Privacy Policy · Finyvo

Executive summary

Point	Detail
Data on your device	Yes. Transactions, wallets, budgets, goals, subscriptions, and categories are stored locally.
Data in Finyvo’s cloud	No. Finyvo has no user account, does not sync with iCloud, and does not store your financial data on any server.
Data sent to the backend	Currency codes (FX), brand names (logos), and text descriptions if you use AI. Never amounts, accounts, or balances.
User identification	None. We have no user account. The backend access token is shared by all instances of the App, not individualized.
Sale of data	Never. We have no personal data to sell.
Website cookies / tracking	The website does not use marketing cookies or third-party tracking pixels.
Third parties with access to any data	Cloudflare (backend hosting), exchangerate.host (FX), Brandfetch (logos), OpenAI (AI), Apple/RevenueCat (purchases).

Who we are and the data controller

The controller responsible for processing the data covered by this Policy is:

Moises Núñez
the Dominican Republic
Contact: [email protected]

This Policy applies to:

The Finyvo application distributed through Apple’s App Store.
The finyvo.com website and its subdomains.
The api.finyvo.com backend operated by Finyvo.

Data stored solely on your device

When you use Finyvo, the following data is stored in your iOS device’s local storage through SwiftData (an Apple local storage framework, similar to SQLite). It is not synced with iCloud (the app explicitly disables CloudKit) or with any Finyvo server:

Data type	Typical content
Transactions	Amount, currency, date, type (expense/income/transfer), category, wallet, tags, optional free-form note, optional merchant name
Wallets	Name, type (cash, account, credit, etc.), currency, balance, color/icon, optional last 4 digits, optional payment reminder, optional notes
Categories	Name, keywords, parent/child hierarchy, icon, color, internal markers (slug) for default categories
Tags	Name, color
Budgets	Monthly period, total amount, allocations by category/goal, method (manual/template/historical), currency
Savings goals	Name, target amount, currency, optional deadline, planned monthly amount, optional linked wallet, status, contributions
Subscriptions	Name, amount, currency, frequency, next payment, category, wallet, reminders, optional brand, historical occurrences
Preferences	Language, preferred currency, fiscal day, theme, animations, optional display name
Automatic backups	Up to 7 rotating backups generated before each schema migration

Protection at rest: files are stored inside the application container with iOS’s default data protection (the NSFileProtectionCompleteUntilFirstUserAuthentication class). If your iPhone has a passcode set, the files are encrypted at rest until the first unlock after power-on.

Important:

We do not use iCloud / CloudKit to sync data. The SwiftData container configuration is cloudKitDatabase: .none, which explicitly disables any sync with iCloud.
We do not perform backups on our own servers. The automatic schema backups live within the App’s sandbox on your device.
If you lose the device without having made an operating system backup (iCloud Backup or a copy via Finder/iTunes), you will lose the data.

Data you send to the api.finyvo.com backend

For certain features to work, the App communicates with our backend hosted on Cloudflare Workers under the domain api.finyvo.com. This backend acts as a secure proxy to external providers, preventing those providers’ API keys from being embedded in the App.

Requests to the backend include the following common elements:

Access token (Bearer Token): a technical identifier that authorizes the App to use the backend. This token is shared across all instances of the App; it is not specific to each user. It does not identify an individual user.
IP address: Cloudflare sees your IP, like any web service you visit. The IP is used solely to apply anti-abuse rate limits (rate limiting); it is not stored persistently linked to your activity. In isolated rate-limiting events it may appear in operational logs for up to 30 days.
User-Agent: a string like Finyvo/1.0.0, identifying the app version.

Exchange rates (`/fx/*`)

When the App needs to update rates or convert amounts, it calls endpoints such as /fx/latest, /fx/convert, /fx/timeframe, and /fx/symbols. What we send:

Currency codes (ISO 4217, e.g., USD, EUR, DOP).
Dates (YYYY-MM-DD format) when the request is historical.
For /fx/convert: a generic numeric amount with no context (not associated with any transaction, wallet, or user).

What we do NOT send: your identity, your wallets, your transaction history, balances, or personal totals.

The rates are obtained, through our backend, from the exchangerate.host provider, and are cached in Cloudflare KV for 24 hours. A historical copy of the rates is stored in a D1 database (also from Cloudflare) to serve historical queries efficiently. This data consists of public-domain market rates and contains no user data.

