Privacy Policy

What Data We Collect

The finsava.com landing page collects only one piece of personal information: your email address, submitted voluntarily through the waitlist form.

The self-hosted Finsava application does not send any data to us. All financial data — transactions, budgets, savings goals, AI conversations, and ML models — stays entirely on your machine.

How We Use Your Data

Email addresses collected through the waitlist are used solely to send notifications about Finsava updates, releases, and launch announcements. We do not sell, share, or rent your email to any third party.

Third-Party Services

• Vercel — The finsava.com landing page is hosted on Vercel. Vercel may collect standard web analytics (IP addresses, browser metadata) as part of its hosting infrastructure. See Vercel's Privacy Policy.
• SimpleFin — If you enable bank sync in the self-hosted app, transaction data is routed through SimpleFin's API. This connection is initiated and controlled entirely by you on your own server. See SimpleFin's website.
• Plaid — Alternative bank sync provider. If you connect via Plaid, your bank credentials are handled by Plaid and transaction data is routed through their servers. See Plaid's Privacy Policy.

Data Retention

Waitlist email addresses are retained until you unsubscribe. To remove your email, contact us at the address below and we will delete it promptly.

Self-Hosted App Privacy

When you run Finsava on your own hardware, all financial data is stored in a local SQLite database on your machine. Specifically:

• No telemetry or usage tracking is collected.
• No data is sent to Finsava or any third party by default.
• AI processing happens locally via Ollama — your prompts and financial context never leave your device.
• There is no cloud sync unless you explicitly configure it yourself.
• You have full control to inspect, export, or delete your data at any time.

Finsava Cloud (Planned Hosted Service)

When Finsava Cloud becomes available, it will operate as a hosted service where Finsava acts as a data processor for your financial information. The following additional disclosures apply to the Cloud offering:

• Data storage: Your financial data will be stored on hosted PostgreSQL servers. All data is encrypted in transit (TLS) and at rest.
• AI processing: If you opt into cloud AI (Google Gemini), your financial context will be sent to Google's servers for processing. This requires your explicit consent and can be revoked at any time in Settings. Local AI via Ollama is not available in the Cloud version.
• Sub-processors: Finsava Cloud uses the following sub-processors: cloud hosting provider (for database and application hosting), Google Gemini (optional cloud AI), SimpleFin (bank sync), Resend (transactional emails), and Vercel (landing page hosting).
• Data location: Cloud data may be stored and processed in the United States. For EU users, data transfers are governed by the EU-US Data Privacy Framework or Standard Contractual Clauses as applicable.
• Data portability: You can export all of your data at any time using the built-in data export feature (Settings → Export My Data).
• Account deletion: You can permanently delete your account and all associated data at any time from the Settings page.

Google Gemini AI Disclosure

Finsava offers an optional integration with Google Gemini for cloud-based AI financial analysis. When enabled:

• Your financial context (spending summaries, budget data, and category breakdowns) is sent to Google's Gemini API for processing.
• This feature requires your explicit opt-in consent, which can be granted or revoked at any time in the Settings page.
• Google's data processing terms apply to data sent to Gemini. See Google Gemini API Terms.
• When Gemini is not enabled, all AI processing happens locally via Ollama and no financial data leaves your machine.

Cookies

The Finsava application uses a single httpOnly authentication cookie to maintain your login session. We do not use tracking cookies, analytics cookies, advertising cookies, or third-party cookies. The finsava.com landing page uses only essential cookies set by our hosting provider (Vercel).

We Do Not Sell Your Data

Finsava does not sell, rent, lease, or share your personal information or financial data with any third party for monetary or other valuable consideration. This applies to all users across all tiers and deployment methods.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:

• Right to know: You have the right to request information about the categories and specific pieces of personal information we collect, use, and disclose.
• Right to delete: You have the right to request deletion of your personal information. For the landing page, email us to request removal. For Finsava Cloud, use the account deletion feature in Settings.
• Right to opt-out: Finsava does not sell or share your personal information for cross-context behavioral advertising.
• Non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Finsava does not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.

Your Rights (GDPR)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

To exercise any of these rights, contact us at privacy@finsava.com. We will respond within 30 days.

Security Transparency

Finsava is built with a local-first architecture. Self-hosted deployments keep all data on your own hardware with zero telemetry or tracking. Bank credentials are encrypted at rest. AI processing runs locally via Ollama unless you explicitly opt into cloud AI.

Contact

If you have any questions about this Privacy Policy, please contact us at privacy@finsava.com.