Privacy Policy

Privacy Policy

Last updated: June 8th, 2026

1. Introduction

At FinnApp.AI, operated by Virtual Businesses Rodriguez Balma S.A., we deeply value and respect your privacy. This Privacy Policy describes in detail how we collect, use, store, and protect your personal information through our website and mobile app. By using our services, you agree to the practices described in this policy. If you have any questions or concerns about our practices, feel free to contact us.

2. Minimum Age Requirement

FinnApp.AI is intended for adults who are at least 18 years of age and is not directed at children or minors. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. Parents or legal guardians who believe their child has provided us with personal information should contact us at info@finnapp.ai so we can take appropriate action.

3. Information We Collect

We collect different types of information to provide you with the best service:

• Personal Information: Includes your full name, email address and password. These details are necessary to create and manage your account and provide support.
• Financial Information: Data related to your income, expenses, and financial transactions that you enter into the platform. We use this information exclusively to provide you with personalized financial management features.
• Technical Data: Information about your device, such as IP address, browser type, operating system, and usage data. This helps us improve and optimize our services, ensure proper functionality, and resolve technical issues.
• Voice and Audio Data: When you use the optional voice input feature of the AI assistant, your spoken words are processed by your device's built-in speech recognition service (provided by the Android or iOS operating system, which may use Google's or Apple's cloud speech services). We do not store the audio recording on our servers — only the resulting transcribed text is sent to FinnApp.AI for processing. Voice input is entirely optional; the AI assistant fully supports text input as an alternative.
• AI Assistant Interactions: Questions you ask the AI assistant and its responses, along with the summarized financial context used to generate them, are stored on our servers so that you can review your assistant history. You can delete individual entries from your history at any time from within the app.
• Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience, remember your preferences, and collect information about how you interact with our services.

4. Use of Information

We use the collected information for the following purposes:

• Provision and Improvement of Service: To provide you with financial management features, personalized analysis, and reports, and to continuously improve our services.
• Subscription: To manage your subscription and communicate with you about matters related to your account.
• Communication: To send you important notifications, service updates, and promotional communications if you have consented to receive them. You can opt out of promotional communications at any time.
• Legal Compliance and Security: To comply with legal obligations, respond to authorities' requests, and protect the rights and safety of our users and FinnApp.AI.

5. Storage and Security of Information

Your data is securely stored on cloud servers provided by Microsoft Azure. You can review the certifications, regulations, and standards offered by their data center at https://servicetrust.microsoft.com/. We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, loss, alteration, or disclosure.

• Encryption: We use industry-standard encryption protocols to protect your data both in transit and at rest.
• Access Controls: We limit access to your personal information to employees and third parties who need access for legitimate service-related purposes.
• Monitoring: We continuously monitor our systems to detect and prevent potential vulnerabilities or security breaches.

6. Data Backup and Recovery

We perform daily backups of your information to protect your data in the event of a disaster or system failure. These backups are securely and encryptedly stored to ensure the confidentiality and integrity of your information. Backups are kept for a limited time and securely deleted once they are no longer needed.

7. Data Retention

We retain your personal information while your account is active or as needed to provide our services and comply with legal obligations. FinnApp.AI is built around shared household groups, so when you delete your account we erase the information that identifies you (name, email address, password, authentication tokens, group membership, and pending invitations) while the group's shared financial records (transactions, budgets, categories, tags, exchange-rate history, and AI assistant history) are retained in anonymized form — attributed to "Deleted User" rather than to you — so the remaining members of your household keep their history. If you are the only member of your group, you instead use Delete Group, which permanently erases the entire group and all of its data. Backups that include your data are purged on our rotation schedule within a maximum of 90 days. See our Account Deletion page for the full breakdown of what is erased and what is retained.

8. Account and Data Deletion

You have the right to delete your account and all associated data at any time. For complete, step-by-step instructions, see our dedicated Account Deletion page. We provide two ways to request account deletion:

• In-App Deletion: Navigate to Settings → Account → Delete Account within the FinnApp.AI app. Follow the on-screen instructions to confirm deletion.
• Web-Based Deletion Request: If you no longer have access to the app, you can request account deletion by sending an email to info@finnapp.ai with the subject line "Account Deletion Request" and include the email address associated with your account.

When you delete your account:

• For in-app deletion, you confirm with your password and your identity is verified instantly. For email requests, we verify your identity before proceeding, to protect against unauthorized deletion.
• The information that identifies you — your name, email address, password, authentication tokens, group membership, and pending invitations — is erased or overwritten so it no longer identifies you. With in-app deletion this happens immediately; you are signed out on every device at once.
• Your household group's shared financial records (transactions, budgets, categories, tags, exchange-rate history, and AI assistant history) are retained in anonymized form, attributed to "Deleted User", so the remaining members keep their history. If you are the sole member of your group, use Delete Group instead to erase the entire group and all of its data.
• Backup copies that include your data are purged according to our backup retention schedule (maximum 90 days).
• We instruct our third-party processors (Microsoft Azure, OpenAI) to delete the associated data in accordance with their own policies.

Note: Some data may be retained if required by law for fraud prevention, regulatory compliance, or to resolve disputes. For the full, itemized breakdown of what is erased versus retained, see our Account Deletion page.