Brand logo search (`/brand/search/:query`)

When you create a subscription and type a name (e.g., “Netflix”), the App first searches its local catalog of 93 brands. If it finds no match, it queries /brand/search/:query. What we send:

The text you typed (for example netflix, chatgpt).

What we do NOT send: your subscription amount, the associated wallet or category, your identity.

Our backend forwards the query to Brandfetch, receives the logo (a signed CDN URL), and returns it to us. The query is cached for 1 hour in Cloudflare KV.

Artificial intelligence features (`/ai/*`)

The AI features are optional and are invoked only when you activate them (when saving a transaction, running a complex search, requesting duplicate detection, etc.). The App works in full without these features; they are limited in number for Free users (50 requests per month).

There are seven distinct endpoints. For all of them, what is sent to our backend (and from there to the LLM provider) is:

Endpoint	Data sent
`/ai/categorize`	Transaction note, merchant name (if any), amount, list of the names of your categories and associated keywords, list of the names of your tags, locale (`es`)
`/ai/normalize`	Transaction note, locale
`/ai/parse-transaction`	Free text you dictated, list of the names of categories, wallets, tags, available currencies, locale
`/ai/detect-duplicate`	The new transaction (note, merchant, amount, date) and a set of recent transactions with their same fields, locale
`/ai/search`	Your query text, list of available names (categories, wallets, tags, currencies), locale
`/ai/detect-subs`	List of recent transactions (note, amount, date) used to detect recurring patterns, locale
`/ai/categorize-subscription`	Subscription name, optional brand domain, list of the names of your categories, locale

What is NOT sent to the backend or to the LLM provider, under any circumstances:

Your name, email, phone, or Apple ID.
Internal IDs from your database (wallet, category UUIDs, etc.).
Wallet balances.
Transaction history beyond the subset that the specific feature requires.

LLM provider: OpenAI (the gpt-5-nano model through its Responses API). In future versions we may incorporate Google Gemini (gemini-2.5-flash) for narrative generation features.

Storage: AI requests and responses are not stored. In the D1 database, only the following is logged for each request: a 16-character hash of the token name (not of your identity), the endpoint called, model, provider, token count, estimated cost, latency, and success/error. The content of the request is not saved.

Retention policy at the LLM provider:

OpenAI retains API data for up to 30 days for abuse detection, in accordance with its policies. It does not use this data to train its models.

How to disable the AI features: the AI features are optional and are not invoked automatically without an explicit action from you. If you prefer not to send text to the backend at all, simply do not use these features. The App works completely without them.

Health endpoint (`/health`)

Public endpoint (no authentication) used for automated monitoring. It returns an ok status, a timestamp, and a request identifier. It neither sends nor receives user data.

How the backend processes and logs

Our backend on Cloudflare Workers generates structured operational logs that allow us to diagnose problems, prevent abuse, and measure performance. The logs include:

Event	Information logged
Completed request	Unique request identifier (UUID), token name (e.g., `ios-prod`), HTTP method, route, status code, duration
Rate limit reached	Client IP address, route, limit exceeded
5xx error	Request identifier, route, error message
LLM provider error	Request identifier, status, provider message
Brandfetch error	Request identifier, status, brand query that failed

Log retention: Cloudflare retains standard Workers logs for up to 30 days. The logs are not automatically exported to any external Finyvo service.

Personal data in logs: the only personal information that may appear in logs is the IP address (in rate-limit events) and, occasionally, a brand query (in Brandfetch error events). IPs are not linked to an identity and are deleted together with the log when the retention period expires.

Purchases and subscriptions (StoreKit + RevenueCat)

To manage the Finyvo Plus subscription, the App integrates the RevenueCat SDK, a third-party platform that validates App Store purchase receipts and maintains the status of your entitlement.

Data shared with RevenueCat:

Anonymous identifier assigned by the RevenueCat SDK (not your Apple ID).
Identifier of the purchased product (finyvo_plus_monthly or finyvo_plus_yearly).
Encrypted Apple receipt to validate the purchase.
Subscription status (active, in grace period, expired).

Data that is NOT shared with RevenueCat:

Your Apple ID.
Your name, email, or phone.
Your financial information within Finyvo.

Payments: all payments are processed by the Apple App Store. Finyvo never has contact with your card information or payment method. The Terms and Privacy Policy of Apple Media Services apply: https://www.apple.com/legal/internet-services/itunes/.

