Privacy Policy

Last updated: May 30, 2026

Fynlo ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and what rights you have over it. By using Fynlo, you agree to the practices described here.

1. What Data We Collect

Account data

When you register, we collect your email address, full name (optional), and password (stored as a secure hash — we never see your plaintext password). If you sign in with Google, we receive your name and email from Google.

Financial data you enter

Fynlo does not connect to your bank. All financial data — transactions, budgets, goals, categories — is entered manually by you. This data is stored securely and accessible only to your account.

Usage data

We collect basic usage analytics via Vercel Analytics (page views, Core Web Vitals). This data is anonymised and aggregated — it does not identify you individually.

Billing data

If you subscribe to a paid plan, billing is handled by Stripe. We never store your full card number or CVV. We receive a Stripe customer ID, subscription status, and basic billing metadata from Stripe.

2. How We Use Your Data

  • To provide the Service — Your financial data powers your dashboard, budgets, goals, and advisor tips
  • To manage your account — Authentication, password resets, and subscription management
  • To send transactional emails — Welcome emails, budget alerts you opt into, weekly summaries (Pro)
  • To improve the Service — Anonymised usage analytics to understand how features are used
  • To communicate billing — Subscription confirmations, renewal reminders, payment failures

We do not use your financial data to train AI models. We do not sell, rent, or share your personal data with advertisers.

3. Third-Party Services

We use the following trusted third-party services to operate Fynlo:

Supabase

Database and authentication — stores all your app data and manages login sessions

Privacy policy →

Stripe

Payment processing — handles all subscription billing securely

Privacy policy →

Vercel

Hosting and analytics — serves the app and provides anonymised performance metrics

Privacy policy →

Resend

Transactional email delivery — sends welcome emails, alerts, and summaries

Privacy policy →

4. Data Security

We take security seriously. Measures include:

  • All data encrypted in transit via HTTPS/TLS
  • All data encrypted at rest in Supabase (PostgreSQL)
  • Row-level security ensures users can only access their own data
  • Passwords hashed with bcrypt — we cannot see your password
  • API rate limiting to prevent abuse
  • Regular dependency audits and vulnerability scanning

No method of transmission over the internet is 100% secure. If you discover a security issue, please email us at support@tryfynlo.com before disclosing publicly.

5. Data Retention

Your data is retained for as long as your account is active. When you delete your account:

  • Your personal data and financial records are permanently deleted within 30 days
  • Anonymised, aggregated analytics data may be retained indefinitely
  • Stripe retains billing records as required by financial regulations (typically 7 years)

6. Your Rights

Depending on your location, you may have the following rights:

  • Access — Request a copy of all personal data we hold about you
  • Portability — Export your transaction data (Pro: in-app export; Free: request via email)
  • Correction — Update your account information in Settings
  • Deletion — Delete your account and all associated data in Settings, or contact us
  • Objection — Object to processing where we rely on legitimate interests
  • Withdrawal — Withdraw consent for marketing emails at any time via unsubscribe link

To exercise any right, contact us at support@tryfynlo.com. We will respond within 30 days.

7. Cookies

Fynlo uses only essential cookies — specifically, a session cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies. You cannot opt out of the session cookie as it is required for the app to function.

8. Children's Privacy

Fynlo is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

Questions about this Privacy Policy or your data? Email us at support@tryfynlo.com. We aim to respond within 5 business days.

Privacy Policy | Fynlo