9. Information Sharing and Third-Party Processors

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

• Microsoft Azure: Cloud hosting and database services. Your data is stored on Azure servers.
• OpenAI (ChatGPT): AI-powered financial insights feature. See Section 10 for details on AI data handling.
• Google Analytics: Usage analytics for our marketing website only (anonymized data). The FinnApp.AI mobile and web app does not embed Google Analytics or any other third-party analytics or advertising SDK.
• System Speech Recognition Services: When you use the optional voice input feature, your device's operating system (Android or iOS) processes the audio through its built-in speech recognition service. Depending on the device, this may use Google's or Apple's cloud speech services. We do not control this processing — it is governed by your device manufacturer's privacy policy.
• Legal Compliance: If required by law, regulation, or legal process.
• Protection of Rights: To protect the rights, property, or safety of FinnApp.AI, our users, or others.

10. AI and ChatGPT Data Handling

FinnApp.AI integrates with OpenAI's ChatGPT to provide personalized financial insights. Here's how we handle your data when using this feature:

• What Data is Sent: When you use the AI assistant, we send to OpenAI's API: (a) the text of the question or prompt you write or speak, and (b) summarized financial context relevant to your question (such as income/expense totals, category breakdowns, budgets, and trends for a given period or currency). For the monthly analysis feature, we send your summarized financial data for the selected month and currency.
• Anonymization: We do not send your name, email address, account identifiers, or other directly identifying information to OpenAI. Individual transaction descriptions you have entered may be included in the context only when relevant to your question.
• Purpose: The data is used solely to generate the financial insights, recommendations, or answers you requested.
• Data Retention by OpenAI: Per OpenAI's API data usage policy, prompts sent through the API are not used to train their models and are retained by OpenAI for a limited period for abuse monitoring before being deleted. We recommend reviewing OpenAI's API Data Usage Policies for current details.
• Storage on Our Servers: Your AI conversations are stored on our servers as part of your assistant history so you can review them later. You may delete individual entries from within the app, or request full deletion together with your account.
• Your Control: Use of the AI assistant is entirely optional. You can use all other FinnApp.AI features (transaction tracking, budgets, reports, etc.) without ever using the AI features.
• Other AI Providers: We may, from time to time, evaluate or use additional AI providers (such as Anthropic) on the same basis as OpenAI. Any change in providers will be reflected in this Privacy Policy.

11. International Data Transfers

Your information may be transferred and stored on servers located outside your country of residence, including countries that may not have the same data protection laws as your jurisdiction. We take steps to ensure that appropriate safeguards are implemented to protect your personal information in accordance with this Privacy Policy and applicable laws.

12. Your Rights

In accordance with applicable data protection laws, you have the following rights regardless of where you live:

• Access: You can request a copy of the personal information we hold about you.
• Rectification: You can request correction of inaccurate or incomplete data.
• Deletion: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected. See our Account Deletion page for details.
• Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.
• Objection and Restriction: You can object to or restrict certain processing of your personal data.

European Union and United Kingdom (GDPR / UK GDPR): If you are located in the EU, EEA, or UK, you have the rights described above under the General Data Protection Regulation. You also have the right to lodge a complaint with your local data protection authority. The legal bases for our processing are your consent (where you have given it), the performance of our contract with you (to provide the service you signed up for), and our legitimate interests in operating and improving the service.

California Residents (CCPA / CPRA): If you are a California resident, in addition to the rights above, you have the right to know what personal information we collect, use, and disclose; the right to delete personal information; the right to correct inaccurate information; and the right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share your personal information as defined under California law. To exercise these rights, contact us at info@finnapp.ai. You may also designate an authorized agent to make a request on your behalf.

Brazil (LGPD): If you are located in Brazil, you have the rights described above under the Lei Geral de Proteção de Dados Pessoais (LGPD), including the right to confirm the existence of processing, access, correct, anonymize, block, or delete unnecessary data, request data portability, and obtain information about the public and private entities with which we share your data.

To exercise any of these rights, contact us by sending an email to info@finnapp.ai. We will respond to your request within the timeframes required by applicable law (typically 30 days, extendable when permitted).

13. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about your interaction with our services. Cookies allow us to enhance your experience, remember your preferences, and deliver relevant content. You can control the use of cookies through your browser settings. However, disabling cookies may affect the functionality of our services.

14. Changes to the Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of significant changes through notices on our website or via email. The date of the last update will be indicated at the beginning of this policy. We recommend reviewing this policy regularly to stay informed about how we protect your information.

15. Information Security

We are committed to protecting the security of your personal information. We implement physical, electronic, and procedural security measures to safeguard your data. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

16. Links to Third-Party Sites

Our services may contain links to third-party websites or services that are beyond our control and not covered by this Privacy Policy. We are not responsible for the privacy practices of those sites or services. We recommend reviewing the privacy policies of each website you visit.

17. Contact

If you have questions, comments, or requests related to this Privacy Policy or how we handle your personal information, you can contact us:

• Email: info@finnapp.ai
• Address: Virtual Businesses Rodriguez Balma S.A., De la Embajada Americana 2 cuadras al Oeste, 4 al Norte y 1 al Este.
  Rohrmoser, San José, Costa Rica.

We will respond to your inquiries within 48 hours.