Privacy Policy
Last updated: March 6, 2026
Overview
FinanceTracker is a personal finance management application. This Privacy Policy explains how we collect, use, and protect your personal and financial information.
Important: This is an invite-only application. We do not collect data from the public, and all user accounts are created by administrators.
Information We Collect
Account Information
- Email address: Used for account identification and login
- Display name: Used for personalization within the application
- Password: Stored securely using industry-standard hashing (never stored in plain text)
Financial Data
You provide the following financial information:
- Transactions: Date, amount, description, and account information
- Categories: Custom categories you create for organizing expenses
- Budgets: Budget amounts and tracking information
- Tags: Custom tags for organizing and filtering transactions
- Trips: Travel-related expense tracking
- Notes: Any notes you add to transactions
Technical Information
- Login activity: Date and time of logins for security purposes
- Application logs: Error logs and system events (retained for 30 days)
How We Use Your Information
We use your information solely to:
- Provide and maintain the FinanceTracker service
- Allow you to track and analyze your personal finances
- Secure your account and prevent unauthorized access
- Diagnose and fix technical issues
- Improve the application based on usage patterns
We do not:
- Sell your data to third parties
- Share your financial information with anyone
- Use your data for advertising or marketing
- Track you across other websites or services
Cookies and Tracking
FinanceTracker uses essential cookies only - no consent is required under EU law as these are strictly necessary for the application to function.
Cookies We Use
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
.AspNetCore.Identity.Application |
Maintains your login session | 7 days | Essential |
.AspNetCore.Antiforgery.* |
Protects against cross-site request forgery (CSRF) attacks | Session | Essential |
.AspNetCore.DataProtection.* |
Encrypts and protects sensitive data | Session | Essential |
No third-party cookies: We do not use Google Analytics, advertising cookies, social media trackers, or any other third-party tracking technologies.
Data Storage and Security
Where We Store Your Data
- Hosting: Fly.io (Amsterdam, Netherlands data center)
- Database: SQLite database stored in encrypted volumes
- Backups: Automated daily backups (retained for recovery purposes)
Security Measures
- Encryption: All data transmitted over HTTPS (TLS/SSL)
- Password security: Passwords hashed using industry-standard algorithms
- Rate limiting: Protection against brute force attacks and abuse
- Account lockout: Automatic lockout after 5 failed login attempts
- Session security: HttpOnly cookies prevent JavaScript access
- Access control: All pages require authentication
Data isolation: Each user's data is completely isolated and only accessible to that user when logged in. Administrators cannot view your financial data.
Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right to access: Request a copy of your personal data
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure: Request deletion of your account and all associated data
- Right to data portability: Export your data in a machine-readable format
- Right to object: Object to processing of your personal data
- Right to withdraw consent: Stop using the service at any time
To exercise any of these rights, please contact the application administrator. We will respond to your request within 30 days.
Data Retention
- Active accounts: We retain your data for as long as your account is active
- Account deletion: When you request account deletion, all your data is permanently removed
- Backups: Deleted data may remain in backups for up to 30 days before being purged
- Application logs: System logs are retained for 30 days for security and debugging
Third-Party Services
We use the following third-party services:
- Fly.io: Application hosting and infrastructure (see Fly.io Privacy Policy)
These services have access to your data only to perform tasks on our behalf and are obligated not to disclose or use it for other purposes.
Children's Privacy
FinanceTracker is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify active users of any material changes by updating the "Last updated" date at the top of this page.
Continued use of FinanceTracker after changes constitutes acceptance of the updated Privacy Policy.
Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact the application administrator.