Privacy Policy

1.AI Provider Disclosure

When you use Ask FinNudge or other AI features, a sanitized snapshot of your financial summary (totals, category aggregates, goal percentages; never raw transaction lines, account numbers, or PII beyond your display name) is sent to our AI provider. We use Anthropic Claude as our sole AI provider. AI responses are logged for audit and quality assurance for 30 days, after which they are automatically deleted.

You can turn off AI processing entirely from Settings → General → AI & Privacy. When turned off, your financial context will not be sent to any external AI provider; rule-based budgeting, transactions, recurring bills, cash-flow views, and savings goals continue to work normally.

You may delete your AI conversation history at any time from Settings → Account → AI Data → Delete all AI history.

2.Overview

FinNudge (“we,” “our,” or “us”) is a personal finance application that connects to your bank accounts to give you a clear picture of your spending, subscriptions, and savings goals. This Privacy Policy applies to the FinNudge website and mobile applications (collectively, the “Service”).

By creating an account or using the Service you agree to the practices described in this policy. If you do not agree, please do not use FinNudge.

3.Data We Collect

We collect only the information necessary to deliver the Service:

Account credentials: your email address and a hashed password used to authenticate you. We never store your password in plaintext.
Google Sign-In (optional): if you choose to sign in with Google, we receive only your email address, name, and Google account profile picture via the standard OAuth openid email profile scopes. We do not request access to your Gmail, Google Drive, Calendar, Contacts, or any other Google service data. The Google sign-in is used solely to verify your identity and create or look up your FinNudge account.
Bank account & transaction data via Plaid: when you link a financial institution through our Plaid integration, we receive read-only access to your account balances, transaction history (merchant name, amount, date, Plaid-assigned category), and account type. We do not receive your bank login credentials; those are handled entirely by Plaid.
Profile & preferences: your subscription tier, custom spending categories, budget limits, savings goals, and notification settings that you explicitly configure within the app.
Communication data: the email address you provide for account alerts and monthly spending reports. We do not collect phone numbers.
Usage data: basic server logs (timestamps, HTTP status codes, and anonymised IP addresses) used to maintain service reliability. We do not build individual behavioral profiles from this data.

We do not collect government IDs, Social Security numbers, credit card numbers, or any sensitive identity documents.

4.How We Use Plaid

FinNudge uses Plaid Technologies, Inc. to connect to your financial institutions. When you link an account, you authenticate directly with Plaid via their secure Link interface. Your bank credentials are never transmitted to or stored by FinNudge.

Plaid provides us with a read-only access token scoped to transaction history and account balances. We use this token to periodically sync new transactions into our database. You can revoke this access at any time from Settings → Linked Accounts or directly via the Plaid Portal.

Plaid's handling of your credentials and banking data is governed by Plaid's End User Privacy Policy.

5.Google Sign-In and Google User Data

FinNudge offers Google Sign-In as an optional way to create or access your account. When you click “Sign in with Google,” you authenticate directly with Google. FinNudge receives a limited, scoped profile payload from Google containing only:

Your Google account email address
Your name (first and last) as set on your Google profile
Your Google profile picture URL (publicly available from Google)
A stable Google user identifier used to link your sessions

The OAuth scopes we request are the standard OpenID Connect scopes: openid, email, and profile. We do not request or receive access to Gmail, Google Drive, Google Calendar, Google Contacts, Google Photos, YouTube, or any other Google service.

How we use Google data: the email address and identifier are used only to authenticate you and link your sessions to your FinNudge account. Your name and profile picture are displayed to you inside FinNudge so you recognise your own account. We do not transfer Google user data to third parties, use it for advertising, or use it for purposes unrelated to user-facing account functionality.

Limited Use compliance:FinNudge's use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for serving advertisements, and Google user data is not read by humans except with your explicit consent, for security purposes, to comply with applicable law, or in aggregated anonymised form for internal operations.

