FinNudge

Legal

Privacy Policy

We built FinNudge to help you understand your money — not to profit from your data. This policy explains exactly what we collect, why, and what we never do.

Last updated: April 6, 2025

1.Overview

FinNudge (“we,” “our,” or “us”) is a personal finance application that connects to your bank accounts to give you a clear picture of your spending, subscriptions, and savings goals. This Privacy Policy applies to the FinNudge website and mobile applications (collectively, the “Service”).

By creating an account or using the Service you agree to the practices described in this policy. If you do not agree, please do not use FinNudge.

2.Data We Collect

We collect only the information necessary to deliver the Service:

  • Account credentials — your email address and a hashed password used to authenticate you. We never store your password in plaintext.
  • Bank account & transaction data via Plaid — when you link a financial institution through our Plaid integration, we receive read-only access to your account balances, transaction history (merchant name, amount, date, Plaid-assigned category), and account type. We do not receive your bank login credentials; those are handled entirely by Plaid.
  • Profile & preferences — your subscription tier, custom spending categories, budget limits, savings goals, and notification settings that you explicitly configure within the app.
  • Communication data — the email address you provide for account alerts and monthly spending reports. We do not collect phone numbers.
  • Usage data — basic server logs (timestamps, HTTP status codes, and anonymised IP addresses) used to maintain service reliability. We do not build individual behavioral profiles from this data.

We do not collect government IDs, Social Security numbers, credit card numbers, or any sensitive identity documents.

3.How We Use Plaid

FinNudge uses Plaid Technologies, Inc. to connect to your financial institutions. When you link an account, you authenticate directly with Plaid via their secure Link interface — your bank credentials are never transmitted to or stored by FinNudge.

Plaid provides us with a read-only access token scoped to transaction history and account balances. We use this token to periodically sync new transactions into our database. You can revoke this access at any time from Settings → Linked Accounts or directly via the Plaid Portal.

Plaid's handling of your credentials and banking data is governed by Plaid's End User Privacy Policy.

4.How We Use Your Data

We use the data we collect solely to provide and improve FinNudge:

  • Transaction categorisation— we run your transactions through an AI model to assign spending categories (e.g., “Groceries,” “Dining,” “Subscriptions”). This happens on our servers; your data is not shared with third-party AI providers in a way that associates it with your identity.
  • Budgeting & insights — we aggregate your transactions to compute monthly totals, category breakdowns, month-over-month comparisons, and subscription tracking.
  • Nudges & alerts — if you enable notifications, we use your spending patterns to send you timely alerts (e.g., approaching a budget limit or an unusual charge).
  • Monthly email reports — for Plus and Pro subscribers who opt in, we send a monthly summary of your spending to the email address on your account.
  • Service communications — transactional emails such as account confirmation, password resets, and subscription receipts.
  • Service improvement — aggregated, anonymised analytics to understand which features are used and to fix bugs. This analysis cannot be linked back to individual users.

5.What We Never Do

These commitments are unconditional — they are not subject to change based on your subscription tier:

  • We never sell your data. Your personal information and financial data are not sold, rented, or traded to any third party, ever.
  • We never use your data for advertising. We do not build advertising profiles, target ads based on your financial behaviour, or share data with ad networks or data brokers.
  • We never share transaction-level data. Individual transactions are never disclosed to third parties, except as required by law or as strictly necessary to operate the Service (e.g., email delivery).
  • We never use your data to train public AI models. Your financial data is used only to power features within your own FinNudge account.

6.Data Sharing & Sub-processors

We share data with a small number of trusted service providers strictly to operate FinNudge. Each sub-processor is bound by confidentiality obligations and may only use your data for the specific purpose we engage them for:

  • Plaid Technologies, Inc. — bank connectivity and transaction retrieval.
  • Supabase, Inc. — database hosting and authentication (servers located in the United States).
  • Resend, Inc. — transactional email delivery. Resend receives your email address and the content of emails we send you (e.g., spending reports).
  • Stripe, Inc. — payment processing for Plus and Pro subscriptions. Stripe handles all payment card data; FinNudge never stores card numbers.
  • Vercel, Inc. — web application hosting.

We may disclose information if required by law, court order, or to protect the rights, property, or safety of FinNudge, our users, or the public.

7.Data Security

We take the security of your financial data seriously:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Data at rest is encrypted by our hosting provider (Supabase / AWS).
  • Access to production systems is restricted to authorised personnel only.
  • Database access controls use Row-Level Security (RLS) policies — your data is logically isolated from other users at the database layer.
  • Plaid access tokens are stored encrypted and scoped read-only to transactions and balances.

No system is perfectly secure. If we become aware of a breach that affects your data, we will notify you promptly at the email address on your account.

8.Data Retention & Deletion

We retain your data only as long as your account is active or as needed to provide the Service:

  • Active accounts — transaction history, budgets, goals, and profile data are retained for the lifetime of your account.
  • Account deletion — when you delete your account (via Settings → Account → Delete Account), we will permanently delete all of your personal data, transaction history, and linked account tokens within 30 days. We may retain anonymised, aggregate statistics that cannot be linked to you.
  • Plaid access tokens — revoked immediately upon account deletion or when you disconnect a linked account.
  • Backup retention — encrypted database backups may persist for up to 30 additional days after deletion before being purged from backup systems.

9.Your Rights

You have the following rights with respect to your data:

  • Access — you can view all transaction, budget, and goal data directly within the app. Plus and Pro subscribers can export transactions as CSV from the Transactions page.
  • Correction — you can edit transaction categories, merchant names, and notes at any time from the Transactions page.
  • Deletion — you can delete individual transactions or your entire account at any time. Account deletion is available in Settings → Account.
  • Portability — you can request a full export of your data by emailing us at sharvee@finnudge.money. We will provide a machine-readable copy within 30 days.
  • Opt-out of email reports — you can disable monthly email reports at any time in Settings → Notifications.

If you are located in the European Economic Area (EEA) or the United Kingdom, you may also have rights under GDPR, including the right to lodge a complaint with your local data protection authority. Please contact us first and we will do our best to resolve any concerns.

10.Cookies & Tracking

FinNudge uses a minimal number of cookies:

  • Authentication cookies — a session token set by Supabase Auth to keep you signed in. This cookie is strictly necessary for the Service to function.
  • Theme preference — a localStorage entry to remember your light/dark mode preference. This never leaves your browser.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

11.Children's Privacy

FinNudge is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12.Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email (at the address on your account) and update the “Last updated” date at the top of this page. Continued use of FinNudge after the effective date of an updated policy constitutes your acceptance of the changes.

13.Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

  • Email: sharvee@finnudge.money
  • Response time: We aim to respond to all privacy-related inquiries within 5 business days.