Cookie Policy

Cookies are small files that a website places on your device. We also use similar technologies (localStorage, sessionStorage, fetch beacons) for the same purposes. We refer to all of these as "cookies" in this policy.

We use both first-party cookies (set by finatha.app) and a small number of third-party cookies (set by services we have chosen to use, such as PostHog and Sentry). All non-essential cookies require your consent.

Strictly necessary. Authentication (Supabase auth tokens), CSRF protection, language preference, theme preference, and the consent state itself. Without these the Service cannot work. These do not require consent.

Analytics. Anonymous product usage measured by PostHog: which pages are visited, which features are used, where users drop off. Used to improve the product. Loaded only with your consent.

Diagnostics. Sentry session replay and richer error context, used to reproduce and fix bugs. Loaded only with your consent. Error monitoring without session replay runs without consent under our legitimate interest in keeping the Service stable.

Functional. Saved preferences such as currency, default dashboard, expanded sections. Loaded only with your consent.

We do not use advertising or marketing cookies. We do not use cross-site tracking pixels. We do not embed social media widgets that track you.

Strictly necessary

• finatha_consent_v1 (first-party, 12 months): your consent choices.
• sb-access-token, sb-refresh-token (first-party, session and 7 days): authentication.
• finatha-theme (first-party localStorage): light or dark theme.
• NEXT_LOCALE (first-party, 12 months): language preference.
• __Host-csrf (first-party, session): cross-site request forgery protection.

Analytics (PostHog, only with consent)

• **ph_*_posthog** (first-party, 12 months): anonymous user identifier.
• **ph_*_session_id** (first-party, session): session grouping.

Diagnostics (Sentry, only with consent)

• sentryReplaySession (first-party sessionStorage): session replay buffer.

Functional (only with consent)

• finatha_currency (first-party, 12 months): preferred currency.
• finatha_dashboard (first-party, 12 months): dashboard layout.

Names may change as the product evolves. We update this list when they do.

Use the cookie banner the first time you visit, or open "Cookie Settings" from the footer at any time to change your choices. Strictly necessary cookies cannot be turned off.

You can also manage cookies through your browser:

• Chrome: Settings, Privacy and security, Cookies and other site data.
• Firefox: Preferences, Privacy and Security, Cookies and Site Data.
• Safari: Preferences, Privacy.
• Edge: Settings, Cookies and site permissions.

Global Privacy Control. If your browser sends a Global Privacy Control signal, we treat that as a request to deny consent for analytics, diagnostics, and functional cookies. We do not show the banner for those categories in that case.

We may update this Cookie Policy when we add or remove cookies. The current version is always at finatha.app/cookies and shows a "last updated" date.

Questions: privacy@finatha.app. We respond within 5 business days.