You can revoke FinNudge's Google Sign-In access at any time by visiting your Google Account Permissions page. Revoking access signs you out of FinNudge on future sessions that use Google Sign-In; you can still log in with email and password if you have one set.

6.How We Use Your Data

We use the data we collect solely to provide and improve FinNudge:

Transaction categorisation: we run your transactions through an AI model to assign spending categories (e.g., “Groceries,” “Dining,” “Subscriptions”). This happens on our servers; your data is not shared with third-party AI providers in a way that associates it with your identity.
Budgeting & insights: we aggregate your transactions to compute monthly totals, category breakdowns, month-over-month comparisons, and subscription tracking.
Nudges & alerts: if you enable notifications, we use your spending patterns to send you timely alerts (e.g., approaching a budget limit or an unusual charge).
Monthly email reports: for Plus and Pro subscribers who opt in, we send a monthly summary of your spending to the email address on your account.
Service communications: transactional emails such as account confirmation, password resets, and subscription receipts.
Service improvement: aggregated, anonymised analytics to understand which features are used and to fix bugs. This analysis cannot be linked back to individual users.

7.What We Never Do

These commitments are unconditional and not subject to change based on your subscription tier:

We never sell your data. Your personal information and financial data are not sold, rented, or traded to any third party, ever.
We never use your data for advertising. We do not build advertising profiles, target ads based on your financial behaviour, or share data with ad networks or data brokers.
We never share transaction-level data. Individual transactions are never disclosed to third parties, except as required by law or as strictly necessary to operate the Service (e.g., email delivery).
We never use your data to train public AI models. Your financial data is used only to power features within your own FinNudge account.

9.Data Security

We take the security of your financial data seriously:

All data is encrypted in transit using TLS 1.2 or higher.
Data at rest is encrypted by our hosting provider (Supabase / AWS).
Access to production systems is restricted to authorised personnel only.
Database access controls use Row-Level Security (RLS) policies. Your data is logically isolated from other users at the database layer.
Plaid access tokens are stored encrypted and scoped read-only to transactions and balances.

No system is perfectly secure. If we become aware of a breach that affects your data, we will notify you promptly at the email address on your account.

10.Employee & Founder Access

FinNudge is currently operated by its founder and a small team. As the operator of a database that holds your financial information, our team has the technical abilityto read any user’s data in our systems. This is true of every financial application; what differs is the policies and controls that govern when access actually happens.

Our policy:we access an individual user’s data only when one of the following is true:

You ask us to. If you contact support with a question about your account, we may read your data to resolve it. We try to ask for permission in the support thread first.
We are debugging a confirmed system bug that we have strong reason to believe affects your account specifically.
We are required to by law (subpoena, court order, regulatory request, or other legal process).
We are investigating fraud against you or another user, for example a chargeback dispute or a suspected account takeover.

Our controls:

Audit log. Every administrative read or write against a user row is recorded in an append-only admin_audit_log table with the actor, the user, the action, the table touched, and a written reason. The log is not modifiable from application code.
Test-account fence. Administrative writes against real (non-test) user accounts are blocked at the code level unless an explicit environment override is set and a written reason is provided. This prevents accidental writes from one-off scripts or typos.
No data mining. We do not run analytics queries across user data for product or marketing purposes. Aggregate metrics (counts, revenue, feature usage) come from PostHog and never include financial values.
No exporting your data to third parties. Plaid receives the data needed to fetch your bank transactions, and Anthropic receives the sanitized AI context you opt into. No one else.

You can request a copy of the audit-log entries that reference your account at any time by emailing privacy@finnudge.money.

