Privacy Policy

We collect information you provide directly when creating an account: name, email address, and encrypted password. No financial credentials (bank logins, brokerage API keys) are stored on our servers — all integrations use read-only OAuth tokens that can be revoked at any time.

Usage data such as page views, feature interactions, and session duration is collected anonymously to improve the product. We use no third-party analytics trackers. All telemetry is first-party and privacy-respecting.

Your data is used exclusively to provide and improve the FinanceOS service. This includes rendering your financial dashboards, generating tax reports, and delivering notifications you have opted into.

We never sell, rent, or share your personal data with third parties for advertising purposes. Aggregated, anonymized data may be used for internal analytics and product development.

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database infrastructure is hosted on SOC 2 compliant providers within the European Union.

Backups are encrypted and stored in geographically separate regions. Data retention follows the principle of data minimization — we only keep what is necessary for the service to function.

As a European service, we fully comply with the General Data Protection Regulation (GDPR). You have the right to access, rectify, port, and delete your personal data at any time from Settings → Privacy.

You may request a complete export of your data in machine-readable format (JSON). Account deletion is permanent and processed within 30 days, after which all associated data is irreversibly removed from our systems.

FinanceOS uses only essential cookies required for authentication and session management. We do not use advertising cookies, social media pixels, or fingerprinting techniques.

If we ever introduce optional analytics cookies, you will be presented with a clear consent banner. Your preferences are stored locally and respected across sessions.

We integrate with financial data providers to display market prices, portfolio values, and transaction history. These integrations use read-only API access and do not share your identity with the provider beyond what is required for authentication.

Payment processing for subscriptions is handled by Stripe. FinanceOS does not store credit card numbers. Stripe's privacy policy applies to payment data.

In the unlikely event of a data breach, affected users will be notified within 72 hours as required by GDPR Article 33. The notification will include the nature of the breach, likely consequences, and measures taken.

Our incident response team is available 24/7 and follows a documented procedure for containment, investigation, and remediation.

We may update this privacy policy from time to time. Significant changes will be communicated via email and an in-app notification at least 14 days before taking effect.

Continued use of the service after changes take effect constitutes acceptance of the updated policy. Previous versions are archived and available upon request.