Privacy Policy

Effective Date: May 30, 2026

1. Information We Collect

1.1 Information You Provide

When you create an account or use Finox, you may provide us with:

  • Full name and email address
  • Password (stored as a secure bcrypt hash — we never store your plaintext password)
  • Profile photo URL (if provided)
  • Currency preference
  • Financial data you enter: transactions, budgets, savings goals, debts, investments, and account balances

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • IP address and browser type
  • Pages visited and features used
  • Date and time of access
  • Device type and operating system

1.3 Information We Do NOT Collect

Finox is a manual-entry personal finance tool. We never connect to your bank accounts. We do not collect:

  • Bank account credentials or login details
  • Credit card numbers or payment card data
  • Government-issued ID numbers
  • Biometric data

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process subscriptions and manage your account
  • Send service-related emails (account confirmation, payment receipts, trial expiry notices)
  • Respond to support requests and inquiries
  • Improve and optimize the Service
  • Detect and prevent fraud and abuse
  • Comply with legal obligations
We do not use your financial data for advertising purposes, and we do not sell your data to third parties.

3. Data Storage and Security

3.1 Where Data Is Stored

Your data is stored in cloud infrastructure located in the Asia-Pacific region. Our servers and database are managed by trusted cloud providers and are not publicly exposed to the internet.

3.2 Security Measures

We take reasonable technical measures to protect your data, including:

  • HTTPS/TLS encryption for all data in transit
  • Passwords hashed with bcrypt before storage
  • JWT access tokens with a 15-minute expiry, stored in memory only (never in localStorage)
  • Refresh tokens stored in HTTP-only, Secure cookies (not accessible to JavaScript)
  • Database not publicly exposed

4. Data Retention

  • Your data is retained for as long as your account is active
  • If your subscription ends, we retain your data for 30 days to allow reactivation
  • If you delete your account, all your data is permanently and immediately deleted
  • To request deletion of your data, contact us at privacy@finox.app

5. Sharing Your Information

5.1 Service Providers

We share limited data with trusted service providers who help us operate the Service:

  • Cloud infrastructure providers — hosting, database, and content delivery
  • Stripe — payment processing (stripe.com/privacy)
  • Email service providers — transactional emails only
These providers are contractually obligated to protect your data and may not use it for their own purposes.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred. We will provide prior notice before your data becomes subject to a different privacy policy.

We never sell your personal data to third parties.

6. Your Rights

6.1 Access and Portability

You may request a copy of the personal data we hold about you at any time by contacting privacy@finox.app.

6.2 Correction

You may update your name, email, and profile information directly from your account settings at any time.

6.3 Deletion

You may permanently delete your account and all associated data via Settings → Danger Zone. Deletion is immediate and irreversible.

6.4 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have additional rights including:

  • Right to object to or restrict processing of your data
  • Right to data portability
  • Right to withdraw consent at any time

To exercise these rights, contact privacy@finox.app.

6.5 CCPA Rights (California Users)

California residents have the right to know what personal data we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@finox.app.

7. Cookies

Finox uses a minimal set of cookies:

  • Authentication cookie — HTTP-only, Secure. This cookie stores your refresh token and is essential for keeping you logged in. It is not accessible to JavaScript.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Children's Privacy

Finox is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at privacy@finox.app and we will delete it promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the one in which you reside. These countries may have different data protection laws. By using Finox, you consent to the transfer of your information to our cloud infrastructure partners as described in this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you by email at least 30 days before the changes take effect. The "Effective Date" at the top of this page reflects when this policy was last updated. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out: