Privacy Policy

Introduction

Frienteer Software Private Limited (“FinArt”, "we," "our," or "us") helps you track and manage your personal finances. FinArt provides options such as manual entries, file import, multi-device sync, and optional SMS automation via Apple Shortcut. This policy explains what we collect, how we use it, how we protect it, and your choices when you use our iOS mobile application FinArt (the "App").

1. Information We Collect

• Account Information: Apple/Google account email (or Apple relay email), subscription status/receipt state.
• Financial & Budgeting Data: Transactions (expenses, income, transfers), accounts, bills, budgets, categories/tags, merchants, notes, attachments (receipts, PDFs, images), reminders.
• User Preferences: Currency, notification settings, private mode, backup frequency, income/budget toggles, theme.
• Messages You Forward (optional SMS automation):
  • User-Initiated Only: You must manually create and enable an Apple Shortcut to forward messages.
  • What We Collect: Sender, full message body, and timestamp for messages you explicitly forward.
  • Processing: Messages are sent to our server for transaction detection only.
  • Retention: 30 days on FinArt cloud (immediate deletion if Private Mode is enabled).
  • Compliance: Feature complies with Apple's requirement that SMS access must be user-initiated.
• Biometric Data:
  • Local Only: Face ID/Touch ID authentication is processed entirely on your device.
  • No Collection: We do NOT collect, store, or transmit biometric data.
  • Apple's System: Authentication uses Apple's secure enclave; we only receive authentication success/failure.
• Device & Identifiers: Device model, OS version, identifierForVendor (iOS), FinArt device IDs, push notification tokens, time zone.
• Usage & Diagnostics:
  • Firebase Analytics events (feature usage, screen views).
  • Firebase Crashlytics crash reports (stack traces, device state at crash time).
  • No Personal Data in Crashes: We configure Crashlytics to exclude personal financial data from crash logs.
  • No Ad Tracking: We do not use Analytics or Crashlytics for advertising.
• Backup Metadata: Which backup service is enabled (FinArt Cloud, iCloud, Google Drive), associated drive/Apple ID email if provided by the platform, last backup time.

2. How We Use Your Information

2.1 Core Functionality

• Authenticate and verify your identity.
• Store and manage your financial data.
• Sync your data across multiple devices.
• Enable data sharing and collaboration features.
• Provide cloud backup and restore functionality.
• Send you transaction notifications and bill reminders.
• Process SMS messages you forward via Shortcuts to auto-create transactions.

2.2 App Improvement

• Analyze app usage to improve features and user experience.
• Monitor app performance and identify technical issues.
• Develop new features and enhancements.

2.3 Communications

• Send you important service notifications.
• Respond to your support requests.
• Inform you about app updates and new features.

2.4 Purpose Limitation

We collect and process your data only for the purposes explicitly stated in this policy. We do not use your financial or SMS data for any secondary purposes without your explicit consent.

3. Data Storage and Security

3.1 Local Storage

• All your financial data and preferences are stored locally on your device.
• Encrypted SQLite (SQLCipher) database on device.
• Local data is protected by your device's security features.
• Biometric authentication can be enabled for additional security.

3.2 FinArt Cloud Storage

By default, your financial data, SMS data, and app preferences are stored on the FinArt cloud on Firebase. If you enable Private Mode (from app settings), your financial data and SMS data won’t be stored on FinArt cloud.

3.3 Personal Drive Storage

You can optionally enable automatic backup of your financial data and app preferences to your personal iCloud or Google Drive.

3.4 Security Measures

• Data encryption.
• All data transmitted to cloud services is encrypted using HTTPS/TLS.
• Firebase services are secured with authentication and security rules.
• Access to your data on personal drive requires authentication via Apple or Google.

3.5 Data Retention

• Your data is retained as long as your account is active.
• SMS data is retained on FinArt cloud for a maximum of 30 days. If private mode is enabled, SMS data is removed immediately after processing.
• You can delete your account and all associated data at any time from inside the app settings.

3.6 Data Minimization

• Collecting only data necessary for app functionality.
• Not collecting location data, browsing history, or contacts.
• Not accessing device sensors beyond what iOS requires for basic app operation.
• Limiting server-side data retention (30 days for SMS data).
• Not collecting SMS sent by numeric senders of length more than 8 digits.

4. Data Sharing and Collaboration

4.1 Sharing with Other FinArt Users

• You can explicitly share your financial data with other FinArt users via Sync with Family / Data sharing.
• You control sharing permissions (read-only vs edit access, bank-account-wise vs complete data access).
• You can revoke sharing access at any time.

4.2 We Do NOT Sell Your Data

• We do not sell, rent, or trade your personal information to third parties.
• We do not use your financial data for advertising purposes.
• We do not share your data with data brokers or advertisers.

5. Third-Party Services

5.1 Authentication & Cloud Services

• Google Sign-In: Used for account authentication and app data backup on Google Drive — Privacy Policy
• Apple Sign-In: Used for account authentication and app data backup on iCloud Drive — Privacy Policy
• Firebase Services (Google):
  • Firebase Authentication
  • Cloud Firestore (database)
  • Firebase Cloud Messaging (push notifications)
  • Firebase Analytics (app usage analytics)
  • Firebase Storage (file storage)
  • Privacy Policy

5.2 Payment Processing

• RevenueCat: Processes in-app purchases and subscriptions — Privacy Policy

6. Your Privacy Rights

6.1 Access and Control

• Access: View all your personal and financial data within the app.
• Export: Download a complete copy of your data in machine-readable format.
• Rectification: Correct or update your information.
• Erasure: Delete your account and all associated data (right to be forgotten).
• Portability: Export your data to transfer to another service.
• Restriction: Enable "Private Mode" to keep all financial data local-only (no FinArt cloud sync) and remove SMS data from FinArt cloud immediately after processing.
• Response Time: We will respond to data access requests within 30 days (or as required by applicable law).

6.2 Opt-Out Options

• Private Mode: Keep all financial data on your device (no FinArt cloud sync) and remove SMS data from FinArt cloud immediately after processing.
• Stop SMS automation: Disable the Shortcut.
• Push Notifications: Disable in app settings or device settings.
• Biometric Authentication: Disable in app settings.
• Analytics: Cannot be fully disabled, but we only collect minimal anonymous usage data.
• Drive Access: Revoke permissions at any time in Apple / Google account settings.
• Account Deletion: Delete all your data from our systems.

6.2.1 Account and Data Deletion Process

In-App Deletion

1. Go to Settings > Account > Delete FinArt Account.
2. Confirm deletion by authenticating.
3. All local data is immediately erased.
4. Cloud data deletion begins immediately.

Deletion Timeline

• Local device data: Immediate.
• Firebase cloud data: Immediate.
• Backup data (iCloud/Google Drive): You must manually delete from your drive.
• SMS data: Within 30 days.

What Gets Deleted

• All financial and budgeting data.
• All attachments (receipts, PDFs, images).
• All preferences and settings.
• Authentication credentials.
• Forwarded SMS messages.

7. Children's Privacy

• Age Requirement: FinArt is intended for users aged 13 and above (or the applicable age in your jurisdiction).
• No Knowingly Collected Data: We do not knowingly collect personal information from children under 13. The App does not include age-gating, but by using the App, you represent that you meet the minimum age requirement.
• Parental Rights: If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at support@finart.app. We will promptly delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

We use Firebase services, which may process data in the United States and other countries. Firebase complies with applicable data protection frameworks, including GDPR and adheres to EU-U.S. Data Privacy Framework principles.

9. Changes to This Privacy Policy

• Posting the new Privacy Policy in the app.
• Updating the "Last Updated" date at the top.
• Sending you a notification for material changes.

Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Your Consent

• The collection and use of information as described in this Privacy Policy.
• The storage of your data on Firebase, Apple, and Google services.
• The use of cookies and similar tracking technologies.
• The access to your data to third-party service providers listed in this policy.

11. Data Breach Notification

• Notify you within 72 hours of becoming aware of the breach.
• Describe the nature of the breach and data affected.
• Provide information on steps we are taking to address the breach.
• Recommend actions you can take to protect yourself.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@finart.app | Website: https://www.finart.app

For data access, correction, or deletion requests, please email us with:

• Your registered email address.
• Detailed description of your request.
• Verification of your identity (for security purposes).

We will respond to your request within 30 days.

13. Specific Apple Requirements

13.1 Sign in with Apple

• You can choose to hide your email address.
• Apple will generate a private relay email that forwards to your actual email.
• We respect your privacy choice and will use the provided email for authentication only.

13.2 App Tracking Transparency

• FinArt does not track you across other apps or websites.
• We do not use your data for targeted advertising.
• We do not require App Tracking Transparency (ATT) consent.

14. Data Security Incidents

• Regular security audits.
• Encryption of data in transit and at rest.
• Access controls and authentication.
• Monitoring for suspicious activity.
• Incident response procedures.

15. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party services you access.

16. Automated Decision Making

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

17. Business Transfers

If FinArt is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

18. Apple App Privacy Label Summary

The following data types are disclosed in our App Store privacy label:

• Data Used to Track You: None.
• Data Linked to You:
  • Contact Information: Email address (including but not limited to a hashed email address).
  • Financial Info: Such as salary, income, assets, debts, or any other financial information.
  • User Content: Messages (including sender, time, and contents of message), support requests, and other user content (notes, merchant details, tags, categories).
  • Identifiers: User ID, device ID.
• Data Not Linked to You:
  • Usage Data: Product interaction.
  • Diagnostics: Crash data, performance data, Other Diagnostic Data.

For detailed information about how each data type is used, see the relevant sections above.

19. App Store Privacy Practices

Privacy-Preserving Features

• Local-first architecture with optional cloud sync.
• End-to-end encryption for data in transit.
• No cross-app tracking or fingerprinting.
• No access to contacts, location, or other sensitive device data without explicit permission.
• Private Mode for additional privacy control.

Compliance

• This privacy policy is consistent with our App Store privacy label.
• We update our privacy label when data practices change.
• We comply with Apple's App Tracking Transparency framework.