Privacy Policy

Last updated: May 2026

Plain English summary: I don't sell your data. I don't share it with third parties for advertising. Your financial information stays in my database, secured, and used only to provide the Service to you.

This Privacy Policy describes how ExpenseTracker ("Service"), operated by Kevin Chirayath ("I", "me", "my"), collects, uses, and protects your information when you use the Service. This policy complies with PIPEDA (Canada) and is designed to be GDPR-compatible for European users.

1. Information I Collect

Account information: your email address and hashed password (I never store plain-text passwords).

Financial data you provide: transaction history, spending categories, and budget settings that you import or create. This data is stored in a private, password-protected database.

Bank connection data (Pro plan only): when you connect your bank via Plaid, Plaid handles authentication directly. I receive and store only your Plaid access token and transaction data returned by the API. Your bank username, password, and MFA credentials are handled entirely by Plaid and are never accessible to me.

Usage logs: server logs may include IP addresses and request timestamps for security and debugging. Logs are retained for 30 days.

2. How I Use Your Information

To provide and operate the Service
To send transactional emails (password resets, budget alerts, monthly reports) — these are service emails, not marketing
To process payments via Stripe (I never see or store your payment card details)
To improve the Service and fix bugs

I do not use your data for advertising. I do not build profiles to sell. I do not share your information with third parties except as described below.

3. Third-Party Services

Stripe: payment processing. Your billing details are governed by Stripe's Privacy Policy.

Plaid (Pro plan): bank connectivity. Governed by Plaid's End User Privacy Policy.

SendGrid: transactional email delivery. Email content (budget alerts, reports) passes through SendGrid's servers in transit.

Microsoft Azure / SQL Server: database hosting. Data is stored in Canada or the US within Microsoft's infrastructure.

4. Data Security

All data is transmitted over HTTPS/TLS. Passwords are hashed using industry-standard bcrypt. Database access is restricted to the application and authorized developers. I take reasonable precautions to protect your data, though no system is 100% secure.

5. Your Rights

You have the right to:

Access the data I hold about you — email me at support@fintrack.app
Correct inaccurate data
Delete your account and all associated data — this can be requested via email and will be completed within 30 days
Export your transaction data via the CSV export feature in the app
Withdraw consent by deleting your account at any time

6. Cookies

ExpenseTracker uses no tracking or advertising cookies. The app stores your authentication token in browser localStorage (not a cookie) to keep you signed in. No third-party analytics scripts are loaded.

7. Children's Privacy

ExpenseTracker is not directed at children under 18. I do not knowingly collect information from minors. If you believe a minor has created an account, contact me to have it removed.

8. Changes to This Policy

I will notify you by email of any material changes to this policy before they take effect. Continued use of the Service after changes constitutes acceptance.

9. Contact

Privacy questions or data requests: support@fintrack.app