11.Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service:

Active accounts: transaction history, budgets, goals, and profile data are retained for the lifetime of your account. We do not auto-purge transactions on a time-based schedule. Plaid only exposes about 24 months of bank history per institution; after that window, FinNudge is the only copy of your older transactions, and we keep them.
Subscription cancellation & Plaid archiving: when you cancel a paid subscription your account remains active on the Spark tier and all historical transaction data is preserved. Because Plaid charges FinNudge per active bank connection, we remove Plaid access tokens 30 days after cancellation to avoid ongoing charges on accounts we no longer monetize. You receive an email warning around day 23. After archiving, live sync pauses but every transaction already in your ledger stays there. You can reconnect at any time by resubscribing and going through a fresh Plaid Link flow in Settings → Linked Accounts.
Disconnecting a linked bank: when you disconnect a Plaid-linked institution from Accounts, we revoke the Plaid access token and permanently delete the transactions tied to those accounts. The in-app confirm dialog offers a CSV-export link before you commit, so you can retain your own copy.
Account deletion: when you delete your FinNudge account (via Settings → Account → Delete Account), we permanently delete all of your personal data, transaction history, and linked account tokens within 7 days. We may retain anonymised, aggregate statistics that cannot be linked to you.
AI conversation logs: conversations with Ask FinNudge are purged after 30 days on a daily cron. This is a privacy promise, not a storage limit.
Plaid access tokens: revoked immediately upon account deletion or when you disconnect a linked institution.
Backup retention: encrypted database backups may persist for up to 30 additional days after deletion before being purged from backup systems.

12.Your Rights

You have the following rights with respect to your data:

Access: you can view all transaction, budget, and goal data directly within the app, and export transactions as CSV at any time (no tier required).
Correction: you can edit transaction categories, merchant names, and notes at any time from the Transactions page.
Deletion: you can delete individual transactions or your entire account at any time. Account deletion is available in Settings → Account.
Portability: you can download a complete JSON export of every row we store about you (profile, accounts, transactions, categories, goals, recurring detections, nudges, and more) from Settings → Account → Export your data → Download full export (JSON). Plaid access tokens are stripped from the export for your safety. If you prefer email delivery or need a non-JSON format, email us at privacy@finnudge.money.
Opt-out of email reports: you can disable monthly email reports at any time in Settings → Notifications.

If you are located in the European Economic Area (EEA) or the United Kingdom, you may also have rights under GDPR, including the right to lodge a complaint with your local data protection authority. Please contact us first and we will do our best to resolve any concerns.

13.Cookies & Tracking

FinNudge uses a minimal number of cookies:

Authentication cookies: a session token set by Supabase Auth to keep you signed in. This cookie is strictly necessary for the Service to function.
Theme preference: a localStorage entry to remember your light/dark mode preference. This never leaves your browser.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

14.Children's Privacy

FinNudge requires users to be at least 18 years old (or the age of majority in their jurisdiction). We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it promptly. To report this, contact us at privacy@finnudge.money.

We also do not knowingly collect personal information from children under 13 as defined by the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided information through FinNudge, please contact us immediately.

15.Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email (at the address on your account) and update the “Last updated” date at the top of this page. Continued use of FinNudge after the effective date of an updated policy constitutes your acceptance of the changes.

16.Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: privacy@finnudge.money
Response time: We aim to respond to all privacy-related inquiries within 5 business days.

1.AI Provider Disclosure

You may delete your AI conversation history at any time from Settings → Account → AI Data → Delete all AI history.

2.Overview

By creating an account or using the Service you agree to the practices described in this policy. If you do not agree, please do not use FinNudge.

3.Data We Collect

We collect only the information necessary to deliver the Service:

Account credentials: your email address and a hashed password used to authenticate you. We never store your password in plaintext.
Google Sign-In (optional): if you choose to sign in with Google, we receive only your email address, name, and Google account profile picture via the standard OAuth openid email profile scopes. We do not request access to your Gmail, Google Drive, Calendar, Contacts, or any other Google service data. The Google sign-in is used solely to verify your identity and create or look up your FinNudge account.
Bank account & transaction data via Plaid: when you link a financial institution through our Plaid integration, we receive read-only access to your account balances, transaction history (merchant name, amount, date, Plaid-assigned category), and account type. We do not receive your bank login credentials; those are handled entirely by Plaid.
Profile & preferences: your subscription tier, custom spending categories, budget limits, savings goals, and notification settings that you explicitly configure within the app.
Communication data: the email address you provide for account alerts and monthly spending reports. We do not collect phone numbers.
Usage data: basic server logs (timestamps, HTTP status codes, and anonymised IP addresses) used to maintain service reliability. We do not build individual behavioral profiles from this data.

