Finnon Privacy Policy
Last updated: February 15, 2026
Finnon is a collaborative financial management application developed under the Poleursus brand by Miguel Halys (hereinafter "we", "our", or "the data controller").
This privacy policy describes how we collect, use, and protect your information when you use Finnon through our mobile app or website (finnon.app).
If you have any questions about this policy, you can reach us at contacto@finnon.app.
1. Data We Collect
1.1 Data You Provide
- Email address: required to create your account and authenticate via OTP code.
- Financial data: all financial information you manually enter in the application (transactions, accounts, goals, recurring payments). Finnon does not connect to any bank or access your bank accounts.
1.2 Technical Data Collected Automatically
The infrastructure services we use may automatically collect technical data as part of their normal operation:
- IP address and connection data: recorded in our server access logs.
- Request metadata: technical information associated with requests your device makes to the server (request type, timestamp, response code).
We do not collect device data, geolocation, contacts, or any other personal information beyond what is described above.
2. How We Use Your Data
We use your data exclusively to:
- Create and manage your user account.
- Authenticate you via OTP codes sent to your email address.
- Store and display the financial information you enter so you can manage your finances.
- Enable financial collaboration with other users you invite to your accounts.
- Maintain the security and proper functioning of the service.
We do not use your data for advertising, marketing, or commercial profiling purposes. We do not sell or share your personal data with third parties for commercial purposes.
3. Legal Basis for Processing (GDPR)
The processing of your data is based on the following legal bases under the General Data Protection Regulation (GDPR):
- Performance of a contract (Art. 6.1.b): processing your email and financial data is necessary to provide the service you request when creating an account.
- Legitimate interest (Art. 6.1.f): collecting technical data is necessary to ensure the security and proper functioning of the platform.
4. Third-Party Services
To operate Finnon, we use the following third-party services that may process data on our behalf:
| Service | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database, authentication | Email, financial data, session metadata | EU (Ireland) |
| Vercel | Web hosting | IP address, access logs | Global (Edge Network) |
| Resend | Email delivery (OTP codes) | Email address | USA* |
| Expo (EAS) | Mobile app distribution | Technical update data | USA* |
*For international data transfers outside the European Economic Area, these providers operate under Standard Contractual Clauses approved by the European Commission or equivalent mechanisms that ensure an adequate level of protection.
These services act as data processors and are subject to their own privacy policies. We do not share your data with any other third parties.
5. Data Retention
We retain your data for as long as you maintain an active Finnon account. If you delete your account, we will delete your personal data within a maximum of 30 days, unless a legal obligation requires us to retain it for a longer period.
6. Your Rights
As a user in the European Union, you have the following rights under the GDPR:
- Access: request a copy of the personal data we hold about you.
- Rectification: correct inaccurate or incomplete personal data.
- Erasure: request the deletion of your personal data.
- Portability: receive your data in a structured, commonly used format.
- Objection: object to the processing of your data based on legitimate interest.
- Restriction: request the restriction of processing in certain circumstances.
To exercise any of these rights, send an email to contacto@finnon.app. We will respond to your request within a maximum of 30 days.
If you believe the processing of your data does not comply with the GDPR, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or with the data protection authority in your country of residence.
7. Security
We implement technical and organizational measures to protect your data, including:
- Encrypted communications via HTTPS/TLS.
- Authentication via single-use OTP codes (no stored passwords).
- Restricted database access through Row Level Security policies.
No system is completely secure. If you discover a security vulnerability, we appreciate you reporting it to contacto@finnon.app.
8. Children
Finnon is not intended for children under 18 years of age. We do not knowingly collect data from children under 18. If we discover that we have collected data from a minor without parental consent, we will delete it as soon as possible.
9. Changes to This Policy
We may update this privacy policy periodically. When we make significant changes, we will notify you through the application or by email. The last updated date will always be visible at the top of this page.
10. Contact
For any privacy-related inquiries or questions about the processing of your data:
- Email: contacto@finnon.app
- Data controller: Miguel H., under the Poleursus brand