

In compliance with Indian data protection laws and regulations, residents of India have specific rights:

Data Localization

• Financial data of Indian residents is primarily stored locally on the device;
• When cloud sync is enabled, data may be stored in data centers within India where available;
• Cross-border data transfers comply with applicable Indian regulations.

UPI and Digital Payment Integration

When processing UPI and other digital payment notifications:

• We only read transaction notifications with your explicit permission;
• Payment credentials and UPI IDs are never stored or transmitted;
• Transaction data is processed locally for categorization;
• We comply with RBI guidelines for financial data handling.

Grievance Officer

For privacy-related concerns, Indian residents may contact our Grievance Officer at privacy@financy.app with "India Privacy Request" in the subject line.

12. Policy Updates

We reserve the right to update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, and other factors. We will provide notice of material changes through:

• Prominent notice within the application;
• Email notification to registered users (for material changes);
• Updates to the "Last Modified" date at the top of this Policy;
• Requesting your consent where required by applicable law.

We encourage you to review this Privacy Policy periodically to stay informed about our information practices. Your continued use of our Services after any changes constitutes acceptance of the updated Policy.