We do not collect government IDs, Social Security numbers, credit card numbers, or any sensitive identity documents.

4.How We Use Plaid

Plaid's handling of your credentials and banking data is governed by Plaid's End User Privacy Policy.

5.Google Sign-In and Google User Data

Your Google account email address
Your name (first and last) as set on your Google profile
Your Google profile picture URL (publicly available from Google)
A stable Google user identifier used to link your sessions

6.How We Use Your Data

We use the data we collect solely to provide and improve FinNudge:

Transaction categorisation: we run your transactions through an AI model to assign spending categories (e.g., “Groceries,” “Dining,” “Subscriptions”). This happens on our servers; your data is not shared with third-party AI providers in a way that associates it with your identity.
Budgeting & insights: we aggregate your transactions to compute monthly totals, category breakdowns, month-over-month comparisons, and subscription tracking.
Nudges & alerts: if you enable notifications, we use your spending patterns to send you timely alerts (e.g., approaching a budget limit or an unusual charge).
Monthly email reports: for Plus and Pro subscribers who opt in, we send a monthly summary of your spending to the email address on your account.
Service communications: transactional emails such as account confirmation, password resets, and subscription receipts.
Service improvement: aggregated, anonymised analytics to understand which features are used and to fix bugs. This analysis cannot be linked back to individual users.

7.What We Never Do

These commitments are unconditional and not subject to change based on your subscription tier:

We never sell your data. Your personal information and financial data are not sold, rented, or traded to any third party, ever.
We never use your data for advertising. We do not build advertising profiles, target ads based on your financial behaviour, or share data with ad networks or data brokers.
We never share transaction-level data. Individual transactions are never disclosed to third parties, except as required by law or as strictly necessary to operate the Service (e.g., email delivery).
We never use your data to train public AI models. Your financial data is used only to power features within your own FinNudge account.

9.Data Security

We take the security of your financial data seriously:

All data is encrypted in transit using TLS 1.2 or higher.
Data at rest is encrypted by our hosting provider (Supabase / AWS).
Access to production systems is restricted to authorised personnel only.
Database access controls use Row-Level Security (RLS) policies. Your data is logically isolated from other users at the database layer.
Plaid access tokens are stored encrypted and scoped read-only to transactions and balances.

No system is perfectly secure. If we become aware of a breach that affects your data, we will notify you promptly at the email address on your account.

10.Employee & Founder Access

Our policy:we access an individual user’s data only when one of the following is true:

You ask us to. If you contact support with a question about your account, we may read your data to resolve it. We try to ask for permission in the support thread first.
We are debugging a confirmed system bug that we have strong reason to believe affects your account specifically.
We are required to by law (subpoena, court order, regulatory request, or other legal process).
We are investigating fraud against you or another user, for example a chargeback dispute or a suspected account takeover.

Our controls:

Audit log. Every administrative read or write against a user row is recorded in an append-only admin_audit_log table with the actor, the user, the action, the table touched, and a written reason. The log is not modifiable from application code.
Test-account fence. Administrative writes against real (non-test) user accounts are blocked at the code level unless an explicit environment override is set and a written reason is provided. This prevents accidental writes from one-off scripts or typos.
No data mining. We do not run analytics queries across user data for product or marketing purposes. Aggregate metrics (counts, revenue, feature usage) come from PostHog and never include financial values.
No exporting your data to third parties. Plaid receives the data needed to fetch your bank transactions, and Anthropic receives the sanitized AI context you opt into. No one else.

You can request a copy of the audit-log entries that reference your account at any time by emailing privacy@finnudge.money.

