Privacy Policy

Last updated: 21 May 2026

At Finley, your privacy matters. This policy explains how we collect, use, and protect your personal data across the Finley mobile app (iOS and Android) and the Finley website at joinfinley.com.

What data we collect

On our website

On the website, we collect only the information you choose to share — primarily through the waitlist signup form and our invitation flow:

Waitlist signup

Your name and email address when you join our waitlist or request an invitation.

Optional profile information

Optional demographic information (birth year, gender, country, current financial situation, etc.) that you choose to share to help us understand our future users.

In the Finley mobile app

When you use the Finley mobile app, we process the following categories of data:

  • Account data: your name, email address, and language preference.
  • Financial data: information about the bank connections and accounts you link, your transactions, balances, budgets, savings goals, and – if you use the crypto features – wallet addresses. This data is sent only to our backend; it is not shared with analytics providers.
  • Conversations: the messages you send to Finley's AI assistant, including any voice messages you record.
  • Camera and document uploads: when you use document capture, the image you take is sent to our backend for processing.

Device and technical data

To operate the app, we automatically collect certain device and technical information:

  • Device identifier: a stable per-device identifier (Android ID on Android, Identifier for Vendor on iOS, or an app-generated identifier when those are not available) so we can route push notifications to the right device and keep multi-device sessions in sync.
  • Push notification token: an opaque token issued by Apple or Google that lets us send notifications to your device.
  • App and OS version, device model, and language: included in API requests for debugging, localization, and routing.
  • IP address: visible to our infrastructure and to our analytics provider; not used to build advertising profiles.
  • Crash and diagnostic reports: when the app encounters an error, we collect stack traces, device context (OS, app version, model) and your user ID. This data is processed on our own infrastructure and is not shared with third parties.

We do not collect advertising identifiers (IDFA on iOS, Advertising ID on Android), and we do not track you across other companies' apps or websites.

How we use, store, and share your data

How we use your data

We use your information to:

  • Authenticate your access to the Finley mobile app
  • Personalize your experience and understand your needs
  • Improve Finley based on your feedback and usage patterns
  • Communicate with you about important updates and account-related notifications

Storage and security

All data is stored securely in the European Union, encrypted in transit (HTTPS), and protected by industry-standard security practices. The website (waitlist and invitations) and the Finley mobile app use separate backends and databases hosted with vetted infrastructure providers.

Data sharing

We never sell your data and we do not share it for advertising. We work with a small number of service providers (sub-processors) who process data only on our instructions and under data-processing agreements. The categories of sub-processors used by the Finley mobile app are described below; any other systems – including our error tracking – run on our own infrastructure.

Service providers for the mobile app

We rely on a small number of carefully selected service providers to operate the mobile app. Each is bound by a data-processing agreement and may only process your data on our instructions. We deliberately keep this list short and host other systems on our own infrastructure.

  • Product analytics: a privacy-focused analytics service hosted in the European Union receives your user ID, email, a generated device identifier, screen views, and interaction events.
  • Push notifications: device push tokens are addressed via a push-routing service so we can deliver notifications across iOS and Android.
  • Real-time voice: when you talk to Finley by voice, an audio-infrastructure provider handles the live session (audio and network-quality metrics only).
  • Bank connectivity: when you link a bank account, the connection is established via a regulated EU-based account information service provider (AISP) under PSD2, in line with the consent you give in the bank-connection flow.

No advertising and no cross-app tracking

The Finley mobile app does not show ads, does not collect advertising identifiers, and does not track you across other apps or websites. This is reflected in our Data Safety declaration on Google Play and in our App Privacy declaration on the App Store.

Analytics and cookies (web)

On the web, we use optional analytics cookies with your consent to understand how people use Finley. We also embed videos from YouTube, which may set third-party cookies when you choose to watch them. The Finley mobile app uses a separate analytics service, described under "Service providers for the mobile app" above. For more details on cookies, see our Cookie Policy.

Your rights and control

Your rights

You have full control over your data. You can:

  • Access all data we have collected about you
  • Request corrections to any inaccurate data
  • Request deletion of your account and all associated data
  • Request a copy of your data in a portable format
  • Object to processing of your data for specific purposes

About this policy

Changes to this policy

We may update this privacy policy as Finley evolves. We'll notify users of any significant changes via email or an in-app notice.

Questions?

If you have any questions about your privacy or this policy, please contact us at privacy@joinfinley.com