Privacy Policy

FinVault is a private household finance tracking application. We take your financial privacy seriously. This policy explains what data we collect, how we use it, and what controls you have.

Short version: Your financial data belongs to you. We don't sell it, share it with advertisers, or use it for anything other than running the app.

Account data — your email address and password (stored securely via Supabase Auth). If you sign in with Google, we receive only your email and name.

Financial data you enter — account balances, transactions, investment holdings, property values, salary entries, and super details. All of this data is entered by you voluntarily.

Uploaded documents — receipts, payslips, and property statements you upload are stored in encrypted cloud storage.

Usage data — we log storage usage (file counts and sizes) to manage your plan limits. We do not track page views or clicks for analytics.

• No third-party advertising or tracking pixels
• No sale of your data to any third party
• No profiling or automated decision-making about you
• No access to your bank accounts directly — all data is entered manually or via file import

Your data is stored in Supabase (PostgreSQL), hosted on servers in the US/EU region. Data is encrypted at rest and in transit (TLS).

Family Vault notes are encrypted end-to-end using AES-256-GCM with PBKDF2 key derivation. Your vault password never leaves your device — even we cannot read your vault notes.

Tax accountant portal links are user-generated, time-limited, and read-only. You control what data is included and when the link expires.

We use the following third-party infrastructure providers to operate the service:

• Supabase — database and authentication hosting
• Vercel — application hosting and edge functions
• Resend — transactional email delivery (invite emails only)
• Google Gemini — OCR for payslip parsing (document content is sent to Google's API; not stored by Google)

We do not share your data with any other third parties.

Your data is kept for as long as your account is active. If you delete your account:

• Your financial records and uploaded documents are permanently deleted within 30 days
• Authentication records are deleted immediately
• We do not retain any backups of your personal data beyond 30 days after deletion

You have the right to:

• Export your data — use the Tax Export feature to download your records as CSV
• Delete your account — contact us at the email below and we will delete all your data within 30 days
• Correct your data — all records in the app can be edited or deleted by you directly

We use only essential session cookies required for authentication. We do not use marketing cookies, analytics cookies, or any third-party tracking cookies.

If we make material changes to this policy, we will notify users via email before the changes take effect. The effective date at the top of this page will always reflect the latest version.

If you have questions about this policy or want to exercise your data rights, contact us at: finvault@envaralabs.com