Privacy Policy

Finilo Subscription Manager (PIPEDA, GDPR, CCPA Compliant)

Finilo Privacy Policy explains how we collect, use, and protect your personal data when you use our subscription management and reminder app. This policy is designed to comply with Canadian privacy law (PIPEDA), as well as GDPR and CCPA requirements.

Effective Date: March 19, 2026

Last Updated: March 28, 2026

Finilo ("Finilo", "we", "our", or "us") is committed to protecting your privacy in accordance with applicable laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA), where applicable.

Finilo's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1. Information We Collect

As a subscription management app, Finilo requests access only to the minimum data necessary to provide the service. We collect the following categories of information:

  • Account Information: name, email, authentication data
  • Financial Metadata: subscription names, billing cycles, reminder settings (we do NOT access bank accounts unless explicitly integrated in the future)
  • Usage Data: interactions, feature usage, logs
  • Device & Technical Data: IP address, device type, OS, browser
  • Google Account Data (if connected): With user consent, Finilo may access Gmail message content (e.g., receipts, invoices, billing notifications) using read-only permissions to identify subscription and recurring billing information

2. Legal Basis (GDPR)

We process data based on:

  • Contractual necessity (to provide the service)
  • Legitimate interest (product improvement, fraud prevention)
  • Consent (notifications, optional features)

3. How We Use Information

We use your information to operate Finilo as a subscription tracking and reminder service.

  • Provide and operate Finilo
  • Send reminders and notifications
  • Improve features and reliability
  • Provide customer support
  • Detect fraud and abuse

4. Sharing of Information

We do NOT sell personal data, including Google user data.

We may share data only as necessary with:

  • Cloud providers and infrastructure partners
  • Analytics providers
  • Legal authorities when required by law

We do not share Gmail data with third parties except as necessary to provide the service, for security purposes, or to comply with legal obligations, in accordance with Google's Limited Use requirements.

5. International Transfers

Your data may be processed outside Canada. We ensure appropriate safeguards (e.g., standard contractual clauses).

6. Data Retention

We retain data only as long as necessary:

  • Active accounts: retained while account is active
  • Deleted accounts: data deleted within a reasonable period unless legally required

7. Your Rights

Depending on your jurisdiction, you may:

  • Access your data
  • Request correction or deletion
  • Withdraw consent
  • Request data portability
  • Opt out of data sale (CCPA – although we do not sell data)

Users can revoke Google account access at any time via their Google account permissions page.

Requests: support@finiloapp.xyz

8. Security

We use industry-standard safeguards including encryption in transit (HTTPS), secure authentication, and access controls. However, no system is completely secure.

For Google user data, Finilo applies strict security measures including encryption in transit and at rest, access controls, and monitoring to prevent unauthorized access.

9. Data Storage & Architecture

Finilo is a cloud-based application:

  • Backend: Node.js/Express services
  • Database: Secure cloud-hosted databases (e.g., PostgreSQL)
  • Mobile App: React Native (Expo)
  • Web App: Next.js

We do not store banking credentials or directly access financial accounts.

10. Children's Privacy

Finilo is not intended for users under 13 (or 16 in certain jurisdictions).

11. Changes

We may update this policy. Continued use constitutes acceptance.

12. Contact

107-1 Bow Ridge Rd, Cochrane, AB T4C 2J1, Canada

support@finiloapp.xyz

13. Google User Data Access and Compliance

Finilo accesses Google user data only with explicit user consent and solely to provide its core subscription tracking functionality.

  • Scope of access: Read-only access to Gmail (gmail.readonly)
  • Purpose: Identify subscriptions and extract billing details (e.g., service name, amount, billing cycle, renewal date)
  • No modification: Finilo does not send, modify, or delete emails

Limited Use Compliance

Finilo complies with Google's Limited Use requirements:

  • Data is used only to provide user-facing features within the app
  • Data is not sold and is not used for advertising
  • Data is not used to train machine learning or AI models
  • Data is not transferred to third parties except:
    • to provide core functionality
    • for security or legal compliance

Human Access Restrictions

Finilo does not allow humans to read Gmail data except:

  • with user consent
  • when necessary for security, debugging, or legal compliance

Data Minimization

  • Only emails relevant to subscriptions are processed
  • Only extracted subscription data is stored
  • Full email content is not retained
Finilo

Copyright 2026. All Rights Reserved.