Privacy Policy

finTrack is designed with a local-first architecture that keeps your financial data on your device. We collect only the minimum information required to operate the service.

• Authentication Data: When you sign in with Google, we receive your name, email address, profile picture URL, and a unique Google user ID. This is used solely to identify your session.
• Financial Data (Local Only): All transactions, accounts, tasks, contacts, and attachments are stored locally on your device in IndexedDB. This data never reaches our servers unless you explicitly enable Cloud Sync (Pro/Business feature).
• Subscription & Billing: Payments are processed by Paddle.com. We receive only your subscription tier and billing period — never your card details.
• Usage Analytics: Anonymous, aggregated usage data (e.g., feature interaction counts) may be collected to improve the product. This data is never linked to your identity.

We use the data we collect exclusively to provide and improve finTrack. Specifically:

• To authenticate your identity and maintain your session
• To enable Cloud Sync so you can access your data across devices (Pro/Business only)
• To manage your subscription status and unlock paid features
• To provide AI-powered insights via the Gemini API — queries are processed and not stored by us
• To send transactional emails (e.g., payment confirmations) via our email provider
• To improve reliability and user experience using anonymised analytics

Data retention depends on where your data lives:

• Local financial data: Stored on your device indefinitely until you clear your browser storage or use the "Delete All Data" option in Settings.
• Cloud Sync data (Pro/Business): Retained while your account is active. Deleted within 30 days after account closure upon request.
• Authentication records: Retained while your account exists. Deleted promptly upon account deletion request.
• Billing records: Retained for 7 years as required by Sri Lankan tax and financial regulations.

Depending on your location, you may have the following rights under GDPR, CCPA, or Sri Lankan data protection principles:

• Right of Access: Request a copy of the personal data we hold about you (name, email, subscription status).
• Right to Erasure: Request deletion of your account and all associated data from our servers at any time.
• Right to Rectification: Request correction of inaccurate personal information.
• Right to Portability: Export your local financial data at any time via the built-in CSV, PDF, or Excel export features.
• Right to Object: Object to processing of your data for analytics purposes. Contact us and we will exclude you.
• California Residents (CCPA): We do not sell personal information. You have the right to know what data we collect and to request its deletion.

To exercise any of these rights, email us at support@fin-track.app. We respond within 30 days.

If you have questions about this Privacy Policy, wish to exercise your rights, or report a data concern, please contact us: