Legal
Privacy Policy - FinanceTracker
Last updated: March 30, 2026
1. Data Controller
Company: FinanceTracker
Contact email: [email protected]
Legal location: to be completed
2. Information We Collect
Information you provide directly
- Account information: name, email, password, profile photo.
- Financial information: broker data, portfolios, positions, transactions.
- Optional contact information: phone number and address.
- Preferences: notifications, language, and theme settings.
Information collected automatically
- Usage data: IP, browser, device, OS, pages viewed, and session duration.
- Cookies and similar technologies for sessions, preferences, and analytics.
- Server data: access logs, error logs, and performance diagnostics.
- Approximate location derived from IP (not GPS-based).
Third-party information
- Broker-integrated data (IBKR, Trade Republic) and market prices.
- Third-party authentication or connection tokens.
3. Legal Bases for Processing
- Consent for marketing and optional analytics.
- Contractual necessity to provide portfolio services.
- Legitimate interests (security, fraud prevention, product improvement).
- Legal obligations in applicable jurisdictions.
4. How We Use Data
- Provide and operate services (portfolio tracking and sync).
- Improve product functionality and user experience.
- Protect accounts and detect suspicious behavior.
- Send account notifications, alerts, and support messages.
- Comply with legal and regulatory obligations.
- Send marketing communications where consented.
5. Data Sharing
We only share data in the following cases:
- Service providers: hosting, analytics, infrastructure, and broker connectivity.
- Legal requests: court orders or lawful authority requirements.
- Rights protection: legal defense and fraud investigations.
We do not share:
- Broker passwords in plaintext.
- Sensitive financial data without user authorization.
- Personal data for sale or marketing without consent.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account data | While account is active + 180 days |
| Financial transactions | 7 years (regulatory requirement) |
| Access logs | 90 days |
| Aggregated analytics | Indefinite (anonymized) |
| Session data | 30 inactive days |
| Backups | 30 days after deletion |
Data is securely deleted after retention periods using cryptographic deletion standards.
7. Your Rights
- Access your personal data.
- Correct inaccurate records.
- Request deletion under applicable law.
- Restrict or object to specific processing.
- Request data portability.
- Withdraw consent where processing is consent-based.
To exercise rights, contact [email protected] with valid identity verification.
8. Data Security
- TLS 1.3 in transit and AES-256 at rest.
- JWT authentication, optional 2FA, bcrypt password hashing.
- Role-based access controls and audit logging.
- Encrypted backups and continuous monitoring.
9. Cookies and Tracking Technologies
| Cookie | Purpose | Duration | Consent |
|---|---|---|---|
| session_id | Keep authenticated session | Session | Required |
| csrf_token | CSRF protection | Session | Required |
| preferences | Store user preferences | 1 year | Required |
| analytics | Anonymous usage analytics | 1 year | Optional |
10. International Data Transfers
When data is transferred cross-border, we use appropriate safeguards such as SCCs and equivalent contractual protections.
11. Policy Updates
We may update this policy and will notify users of material changes by email and/or in-app notice with reasonable advance notice.
12. Children's Data
FinanceTracker is not intended for users under 18. If such data is detected, it will be removed promptly.
13. Supervisory Authorities
Users may contact applicable data protection authorities in their jurisdiction (e.g., GDPR, CCPA, LGPD authorities).
14. Contact
- Privacy email: [email protected]
- DPO email: [email protected]
- Contact form: to be added
Acceptance
By using FinanceTracker, you acknowledge and accept this Privacy Policy.