Privacy Policy

Last updated: June 3, 2026

This policy explains, in plain language, what data Fintab collects, why, with whom we share it, and how you can exercise your rights under GDPR (EU 2016/679) and LGPD (Brazilian Law 13.709/2018).

1. Who we are (Data Controller)

Fintab is a personal finance app developed and operated by:

• Controller: Alexandre Figueiredo F Costa Filho (individual developer trading as VerticalTI)
• General contact: alexandreweb2@gmail.com
• Data Protection Officer (DPO): Alexandre Figueiredo F Costa Filho — alexandreweb2@gmail.com

You may contact the DPO at any time via the email above.

2. What data we process

2.1 Account & authentication data

• Email (email/password signup, Sign in with Apple, or Google Sign-In)
• Display name (when provided by the login provider)
• Profile photo URL (when provided by the login provider)
• Unique UID generated by Firebase Authentication
• Password (email signup only; stored only as a hash by Firebase — we never access plaintext passwords)

If you use Sign in with Apple and choose "Hide My Email", we only receive the relay address (@privaterelay.appleid.com). We treat this relay as a regular email.

2.2 Financial data you record

• Transactions (title, amount, type, category, date, description, wallet, tags)
• Wallets/accounts (name, icon, color, currency, type, initial balance)
• Custom categories
• Budgets (limits per category, month/year)
• Financial goals (title, target amount, deadline)
• Recurring transactions (Pro)

2.3 Local notifications

The app may schedule local reminders on your device (e.g., recurring transaction alerts) with your permission. These reminders are processed locally only; no notification content is sent to our servers. On iOS, we do not read system or third-party app notifications.

2.4 Pro subscription

• Subscription status, product identifier, expiry date
• purchaseToken (sensitive token used to validate the purchase with Apple/Google)

Payment itself is processed by the Apple App Store or Google Play. We have no access to your credit card or payment method.

2.5 Account sharing (collaborators) — Pro

If you invite someone to share your account, we store: master's email and name, invitee's email, invitation status, and the collaborator's UID after acceptance.

2.6 Data stored only on your device

• App lock PIN (only SHA-256 hash + salt in Keychain/Keystore — never sent to any server)
• Lock flags (PIN active, biometrics active)
• UI preferences (currency, language, theme, dashboard layout, hidden wallets, financial literacy level)

2.7 What we DO NOT collect

• We do not use Google Analytics, Firebase Analytics, or Crashlytics.
• We do not track you across apps or websites (no IDFA / App Tracking Transparency).
• We do not sell your data.
• We do not use your financial data to train AI models.
• We do not display advertising inside the app.

3. How we process data

• Account and financial data are stored in Cloud Firestore (Google) under your UID.
• Communication between the app and Firestore is encrypted in transit (TLS 1.2+).
• At rest, data is encrypted by Google Cloud infrastructure (AES-256).
• The local PIN never leaves your device.

4. Why we process (purpose + legal basis)

Under Brazilian LGPD the bases are equivalent: Art. 7, V (contract execution) and Art. 7, IX (legitimate interest).

5. Sharing with third parties (subprocessors)

We share the minimum necessary with the following processors:

There are no other subprocessors. No advertising, analytics, or attribution SDKs.

About the "share" function

When you export a report as PDF/Excel, the app uses the OS-native share sheet. The destination (email, Drive, WhatsApp, etc.) is chosen by you; Fintab does not send anything automatically to third parties.

6. Where data is stored

• Cloud Firestore: region southamerica-east1 (São Paulo, Brazil).
• Firebase operational backups and logs may be processed in other Google Cloud regions under Standard Contractual Clauses, covering any international transfers under GDPR (Art. 46) and LGPD (Art. 33, II).
• Local data stays on your device only (Keychain/Keystore + SharedPreferences).

7. How long we keep data

• While your account is active: we keep all data needed for the app to work.
• After account deletion: personal and financial data linked to your UID is erased from Firestore within 30 days. Google Cloud operational backups expire within another 90 days.
• Authentication logs (Firebase Auth) are retained per Google's default period.
• Local data disappears when you uninstall the app.

8. Your rights (GDPR Arts. 15–22 + LGPD Art. 18)

At any time and free of charge you may:

1. Confirm whether we process data about you
2. Access your data
3. Rectify incomplete, inaccurate, or outdated data
4. Erase data (right to be forgotten)
5. Restrict processing
6. Port your data to another provider
7. Object to processing
8. Withdraw consent
9. Lodge a complaint with a supervisory authority

How to exercise each right

• Delete account + all data: in the app, go to Settings → Account → Delete Account. Deletion is executed immediately after reauthentication.
• Export your data (portability): email alexandreweb2@gmail.com with subject "GDPR - Portability". We respond within 15 days.
• Other rights: email alexandreweb2@gmail.com.

9. Security

We apply technical and organizational measures to protect your data:

• In transit: all communication between the app and backend uses TLS 1.2 or higher.
• At rest: Firestore encrypts all data by default (AES-256).
• Passwords: stored only as a hash by Firebase Authentication (scrypt). We have no access to plaintext passwords.
• Local PIN: stored as SHA-256 hash with random salt in Keychain (iOS) / Keystore (Android). Never leaves the device.
• Biometrics: Face ID / Touch ID are handled by the OS. Fintab never receives or stores biometric data.
• Firestore security rules: each user can only read and write data tied to their own UID.

10. Children

Fintab is not directed at children under 13 and does not knowingly collect data from children. If you are a guardian and identified that a child provided us with data, contact alexandreweb2@gmail.com for removal.

11. Auto-renewable Pro subscriptions

Fintab Pro is an auto-renewable subscription processed by the Apple App Store (iOS) or Google Play (Android). By subscribing:

• Renewal: the subscription auto-renews at the end of each period (Monthly or Yearly) at the same price unless canceled at least 24 hours before the current period ends.
• Billing: charged to your Apple/Google account at purchase confirmation and at each renewal.
• Cancellation: you can cancel at any time:
  • iPhone/iPad: Settings → [your name] → Subscriptions → Fintab Pro → Cancel Subscription
  • Android: Google Play Store → ☰ → Subscriptions → Fintab Pro → Cancel
• Refunds: refunds are processed exclusively by Apple/Google per their policies. We have no direct access to your payment.

See the Terms of Use for full subscription terms.

12. Changes to this policy

We may update this policy as the app evolves or to reflect regulatory changes. When there's a relevant change, we'll update the date at the top and, if the change significantly affects your rights, we'll notify you in-app or by email.

13. Other languages

This policy is available in:

• English (U.S.) — this page
• Portuguese (Brazil) — Política de Privacidade

14. Contact

Questions, requests, or complaints about privacy?

• 📧 alexandreweb2@gmail.com
• 🌐 fintab.info

If you are unsatisfied with our response, you may contact your local Data Protection Authority. In Brazil: ANPD at gov.br/anpd.