Privacy Policy

Introduction

Finny is a personal finance app that helps you see your full financial picture — spending, budgets, and net worth — across every account in one place. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your personal data.

By using Finny, you agree to the practices described below. If you have questions, contact us at privacy@meetfinny.com.

Information we collect

Account information

When you sign up, we collect your email address and (optionally) your name. If you sign in with Apple or Google, we receive the identifier and email those providers share with us. Authentication is handled by Supabase Auth.

Financial account data (via Plaid)

Finny uses Plaid to securely connect to your bank, credit card, brokerage, and retirement accounts. With your permission, Plaid shares with us:

• Account names, types, masked numbers, and balances
• Transactions (description, amount, date, category, merchant)
• Investment holdings and securities (only after you explicitly connect an investment account)

We never see or store your bank credentials. Plaid handles the login flow directly with your financial institution. Plaid's own privacy policy applies to that exchange — see plaid.com/legal.

Profile and preferences

Information you enter in the app — budgets, FIRE targets, category overrides, hidden accounts, household preferences, notification settings — is stored against your account.

AI chat conversations

Messages you send to Finny's AI assistant, and the assistant's replies, are stored so you can scroll back through your conversation history. The assistant fetches financial figures on demand via internal tool calls; financial numbers are never embedded in the prompt sent to the model. Voice messages are transcribed by OpenAI Whisper and the audio is discarded after transcription.

Device and usage information

We collect technical information needed to run the service: device type and OS version, app version, IP address, crash reports, and anonymised product usage events. We do not send transaction amounts, balances, merchant names, or chat content to our analytics provider.

Subscription and billing

Subscriptions are processed through Apple's App Store and managed via RevenueCat. We receive your subscription status, entitlement, and renewal events — never your card or payment details.

How we use your information

• Provide the service. Show your accounts, transactions, budgets, net worth, investments, and FIRE projections; sync nightly with Plaid; power the AI assistant.
• Improve the service. Aggregate, anonymised usage data helps us understand which features are useful and where the app needs work.
• Communicate with you. Send service notifications (e.g. sync issues, upcoming bills you opted into) via email and push.
• Keep accounts safe. Detect fraud, abuse, and unauthorised access.
• Comply with the law. Meet our regulatory obligations.

We do not sell your data. We do not use your data for advertising. We do not share your transactions with brokers, advertisers, or data resellers.

How AI processes your data

Finny's AI assistant uses large language models from Anthropic and Google (via Vertex AI). When you ask the assistant a question, only the data needed to answer that specific question is sent to the model — for example, the spending total for a category in a given month, fetched on demand by an internal tool call.

We have configured these providers so that your conversations are not used to train their models. The model returns an answer; we display it to you and store it alongside the conversation history.

We use OpenAI Whisper to transcribe voice messages. The audio is discarded once the transcription is returned.

How we store and secure your data

Encryption

Plaid access tokens — the keys that let Finny fetch transactions from your bank — are encrypted at rest with AES-256-GCM. All data in transit uses TLS. Database storage is provided by Supabase (Postgres).

Access controls

Every record tied to a user enforces row-level security in the database, so your data can only be read by your authenticated session. Internal access by Finny personnel is restricted and audited.

On-device security

Authentication tokens on iOS are stored in the Keychain. The app supports biometric (Face ID / Touch ID) lock for an additional layer of protection.

Retention

• Account data is kept while your account is active.
• Plaid-synced data is kept until you remove the connection or delete your account.
• Chat history is kept until you clear it or delete your account.
• Logs and crash reports are kept up to 12 months for security and reliability purposes.

When you delete your account, we delete or anonymise your data within 30 days. Encrypted backups may retain residual copies for up to 90 days.

Who we share data with

We share data only with the service providers that help us run Finny, and only the data they need to do their job:

• Plaid — to retrieve transactions, balances, and holdings from your financial institutions.
• Supabase — database, authentication, and file storage.
• Anthropic, Google (Vertex AI), OpenAI (Whisper) — to power the AI assistant and voice transcription. Your conversations are not used to train their models.
• RevenueCat & Apple — subscription billing.
• OneSignal — push notifications.
• Sentry — crash reporting (no financial values, transaction details, or chat content).
• PostHog — product analytics. We never send financial figures, merchant names, transaction details, or chat content to PostHog.
• Railway — application hosting.

We may also disclose data when required by law, to enforce our Terms, to protect our rights, or in connection with a corporate transaction (we'd notify you in advance if your data was affected).

Cookies and tracking

The Finny marketing website uses two categories of cookies and similar storage:

• Necessary — required for the site to work (e.g. remembering your cookie choice).
• Analytics — help us understand which pages are useful so we can improve them. These run only after you consent (visitors in the EEA, UK, and Switzerland), or where consent is not legally required.

You can change your preferences any time using the "Cookie settings" link in the footer. The mobile app does not use third-party advertising or tracking SDKs.

Your rights and choices

Access, correction, deletion

You can view and edit your profile in the app, and you can delete your account from Settings → Account → Delete account. Account deletion removes your data from our active systems within 30 days.

Disconnecting accounts

You can disconnect any linked bank, brokerage, or retirement account from Settings → Connections. Disconnecting stops further sync and revokes our Plaid access token for that institution.

Push and email

You can turn off push notifications in iOS Settings or in the app, and unsubscribe from non-essential emails using the link in any message.

EEA, UK, and Switzerland residents

You have additional rights under GDPR / UK GDPR, including access, rectification, erasure, restriction, portability, and objection. To exercise them, email privacy@meetfinny.com. You also have the right to lodge a complaint with your local data protection authority.

California residents

You have rights under the CCPA / CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. We do not sell or share your personal information.

Children's privacy

Finny is not intended for users under 18, and we do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact privacy@meetfinny.com and we will delete the account.

International transfers

Finny is operated from the United States and your data may be processed in the US or other countries where our service providers operate. Where required, we rely on standard contractual clauses or other legally recognised transfer mechanisms.

Changes to this policy

We may update this policy from time to time. If the changes are material, we'll let you know by email or in-app notice before they take effect. The "Last updated" date at the top reflects the most recent revision.

Contact us

Finny Inc.
Email: privacy@meetfinny.com
Support: support@meetfinny.com
Security: security@meetfinny.com