FINLYVO collects only the data needed to run your account: your email, the profile details you choose to share, and the financial data you enter (transactions, trips, spending sources, budgets, receipts). We do not collect bank credentials, full card numbers, SMS feeds, or any third-party advertising identifiers. We are the data controller; our trusted sub-processors (Supabase for database and storage, Cloudflare for delivery, Lovable AI Gateway for OCR, Resend for email) act as processors under data processing agreements.
Data is hosted in the European Union (Frankfurt, eu-central-1), encrypted in transit (TLS 1.2+) and at rest. Row-level security policies ensure each record is readable only by its owner. We do not sell your data, do not use it for advertising, and do not share it with third parties except the sub-processors listed above strictly to provide the service. Anonymized error and usage metrics may be processed to improve reliability.
Under GDPR you have the rights of access, portability, rectification, erasure, restriction and objection. You can exercise access, portability and erasure directly from Data & Privacy inside the app. For other requests, write to support@finlyvo.app. You may also lodge a complaint with your local data protection authority. Account data is deleted within 30 days of an erasure request; encrypted backups roll off within a further 30 days.
Last updated: June 2026