Privacy Policy

Last updated: January 2025

Introduction

Pfynn ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Pfynn, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our service.

Information We Collect

Account Information

When you sign in with Google OAuth, we collect:

  • Email address (for account identification)
  • Name (from your Google profile)
  • Profile picture (optional, from Google)

Financial Data

When you connect your bank accounts through Plaid, we collect:

  • Bank account balances
  • Credit card account information and balances
  • Transaction data (for weekly reviews)
  • Account names and types

Important: We never store your bank login credentials. All bank connections are handled securely through Plaid, and we only receive read-only access to your account information.

User-Provided Information

  • Financial obligations (bills, subscriptions, etc.)
  • Review day preferences
  • Notification settings
  • Partner sharing preferences

Usage Analytics

We collect anonymous usage data to improve our service:

  • App opens and session duration
  • Feature usage (which features you use most)
  • Error reports and crash logs
  • Device information (iOS version, device type)

You can opt-out of analytics in Settings at any time.

How We Use Your Information

  • Provide the Service: To deliver weekly financial reviews and manage your financial data
  • Account Management: To create and manage your account, authenticate you, and provide customer support
  • Improve the App: To analyze usage patterns and improve functionality (using anonymous analytics)
  • Communications: To send weekly reminders (if enabled) and respond to your support requests
  • Security: To detect and prevent fraud, abuse, and security issues
  • Legal Compliance: To comply with applicable laws and regulations

How We Share Your Information

We do not sell your data. We only share your information in the following circumstances:

Third-Party Service Providers

  • Plaid: To securely connect your bank accounts. Plaid handles all bank authentication and we receive read-only access to your account data. See Plaid's privacy policy.
  • Supabase: For secure data storage and authentication. Your data is encrypted in transit and at rest. See Supabase's privacy policy.
  • PostHog: For anonymous analytics (if you haven't opted out). See PostHog's privacy policy.

Partner Sharing (Your Choice)

If you choose to share financial information with a partner through the app, that information is shared only with the partner you designate. You control what is shared and can revoke access at any time.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS) and at rest (AES-256)
  • Secure Authentication: We use Google OAuth for secure login—we never see or store your password
  • Bank Security: We never store your bank login credentials. All bank connections use Plaid's secure infrastructure
  • Access Controls: Only authorized personnel have access to user data, and access is logged and monitored
  • Regular Audits: We regularly review our security practices and update them as needed

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Your Rights and Choices

Access and Export

You can export all your data at any time from Settings in the app. This includes your financial data, obligations, and account information.

Deletion

You can delete your account and all associated data at any time from Settings. Deletion is immediate and permanent—all your data stored in Supabase is deleted right away and cannot be undone. We do not retain any data after account deletion.

Opt-Out of Analytics

You can disable analytics tracking in Settings. This will stop collection of anonymous usage data.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect
  • Know if we sell or disclose your personal information (we don't)
  • Opt-out of the sale of personal information (not applicable—we don't sell)
  • Access and delete your personal information
  • Non-discrimination for exercising your privacy rights

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing of your data
  • Data portability (export your data)
  • Object to processing of your data
  • Withdraw consent at any time

Data Retention

We retain your information only for as long as your account is active or as needed to provide our services. When you delete your account, all your data stored in Supabase is deleted immediately. We do not retain any data after account deletion.

Note: Plaid maintains its own records of bank connections per their privacy policy. If you want to remove your data from Plaid, you will need to contact Plaid directly or disconnect accounts through their system.

Children's Privacy

Pfynn is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: jasongandersonjr@gmail.com