Privacy Policy

Introduction

finTrakt ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our personal finance tracking application.

Information We Collect

Account Information

• Email address (via OAuth providers or direct signup)
• Name and profile picture (from OAuth providers like Google)
• Authentication credentials (managed by OAuth providers or securely hashed)

Google OAuth Data

When you sign in with Google, we receive:

• Your Google email address
• Your Google profile name
• Your Google profile picture (optional)
• A unique Google user ID for authentication

We do not access your Google account data, Gmail, Drive, Calendar, or any other Google services. We only use Google OAuth for authentication purposes.

Financial Data

• Financial account information (names, balances, types)
• Recurring income and expense records
• One-time transaction records
• Holiday expenses and budgets
• Currency preferences

Usage Information

• Browser type and version
• Device information
• IP address
• Pages visited and features used

How We Use Your Information

• To provide and maintain the finance tracking service
• To authenticate your account securely
• To display your financial data and analytics
• To improve our application and user experience
• To send important service notifications (if enabled)

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database) with industry-standard encryption:

• All data is encrypted at rest using AES-256 encryption
• All connections use HTTPS/TLS 1.3 encryption in transit
• Row Level Security (RLS) ensures users can only access their own data
• Regular security updates and monitoring
• Database backups are encrypted and stored securely

Data Location: Your data is stored in Supabase's infrastructure. You can check your specific region in your Supabase project settings. Supabase provides data centers in multiple regions including US, EU, and Asia-Pacific.

Third-Party Services

We use the following third-party services:

• Google OAuth: For optional authentication. When you sign in with Google, you are subject to Google's Privacy Policy and Terms of Service. We only request basic profile information (email, name, picture) for authentication and do not access any other Google services.
• Microsoft OAuth: For optional authentication. When you sign in with Microsoft, you are subject to Microsoft Privacy Statement. We only request basic profile information for authentication.
• Supabase: Database and authentication infrastructure (subject to Supabase Privacy Policy). Your data is stored securely with encryption at rest.
• Vercel: Hosting and deployment (subject to Vercel Privacy Policy). Application hosting only, no data processing.

Data Sharing: We do not sell, rent, or share your personal data with any third parties for marketing purposes. The services listed above are used solely to operate and secure the application.

Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Remembering your preferences (theme, sidebar state)
• Security and fraud prevention

We do not use third-party advertising or analytics cookies.

Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and all associated data
• Export your data in a portable format
• Withdraw consent for data processing

Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data will be permanently deleted within 30 days.

Children's Privacy

finTrakt is not intended for users under the age of 18. We do not knowingly collect information from children under 18.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy.

Contact Us

If you have any questions about this Privacy Policy or your data, please contact us through the application.