Privacy Policy
Last updated: May 30, 2026
Fynlo ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and what rights you have over it. By using Fynlo, you agree to the practices described here.
1. What Data We Collect
Account data
When you register, we collect your email address, full name (optional), and password (stored as a secure hash — we never see your plaintext password). If you sign in with Google, we receive your name and email from Google.
Financial data you enter
Fynlo does not connect to your bank. All financial data — transactions, budgets, goals, categories — is entered manually by you. This data is stored securely and accessible only to your account.
Usage data
We collect basic usage analytics via Vercel Analytics (page views, Core Web Vitals). This data is anonymised and aggregated — it does not identify you individually.
Billing data
If you subscribe to a paid plan, billing is handled by Stripe. We never store your full card number or CVV. We receive a Stripe customer ID, subscription status, and basic billing metadata from Stripe.
2. How We Use Your Data
- To provide the Service — Your financial data powers your dashboard, budgets, goals, and advisor tips
- To manage your account — Authentication, password resets, and subscription management
- To send transactional emails — Welcome emails, budget alerts you opt into, weekly summaries (Pro)
- To improve the Service — Anonymised usage analytics to understand how features are used
- To communicate billing — Subscription confirmations, renewal reminders, payment failures
We do not use your financial data to train AI models. We do not sell, rent, or share your personal data with advertisers.
3. Third-Party Services
We use the following trusted third-party services to operate Fynlo:
Supabase
Database and authentication — stores all your app data and manages login sessions
Privacy policy →Vercel
Hosting and analytics — serves the app and provides anonymised performance metrics
Privacy policy →4. Data Security
We take security seriously. Measures include:
- All data encrypted in transit via HTTPS/TLS
- All data encrypted at rest in Supabase (PostgreSQL)
- Row-level security ensures users can only access their own data
- Passwords hashed with bcrypt — we cannot see your password
- API rate limiting to prevent abuse
- Regular dependency audits and vulnerability scanning
No method of transmission over the internet is 100% secure. If you discover a security issue, please email us at support@tryfynlo.com before disclosing publicly.
5. Data Retention
Your data is retained for as long as your account is active. When you delete your account:
- Your personal data and financial records are permanently deleted within 30 days
- Anonymised, aggregated analytics data may be retained indefinitely
- Stripe retains billing records as required by financial regulations (typically 7 years)
6. Your Rights
Depending on your location, you may have the following rights:
- Access — Request a copy of all personal data we hold about you
- Portability — Export your transaction data (Pro: in-app export; Free: request via email)
- Correction — Update your account information in Settings
- Deletion — Delete your account and all associated data in Settings, or contact us
- Objection — Object to processing where we rely on legitimate interests
- Withdrawal — Withdraw consent for marketing emails at any time via unsubscribe link
To exercise any right, contact us at support@tryfynlo.com. We will respond within 30 days.
7. Cookies
Fynlo uses only essential cookies — specifically, a session cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies. You cannot opt out of the session cookie as it is required for the app to function.
8. Children's Privacy
Fynlo is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
10. Contact
Questions about this Privacy Policy or your data? Email us at support@tryfynlo.com. We aim to respond within 5 business days.