Privacy Policy

Introduction

Fintio, a product of Collybrix Aceleradora S.L. ("Collybrix", "we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our annual budget management application. This policy complies with the General Data Protection Regulation (GDPR) and other applicable EU data protection laws.

Fintio is owned and operated by Collybrix Aceleradora S.L., a company registered in the European Union.

Information We Collect

Personal Information

We collect information that you provide directly to us, including:

• Account information (name, email address, password)
• Profile information (country, currency preferences)
• Financial data (budget information, transactions, categories)
• Communication data (support requests, feedback)

Automatically Collected Information

When you use our service, we automatically collect:

• Device information (browser type, operating system)
• Usage data (features accessed, time spent)
• Log data (IP address, access times, error logs)
• Cookies and similar tracking technologies

How We Use Your Information

We use the collected information for the following purposes:

• Provide, maintain, and improve our services
• Process your transactions and manage your account
• Send you technical notices and support messages
• Respond to your requests and provide customer support
• Analyze usage patterns to enhance user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide our services
• Consent: Where you have given explicit consent
• Legitimate Interests: For service improvement and security
• Legal Obligation: To comply with applicable laws

Data Storage and Security

We implement industry-standard security measures to protect your data:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Secure authentication via Clerk (OAuth providers)
• Regular security audits and updates
• Access controls and monitoring
• EU-based data storage (MongoDB Atlas)

Your financial data is stored in secure databases hosted within the European Union, ensuring compliance with EU data protection standards.

Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Third-party vendors who help us operate our service (e.g., Clerk for authentication, MongoDB for data storage)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

All third-party service providers are GDPR-compliant and bound by data processing agreements.

Your Rights Under GDPR

As a user in the EU, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain data processing activities
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, please contact us at privacy@fintio.app

Data Retention

We retain your personal data only for as long as necessary to provide our services and comply with legal obligations. When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.

Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your session and authentication
• Remember your preferences
• Analyze site usage and performance
• Provide personalized features

You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.

International Data Transfers

Your data is primarily stored and processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our service. Your continued use after changes indicates acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: