Data & Privacy

How FINLYVO stores, protects and shares your data.

Your money is your business.

FINLYVO is built on the principle of awareness, not surveillance. We collect the minimum data needed to run your account, isolate it to you with row-level security, and never sell it. You can export everything or delete your account at any time.

What We Store

The data tied to your account

  • Account: email, name, preferred name, avatar.
  • Financial data you enter: transactions, trips, budgets, categories.
  • Spending sources: nickname, type, bank name, last 4 digits — never full card numbers.
  • Receipts and screenshots you upload to extract transactions.
  • Shared-trip membership and activity logs for trips you join.
  • Anonymized usage metrics (page views, error events) to improve the product.

What we never store

  • Bank login credentials — FINLYVO does not connect to your bank.
  • Full card numbers, CVVs, PINs or 3-D Secure codes.
  • Your SMS, email or notification feeds — only files you choose to upload.
  • Uploaded PDF statements after processing — they are discarded.
  • Behavioural advertising profiles. We do not run ads.

Where & How It's Stored

Infrastructure

Data is stored in encrypted PostgreSQL databases hosted in the EU (Frankfurt, eu-central-1). All traffic uses TLS 1.2+. At-rest encryption is provided by the managed database layer.

Files (receipts, screenshots, avatars) are stored in private object storage in the same region, accessible only through short-lived signed URLs.

Row-level isolation

Every record is tagged with your user ID and protected by row-level security policies in the database. No other user — and no third party — can read your data, even if they queried the database directly.

Trusted Sub-processors

Who helps us run the service

  • Supabase — database, authentication and storage (EU region).
  • Cloudflare — content delivery and edge compute.
  • Lovable AI Gateway — on-demand AI features (receipt OCR, classification).
  • Resend — transactional email delivery.

Each sub-processor is bound by a data processing agreement and may only process data on our instructions.

We notify you at least 30 days in advance, by email and in-app, before adding or changing any sub-processor — giving you time to review or close your account.

Your Rights (GDPR Art. 15–21)

You can, at any time:

  • Access — view all data we hold via your account.
  • Portability — download your data as JSON or CSV below.
  • Rectification — edit any record directly in the app.
  • Erasure — permanently delete your account and all associated data.
  • Restriction & objection — write to us at the address below.

Legal

Export Your Data

JSON is a complete, machine-readable copy of everything tied to your account — ideal for portability or backups. CSV exports your transactions, trips and spending sources for spreadsheets and accountants.

Files save to your Downloads folder. On Safari, a new tab opens with the file — tap the download button in the toolbar to save it.

Privacy Contact

support@finlyvo.app

Danger Zone