Privacy Policy

1. Introduction

Welcome to Finlingo. We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name
• Password (stored in hashed form only)
• Profile photo (if you choose to upload one)

2.2 Financial Data

If you choose to connect your bank accounts through Plaid, we may access:

• Account names and types
• Account balances
• Transaction history (merchant names, amounts, dates, categories)
• Institution names

Important: We never have access to your bank login credentials. These are handled securely by Plaid.

2.3 Chat and AI Interaction Data

When you interact with Finny, our AI assistant, we collect:

• Messages you send to Finny
• Conversation history
• AI-generated responses

2.4 Usage and Device Information

We automatically collect:

• Device identifiers
• Device type and operating system
• App usage patterns and feature interactions
• Push notification tokens (for sending notifications)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Generate personalized financial insights and education
• Power Finny AI to respond to your questions
• Track your financial goals and progress
• Send push notifications (with your consent)
• Provide customer support
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. Third-Party Services and Data Sharing

We work with the following third-party service providers to deliver our Service:

4.1 Plaid, Inc.

We use Plaid to securely connect to your bank accounts and retrieve financial data. When you connect a bank account, your data is subject to Plaid's Privacy Policy. Plaid does not share your bank credentials with us.

4.2 OpenAI (Third-Party AI)

OpenAI's handling of data is governed by their Privacy Policy and API Data Usage Policies.

4.3 RevenueCat

We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat receives information about your purchases and subscription status.

4.4 Expo (Push Notifications)

We use Expo's push notification service to send you notifications. This requires sharing your device push token with Expo.

4.5 Data We Do NOT Share

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We do not share your financial data with third parties except as described in this policy.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
• Secure Token Storage: Authentication tokens are stored in your device's secure storage (iOS Keychain / Android Keystore)
• Password Security: Passwords are hashed using industry-standard algorithms and never stored in plaintext
• No Hardcoded Credentials: We never store API keys or sensitive credentials in our mobile app code

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability

You can request a copy of all personal data we hold about you. Use the "Export Your Data" feature in the app's Privacy & Data settings, or contact us directly.

6.2 Correction

You can update your account information at any time through the app's settings. If you need to correct other data, please contact us.

6.3 Deletion

You have the right to delete your account and all associated data. To delete your account:

1. Go to Profile > Account Settings > Delete Account
2. Confirm your password
3. Your account and all data will be permanently deleted

Account deletion includes: profile information, financial data, chat history, goals, progress, and all other data associated with your account.

6.4 Opt-Out of Data Sharing

You can manage your data sharing preferences in the app's Privacy & Data settings, including:

• Disconnecting bank accounts at any time
• Disabling push notifications
• Managing consent preferences

6.5 Do Not Track

We do not track users across third-party websites and do not respond to Do Not Track signals.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our Service. When you delete your account:

• Your personal data is deleted from our active systems
• Backup copies may be retained for up to 30 days before permanent deletion
• Some data may be retained longer if required by law or for legitimate business purposes (e.g., fraud prevention)

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@finlingo.ai. We will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. By using our Service, you consent to the transfer of your information to the United States and other countries where we and our service providers operate.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
• Right to Delete: You can request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• No Sale of Personal Information: We do not sell your personal information to third parties

To exercise these rights, contact us at support@finlingo.ai.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request access to your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Request your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data

To exercise these rights, contact us at support@finlingo.ai. You also have the right to lodge a complaint with your local data protection authority.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you a notification through the app or via email for significant changes

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your privacy rights, please contact us:

We aim to respond to all privacy-related requests within 30 days.