Privacy Policy

Last updated: 15 July 2026

This Privacy Policy explains how [COMPANY] (“Fintl”, “we”, “us”, or “our”) collects, uses, and protects your personal data when you use the Fintl website and application (the “Service”). We are committed to protecting your privacy and being transparent about our data practices under the EU General Data Protection Regulation (GDPR) and applicable local law.

1. Who we are

[COMPANY], with its registered office at [ADDRESS] ([JURISDICTION]), is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or how we handle your data, you can reach our privacy team at privacy@fintl.ai.

2. What Fintl does

Fintl is a personal finance management platform. Once you connect a bank account, Fintl retrieves your account and transaction data, organizes it into an easy-to-read dashboard, and helps you track spending, set budgets, and work toward savings goals. Bank connections are established through a licensed open banking provider under the EU’s PSD2 framework — we never ask for or store your online banking password.

3. The data we process

We process the following categories of personal data:

(a) Account data

Your name, email address, and a securely hashed password, collected when you create your account. We never store your password in plain text.

(b) Financial data

Data about your finances, obtained only after you explicitly authorize access at your bank:

  • Bank account details — account name, IBAN, currency, and balances.
  • Transactions — dates, amounts, descriptions, and merchant information.
  • Manual entries — any manual transactions, budgets, or savings goals you create yourself inside Fintl.

Bank account and transaction data is retrieved via GoCardless Bank Account Data, a regulated Account Information Service Provider (AISP) supervised under PSD2, and only after you grant consent through your own bank’s secure authorization flow. Fintl never sees or stores your banking credentials.

(c) Technical data

Your IP address and browser user agent, recorded in short-lived server logs by our hosting provider (Cloudflare) for security, abuse prevention, and reliability purposes.

We only process your data for the following purposes:

  • Providing the Service — displaying, organizing, and categorizing your finances — under the performance of our contract with you (Art. 6(1)(b) GDPR).
  • Accessing your bank data — under your explicit authorization, granted directly at your bank. Bank consent windows are typically renewed automatically every 90 or 180 days depending on your bank’s own policy, and you can revoke access at any time — from within Fintl (Settings > Connected Accounts) or directly through your bank.
  • Sending transactional email — such as welcome messages and family invitations, sent via our email provider Resend — under the performance of our contract with you (Art. 6(1)(b) GDPR).
  • Security and abuse prevention — under our legitimate interest (Art. 6(1)(f) GDPR), balanced against your rights and freedoms.

5. AI-assisted categorization

To help you understand your spending, Fintl uses AI to suggest a category for each transaction (for example, “Groceries” or “Transport”). To do this, we send only the transaction’s description and merchant name to our AI model provider — depending on configuration, this is either OpenAI, Inc. (US) or Anthropic, PBC (US) — we never send your name, email address, account identifiers, or any other information that could identify you. Neither provider trains on this data, per their respective API terms.

Category suggestions are informational only. Fintl does not make any automated decision that produces legal effects or similarly significantly affects you within the meaning of Article 22 GDPR, and you can always review, correct, or override any suggested category yourself.

6. Who we share your data with

We work with a small number of carefully selected service providers to operate Fintl. We do not sell your personal data, and we do not use it for advertising.

RecipientRoleLocation
CloudflareHosting, content delivery, and server logsEU / US
GoCardless LtdRegulated AISP — retrieves your bank data on our behalf, only after your authorizationUK / EU
Our database hosting providerStores your account and financial data (currently Supabase)US / EU
OpenAI, Inc. / Anthropic, PBCOur AI model provider (one of the two, per configuration) — processes transaction descriptions to suggest spending categoriesUS
ResendDelivers transactional emails (e.g. welcome, invitations)US

Where we transfer personal data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and/or the EU-U.S. Data Privacy Framework, where applicable to the recipient.

7. How long we keep your data

  • Account data is kept for as long as your account is active, and deleted when you delete your account.
  • Bank data is kept for as long as the bank connection remains active, and removed when you disconnect the bank or delete your account.
  • Fintl provides a full account-deletion flow in-app (Settings > Account > Delete Account) that permanently removes your account, financial, and connection data from our systems.
  • Server logs are kept only for the short period needed for security and troubleshooting, then automatically deleted.

8. Your rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Request erasure of your data (“right to be forgotten”).
  • Restrict how we process your data.
  • Receive your data in a portable format.
  • Object to processing based on our legitimate interest.
  • Withdraw consent at any time, where processing relies on consent — such as your bank authorization.

You can exercise most of these rights directly in the app (Settings), or by emailing privacy@fintl.ai. We will respond within the timeframes required by the GDPR.

You also have the right to lodge a complaint with your local data protection supervisory authority — for example, the [JURISDICTION] data protection authority, or the supervisory authority in the EU member state where you live or work.

9. How we keep your data secure

  • All data is encrypted in transit.
  • Your data is isolated using Row Level Security (RLS), so that only you — and anyone you’ve explicitly invited — can access it.
  • We never store your online banking password. Bank authorization happens directly at your bank, and we never see or store your banking credentials.
  • No card numbers or payment credentials are stored by Fintl.

10. Family sharing

If you invite a family member to Fintl, they can only see the specific accounts, budgets, or goals you explicitly choose to share with them — never your full financial picture unless you decide to share it. You can revoke a family member’s access at any time from Settings > Family.

11. Changes to this policy & contact

We may update this Privacy Policy from time to time — for example, to reflect changes to our data practices or to comply with legal requirements. If we make material changes, we will notify you by email or via an in-app notice before the changes take effect. The “Last updated” date at the top of this page always reflects the most recent version.

If you have any questions about this Privacy Policy or wish to exercise your rights, contact us at privacy@fintl.ai or write to [COMPANY], [ADDRESS], [JURISDICTION].