Privacy Policy

Finatha is a personal financial planning tool. We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it.

Finatha is a planning tool — not a bank, broker, or financial intermediary. We never move your money. We never sell your data. We do not serve advertisements.

Account data. Your email address, used solely for authentication and essential service notifications related to your Finatha account.

Profile data. Information you enter voluntarily: your name, nationality, employer name, country of residence, and currency preferences. This is used to personalise planning flows and default settings.

Financial data. Balances, account types, transaction records, salary details, goals, bills, remittance logs, and debt information that you manually enter into the app. This data is never sourced from your bank — you enter it yourself.

Usage data. Basic server logs (page requests, error reports) used to monitor performance and fix bugs. We use industry-standard error tracking services. We do not use third-party advertising trackers.

We use your data exclusively to provide the Finatha service to you:

• To authenticate your account and keep it secure
• To display your financial picture across accounts, goals, and plans
• To send you essential service emails and notifications related to account access or product operations
• To calculate planning outputs (net worth, payday allocations, EOSB estimates, zakat guidance)
• To improve the product based on aggregated, anonymised usage patterns

We do not use your data for advertising, profiling for third-party purposes, or any purpose beyond providing the service you signed up for.

Storage. Your data is stored on a managed database platform. Data is encrypted at rest and in transit. Our infrastructure providers operate in major cloud regions with high industry compliance standards (such as SOC 2 Type 2).

Access. Only you can access your financial data. We use granular database-level access controls to enforce this. No Finatha employee can query your individual financial records without your explicit consent.

Authentication. Authentication is handled through a secure identity provider. You may sign in with email and password or a supported identity provider such as Google or Apple. Finatha application code does not access your plaintext password.

Retention. Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us.

Finatha uses a small number of third-party services necessary to operate:

• **Managed Infrastructure** — database, authentication, and file storage
• **Transactional Communication** — email delivery (sign-in links, notifications)
• **Monitoring** — error monitoring and performance tracking
• **Identity Providers** — Google/Apple (only if you choose to sign in with them)
• **Application Hosting** — secure web application delivery

We do not share your data with any other third parties. We do not integrate with advertising networks, data brokers, or social media tracking pixels.

You have the right to:

• **Access** the data we hold about you
• **Correct** inaccurate profile or financial data at any time within the app
• **Export** the data we make available through the product or support workflow
• **Delete** your account and all associated data by contacting us
• **Manage** service communication preferences through available product settings

We respect individual privacy rights regardless of where you are located. If you are based in the EU/UK, we adhere to the relevant data protection regulations.

For privacy questions, data requests, or to request account deletion:

Email: privacy@finatha.app

We will respond within 5 business days.