Privacy Policy

How we protect and handle your personal and financial data.

Last Updated: January 15, 2024

Your Privacy Matters

At FinKitty Ltd ("we", "our", or "us"), we understand that your financial data is among your most sensitive information. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our financial management services.

We are committed to transparency and your right to control your personal data. This policy is written in plain English to make it easy to understand exactly what we do with your information.

πŸ’‘ In simple terms: We only collect the information needed to provide our service, we never sell your data, and you're always in control of your information.

1. Information We Collect

Personal Information

When you create an account, we collect:

  • β€’ Your name and email address
  • β€’ Password (encrypted and never stored in plain text)
  • β€’ Business name and type (if applicable)
  • β€’ Phone number (optional, for account security)
  • β€’ Profile preferences and settings

Financial Data

Through Open Banking connections, we access:

  • β€’ Bank account balances and transaction history
  • β€’ Account details (account numbers, sort codes, bank names)
  • β€’ Transaction descriptions and categories
  • β€’ Account holder names (for verification purposes)

Important: We only have read-only access to your bank accounts. We cannot move money, make payments, or modify your accounts in any way.

Usage Information

We automatically collect:

  • β€’ How you use our service (features accessed, time spent)
  • β€’ Device information (browser type, operating system)
  • β€’ IP address and general location
  • β€’ Log files and error reports
  • β€’ Cookies and similar tracking technologies

πŸ’‘ What this means: We only collect information that's necessary to provide our service or required by law. We don't collect unnecessary personal details or browse through unrelated data.

2. How We Use Your Information

Service Provision

  • β€’ Categorize and analyze your transactions
  • β€’ Generate cash flow forecasts and insights
  • β€’ Create financial reports and dashboards
  • β€’ Provide scenario planning and goal tracking
  • β€’ Sync data across your connected accounts

Account Management

  • β€’ Verify your identity and prevent fraud
  • β€’ Provide customer support and technical assistance
  • β€’ Send important account notifications
  • β€’ Process billing and subscription management
  • β€’ Maintain account security

Service Improvement

  • β€’ Analyze usage patterns to improve our service
  • β€’ Develop new features and functionality
  • β€’ Fix bugs and technical issues
  • β€’ Optimize performance and user experience

Legal and Compliance

  • β€’ Comply with legal obligations and regulations
  • β€’ Prevent fraud and ensure platform security
  • β€’ Respond to legal requests and court orders
  • β€’ Maintain audit trails as required by law

πŸ’‘ What this means: We only use your information to provide our service, keep your account secure, and meet legal requirements. We don't use your data for advertising or sell it to third parties.

3. How We Share Your Information

We Do NOT Sell Your Data

We never sell, rent, or trade your personal or financial information to third parties for marketing purposes. Your data is not our productβ€”our service is.

Limited Sharing for Service Provision

We only share your information in these specific circumstances:

Service Providers

  • β€’ GoCardless (for Open Banking connections)
  • β€’ Supabase (for secure data storage)
  • β€’ Stripe (for payment processing)
  • β€’ Email service providers (for notifications)

All service providers are contractually bound to protect your data and only use it for providing services to us.

Legal Requirements

We may share information when required by law:

  • β€’ Court orders or legal subpoenas
  • β€’ Regulatory investigations
  • β€’ Fraud prevention and law enforcement
  • β€’ National security requirements

Business Transfers

If FinKitty is acquired or merged, your information may transfer to the new company. You would be notified of any such change and your rights would remain protected.

πŸ’‘ What this means: We only share your information when absolutely necessary to provide our service or when required by law. We never share data for marketing or commercial purposes.

4. How We Protect Your Information

Encryption and Security

  • β€’ All data is encrypted in transit using TLS 1.3
  • β€’ Sensitive data is encrypted at rest using AES-256
  • β€’ Passwords are hashed using industry-standard algorithms
  • β€’ Regular security audits and penetration testing
  • β€’ Multi-factor authentication available

Access Controls

  • β€’ Role-based access controls for our team
  • β€’ Regular access reviews and revocation
  • β€’ Principle of least privilege
  • β€’ Comprehensive audit logging

Infrastructure Security

  • β€’ Data stored in secure, monitored data centers
  • β€’ Automatic security updates and patches
  • β€’ Intrusion detection and prevention systems
  • β€’ Regular backups with encryption
  • β€’ Disaster recovery procedures

Incident Response

If a security incident occurs, we will:

  • β€’ Notify affected users within 72 hours
  • β€’ Report to relevant authorities as required
  • β€’ Investigate and remediate the issue
  • β€’ Implement additional safeguards to prevent recurrence

πŸ’‘ What this means: We use bank-grade security measures to protect your data. Your information is encrypted, access is strictly controlled, and we monitor for threats 24/7.

5. Your Rights and Choices

Under GDPR and UK Data Protection Law

You have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you. We'll provide this in a structured, commonly used format within 30 days.

Right to Rectification

Correct any inaccurate or incomplete personal data. You can update most information directly in your account settings.

Right to Erasure

Request deletion of your personal data. Note that some data may be retained for legal compliance or legitimate business purposes.

Right to Portability

Export your data in a machine-readable format to transfer to another service.

Right to Object

Object to processing of your data for specific purposes, including marketing communications.

Right to Withdraw Consent

Withdraw consent for any processing based on consent, though this won't affect previously lawful processing.

How to Exercise Your Rights

Contact us at privacy@finkitty.com or through your account settings. We'll respond within 30 days and verify your identity before processing requests.

πŸ’‘ What this means: You're in control of your data. You can access it, correct it, export it, or delete it at any time. We make exercising these rights as simple as possible.

6. Cookies and Tracking

Essential Cookies

We use cookies that are necessary for our service to function:

  • β€’ Authentication and session management
  • β€’ Security and fraud prevention
  • β€’ Load balancing and performance
  • β€’ User preferences and settings

Analytics Cookies

We use analytics tools to understand how our service is used and improve user experience. This includes:

  • β€’ Page views and feature usage
  • β€’ Error tracking and performance monitoring
  • β€’ Aggregated usage statistics

All analytics data is anonymized and cannot be used to identify individual users.

Managing Cookies

You can control cookies through your browser settings, but disabling essential cookies may affect service functionality.

πŸ’‘ What this means: We use minimal cookies necessary for our service to work and to understand how to improve it. We don't use tracking cookies for advertising purposes.

7. Data Retention

Active Accounts

While your account is active, we retain your data to provide our service and improve it over time.

Account Deletion

When you delete your account:

  • β€’ Personal data is deleted within 30 days
  • β€’ Financial data is anonymized for regulatory compliance
  • β€’ Backup copies are purged within 90 days
  • β€’ Some data may be retained longer if required by law

Legal Retention Requirements

Some financial data must be retained for up to 7 years for regulatory compliance, but this data is anonymized to protect your privacy.

πŸ’‘ What this means: We don't keep your data forever. When you're no longer using our service, we delete your personal information while maintaining anonymized records only as required by law.

8. International Data Transfers

Your data is primarily processed and stored within the UK and EU. When we do transfer data internationally:

  • β€’ Transfers are only to countries with adequate data protection
  • β€’ We use appropriate safeguards like Standard Contractual Clauses
  • β€’ All transfers comply with GDPR requirements
  • β€’ You'll be notified of any changes to transfer arrangements

πŸ’‘ What this means: Your data stays within secure, regulated jurisdictions. If we ever need to transfer data internationally, it's done with appropriate legal protections.

9. Children's Privacy

FinKitty is not designed for or directed at children under 18. We do not knowingly collect personal information from children. If we discover that we have collected information from a child under 18, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at privacy@finkitty.com.

πŸ’‘ What this means: Our service is for adults only. We don't collect information from children and will delete any that we accidentally receive.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • β€’ We'll update the "Last Updated" date at the top
  • β€’ For minor changes, we'll post the updated policy on our website
  • β€’ For significant changes, we'll notify you by email
  • β€’ We'll give you 30 days' notice before major changes take effect

Your continued use of FinKitty after changes take effect means you accept the updated policy.

πŸ’‘ What this means: If we change how we handle your data, we'll let you know clearly and give you time to review the changes before they take effect.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Data Protection Officer: privacy@finkitty.com

General Inquiries: hello@finkitty.com

Address: FinKitty Ltd, 123 Financial Street, London EC2V 8AB, United Kingdom

Phone: +44 20 1234 5678

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately. Visit ico.org.uk for more information.