Privacy Policy

• Account data: your email address and authentication identifiers (we use passwordless magic-link sign-in).
• Subscription data: your subscription status, plan, and billing metadata. Payments are processed by Stripe — we do not receive or store your full card number.
• Usage and analytics data: product events (e.g. sign-in requested, paywall viewed, checkout started) and basic device/browser information, collected only with your consent.
• Technical and security data: IP address and request metadata used for security, bot protection, and error monitoring.

• To provide the Service — create your account, authenticate you, deliver reports and alerts, and manage your subscription (legal basis: performance of a contract).
• To secure the Service — prevent abuse, fraud, and bots, and monitor errors (legal basis: legitimate interests).
• To understand and improve the product through analytics (legal basis: your consent).
• To comply with legal obligations, including tax and accounting (legal basis: legal obligation).

We share data with vetted providers who process it on our behalf:

• Supabase — database and authentication.
• Stripe — payment processing and subscription billing.
• Resend — transactional and alert emails.
• PostHog — product analytics (EU region, eu.i.posthog.com), used only with your consent.
• Sentry — error monitoring.
• Cloudflare (Turnstile) — bot protection on sign-up.
• Vercel and Railway — hosting of the website and background worker.

Some providers process data outside the European Economic Area (e.g. in the United States). Where this happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and providers’ data processing agreements.

We use strictly necessary cookies to keep you signed in and to protect sign-up from bots; these are required for the Service to work. We use analytics cookies (PostHog) only after you accept them via our consent banner. You can change or withdraw your choice at any time using the "Cookie settings" link in the footer.

We keep account and subscription data for as long as your account is active and as needed to comply with legal, tax, and accounting obligations. Analytics data is retained for a limited period in line with our analytics provider’s settings. When data is no longer needed, we delete or anonymize it.

Under the GDPR you have the right to:

• access the personal data we hold about you;
• rectify inaccurate data;
• erase your data ("right to be forgotten");
• restrict or object to certain processing;
• data portability;
• withdraw consent at any time (without affecting prior processing); and
• lodge a complaint with a supervisory authority.

In Finland, the supervisory authority is the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto). To exercise any right, email us at support@finxtracker.com.

The Service is not directed to anyone under 18, and we do not knowingly collect their data.

We may update this Policy; we will revise the "Last updated" date and, for material changes, take reasonable steps to notify you. For any privacy question, contact support@finxtracker.com. See also our Terms of Service.