Privacy Policy
This Privacy Policy describes how FinTrack ("the App") collects, uses, stores, and protects your personal information. By using the App, you agree to this policy.
1. Service Provider
- Service Name: FinTrack
- Contact Email: [email protected] (pending launch)
- Service Region: Taiwan
- Applicable Law: Personal Data Protection Act (Taiwan)
2. Information We Collect
2.1 Information You Provide
- Email: For registration, sign-in, password reset
- Transaction Records: Amounts, dates, categories, descriptions, merchants, notes — either entered manually or parsed from statements
2.2 Automatically Collected
- Identity: User ID and JWT token generated by Supabase Auth
- Usage: Error logs (transaction content excluded)
- Device Info: iOS version, App version (for diagnostics only)
2.3 We Do NOT Collect
- ❌ Bank account numbers or credit card numbers (statement PDFs are never uploaded)
- ❌ Bank login credentials
- ❌ Your location
- ❌ Contacts, photo library
- ❌ Advertising tracking identifiers
3. How We Use Data
| Purpose | Data Used |
|---|---|
| Provide bookkeeping service | Email, transaction records |
| AI auto-categorization | Transaction descriptions (no amounts, no PII) |
| Bill reminders | Statement due dates and amounts |
| System maintenance | Error logs, device info |
4. Third-Party Services
The App uses the following third-party services. Your data is also subject to their respective privacy policies:
| Service | Purpose | Data Region |
|---|---|---|
| Supabase | Authentication, database, file storage | EU / US |
| Anthropic Claude API | AI transaction categorization (description text only) | US |
| Google Cloud Platform | Website and API hosting | Asia (Taiwan) |
| Cloudflare | DNS, DDoS protection | Global |
| Apple App Store | App distribution and subscriptions | Per Apple's policy |
5. Data Storage & Security
- All data transfers use HTTPS / TLS 1.2+ encryption
- Passwords are one-way hashed (bcrypt); we never see your plaintext password
- JWT tokens are stored in iOS Keychain (OS-level secure storage)
- Statement PDFs are never uploaded to our servers — they are parsed on your device, and only the extracted text is sent to the AI for categorization
6. Data Retention
- Account data: Retained until you delete your account
- Transaction records: Retained until you delete them or your account
- Error logs: Retained for up to 30 days
6.1 Account Deletion
You may delete your account at any time via the App's settings or by contacting support. Upon deletion, all your data will be thoroughly erased within 30 days (excluding retention required by law).
7. Your Rights
Under the Personal Data Protection Act (Taiwan), you have the following rights over your personal data:
- ✅ Access: View all your personal data within the App at any time
- ✅ Export: Export xlsx / csv files via the Web version's export feature
- ✅ Correct / Delete: Edit or delete transactions at any time
- ✅ Terminate: Stop using the service and request account deletion at any time
8. Children's Privacy
The App is not designed for children under 13, and we do not knowingly collect personal data from them. If you become aware of such a case, please contact us immediately.
9. Cross-Border Data Transfer
Some third-party services (Supabase, Anthropic) store data outside Taiwan (US, EU). These providers comply with applicable data protection regulations (GDPR, CCPA).
10. Subscriptions & Payments
- Web subscriptions are processed via TapPay / ECPay
- iOS subscriptions are processed via Apple In-App Purchase
- Android subscriptions are processed via Google Play Billing
- The App does not store your credit card numbers — payment information is handled by these third parties
11. Policy Changes
This policy may be updated occasionally. Significant changes will be notified via in-app notifications or email. Continued use of the App constitutes acceptance of the updated policy.
12. Contact Us
For questions about this policy or to exercise your rights, contact us at:
- Support Email: [email protected] (pending launch)
- Website: https://fintrack.tw (pending launch)