11.Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide the Service:

Active accounts: transaction history, budgets, goals, and profile data are retained for the lifetime of your account. We do not auto-purge transactions on a time-based schedule. Plaid only exposes about 24 months of bank history per institution; after that window, FinNudge is the only copy of your older transactions, and we keep them.
Subscription cancellation & Plaid archiving: when you cancel a paid subscription your account remains active on the Spark tier and all historical transaction data is preserved. Because Plaid charges FinNudge per active bank connection, we remove Plaid access tokens 30 days after cancellation to avoid ongoing charges on accounts we no longer monetize. You receive an email warning around day 23. After archiving, live sync pauses but every transaction already in your ledger stays there. You can reconnect at any time by resubscribing and going through a fresh Plaid Link flow in Settings → Linked Accounts.
Disconnecting a linked bank: when you disconnect a Plaid-linked institution from Accounts, we revoke the Plaid access token and permanently delete the transactions tied to those accounts. The in-app confirm dialog offers a CSV-export link before you commit, so you can retain your own copy.
Account deletion: when you delete your FinNudge account (via Settings → Account → Delete Account), we permanently delete all of your personal data, transaction history, and linked account tokens within 7 days. We may retain anonymised, aggregate statistics that cannot be linked to you.
AI conversation logs: conversations with Ask FinNudge are purged after 30 days on a daily cron. This is a privacy promise, not a storage limit.
Plaid access tokens: revoked immediately upon account deletion or when you disconnect a linked institution.
Backup retention: encrypted database backups may persist for up to 30 additional days after deletion before being purged from backup systems.

12.Your Rights

You have the following rights with respect to your data:

Access: you can view all transaction, budget, and goal data directly within the app, and export transactions as CSV at any time (no tier required).
Correction: you can edit transaction categories, merchant names, and notes at any time from the Transactions page.
Deletion: you can delete individual transactions or your entire account at any time. Account deletion is available in Settings → Account.
Portability: you can download a complete JSON export of every row we store about you (profile, accounts, transactions, categories, goals, recurring detections, nudges, and more) from Settings → Account → Export your data → Download full export (JSON). Plaid access tokens are stripped from the export for your safety. If you prefer email delivery or need a non-JSON format, email us at privacy@finnudge.money.
Opt-out of email reports: you can disable monthly email reports at any time in Settings → Notifications.

13.Cookies & Tracking

FinNudge uses a minimal number of cookies:

Authentication cookies: a session token set by Supabase Auth to keep you signed in. This cookie is strictly necessary for the Service to function.
Theme preference: a localStorage entry to remember your light/dark mode preference. This never leaves your browser.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

14.Children's Privacy

15.Changes to This Policy

16.Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: privacy@finnudge.money
Response time: We aim to respond to all privacy-related inquiries within 5 business days.

1.AI Provider Disclosure

2.Overview

3.Data We Collect

4.How We Use Plaid

5.Google Sign-In and Google User Data

6.How We Use Your Data

7.What We Never Do

8.Data Sharing &amp; Sub-processors

9.Data Security

10.Employee &amp; Founder Access

11.Data Retention &amp; Deletion

12.Your Rights

13.Cookies &amp; Tracking

14.Children's Privacy

15.Changes to This Policy

16.Contact Us

Privacy Policy

1.AI Provider Disclosure

2.Overview

3.Data We Collect

4.How We Use Plaid

5.Google Sign-In and Google User Data

6.How We Use Your Data

7.What We Never Do

8.Data Sharing &amp; Sub-processors

9.Data Security

10.Employee &amp; Founder Access

11.Data Retention &amp; Deletion

12.Your Rights

13.Cookies &amp; Tracking

14.Children's Privacy

15.Changes to This Policy

16.Contact Us

8.Data Sharing & Sub-processors

10.Employee & Founder Access

11.Data Retention & Deletion

13.Cookies & Tracking

8.Data Sharing & Sub-processors

10.Employee & Founder Access

11.Data Retention & Deletion

13.Cookies & Tracking