Privacy Policy

Effective date: May 1, 2026  ·  Last updated: May 1, 2026

Finmate ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. If you have questions, contact us at support@finmateapp.com.

1. What We Collect

Account data — your email address, created when you sign up. No other personal information is required.

Financial data you enter — transactions, account balances, budgets, debts, and savings goals you manually input into the app. This data is stored in your private account and is never shared with third parties.

Device & usage data — anonymous crash reports and error logs via Sentry (error tracking). Financial amounts and personally identifiable information are explicitly excluded from these logs.

Advertising data — if you use the free tier, Google Mobile Ads may collect your device advertising ID to serve relevant ads, subject to your device's ad tracking settings and App Tracking Transparency consent (iOS). We do not sell this data.

2. What We Do NOT Collect

  • Bank account credentials or direct bank connections
  • Financial amounts in analytics or crash reports
  • Social login data (we use email/password only)
  • Location data
  • Contacts or camera data beyond receipt scanning (ML Kit, on-device only)

3. How We Store Your Data

All financial data is stored in a private, authenticated Supabase database with row-level security (RLS). This means only your authenticated account can read or write your data — not other users, not Finmate staff, and not third parties.

Data is encrypted in transit (TLS) and at rest. Authentication tokens and sensitive credentials on your device are stored in the platform keychain using Flutter Secure Storage.

4. Third-Party Services

  • Supabase — database, authentication, and storage (Privacy Policy)
  • Google Mobile Ads — advertising on the free tier (Privacy Policy)
  • Sentry — crash and error reporting, financial data excluded (Privacy Policy)
  • OpenAI — AI Insights feature (V1.1, not yet active). When enabled, anonymized spending summaries may be sent to OpenAI's API to generate insights. No raw transaction data or personal identifiers are included.
  • Google ML Kit — receipt scanning, processed entirely on-device. No image data leaves your device.

5. Your Rights

You may request deletion of your account and all associated data at any time by contacting support@finmateapp.com or using the delete account option in the app's Settings → Data & Privacy.

Data export (CSV/PDF) is on the roadmap for V1.1. Until then, your data is accessible and readable within the app at all times.

6. Children

Finmate is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, please contact us and we will delete it promptly.

7. Changes to This Policy

We may update this policy. Material changes will be communicated via in-app notification or email. Continued use of the app after changes constitutes acceptance of the updated policy.

8. Contact

Questions or requests: support@finmateapp.com