RevenueCat privacy policy: https://www.revenuecat.com/privacy.

Operating system permissions

Finyvo requests the following permissions from the iOS system:

Permission	When it is requested	What for
Notifications	When you enable subscription or savings-goal reminders	To show alerts before the next charge or when reaching savings milestones

Finyvo does NOT request or access: camera, photos, location, contacts, calendar, health (HealthKit), Apple Pay, microphone, voice, motion data, Bluetooth, music library, or any other sensitive permission.

Analytics and diagnostics

Internal analytics events

The App generates anonymous events that are written to Apple’s logging subsystem (os.Logger, subsystem com.finyvo.app). These events are visible only through the device’s console if it is connected to a Mac with Xcode or through the TestFlight console.

What is NOT included in these events: amounts, merchant names, notes or descriptions, or identifiers that would allow the event to be linked to a person.

The events are not sent to Finyvo or to third parties. They remain on the device and are useful only during technical diagnostics authorized by the user.

Crash diagnostics (Crash Reports)

The App uses Apple’s MetricKit to receive automatic crash diagnostics. These diagnostics are collected, processed, and anonymized by Apple, not by Finyvo. They contain no financial data of the user.

Third-party analytics SDKs

Finyvo does not integrate any third-party analytics SDK in its version 1.0. Specifically, we do not use: Mixpanel, Amplitude, Firebase Analytics, Heap, Segment, Sentry, Datadog, TelemetryDeck, Adjust, AppsFlyer, or similar.

Storage and technical security

On your device

SwiftData / SQLite: files protected by iOS’s data protection system.
UserDefaults: non-sensitive preferences (language, theme, preferred currency, fiscal day, etc.).
Keychain: the access token for the api.finyvo.com backend is stored with the kSecAttrAccessibleWhenUnlockedThisDeviceOnly access policy. It does not sync with iCloud Keychain and is deleted if you reset the device.

In transit

All communication between the App, our backend, and external providers travels encrypted via HTTPS / TLS 1.2+. Our backend requires TLS and applies standard security headers (HSTS, strict CSP, X-Frame-Options: DENY, etc.).

On the backend

Cloudflare D1 (distributed SQLite): historical FX rates and AI logs. Encrypted at rest by default.
Cloudflare KV (key-value): caches of rates, symbols, brand searches, brand logos, rate-limit counters. Automatic TTL.
Cloudflare Workers: backend execution on Cloudflare’s global edge network. No persistent storage outside of D1 and KV.

Third-party services: summary table

Service	Function	Data shared	Privacy policy
Apple Inc.	Distribution and payment processing	Encrypted purchase receipt, anonymous identifier	apple.com/legal/privacy
RevenueCat	Validation of the Plus subscription	Anonymous ID, Apple receipt, product ID	revenuecat.com/privacy
Cloudflare	Hosting of the `api.finyvo.com` backend	HTTP metadata, payloads of `/fx/`, `/brand/`, `/ai/*`	cloudflare.com/privacypolicy
exchangerate.host	Exchange-rate provider	Currency codes, dates	exchangerate.host
Brandfetch	Brand-logo provider	Search text, domains	brandfetch.com/privacy
OpenAI	AI models	Note text, merchant, amount, names of categories/wallets/tags	openai.com/policies/privacy-policy
Google (Gemini, planned)	Narrative AI models (future)	Equivalent to OpenAI when integrated	policies.google.com/privacy

International data transfers

Our backend operates over Cloudflare’s global network (more than 200 data centers worldwide). Cloudflare routes each request to the nearest edge. This means that, depending on your location, your requests may be processed on infrastructure located in countries other than your country of residence.

The LLM providers (OpenAI and, in the future, Google) process the data primarily in the United States.

For users in the European Economic Area (EEA), the United Kingdom, and other jurisdictions with data-transfer rules:

Transfers are covered by the Standard Contractual Clauses (SCCs) published by the European Commission, or by the corresponding adequacy frameworks, according to the current contract with each provider.
The listed providers publish their respective SCCs and/or DPAs, accessible on their sites.

If you have a specific concern about international transfers, contact us at [email protected].

Retention and deletion

Data type	Retention
Financial data on your device	Remains until you delete it manually or uninstall the App
Automatic schema backups	Up to 7 rotating backups, on your device
FX rate cache on the backend	24 hours (KV); historical in D1 indefinitely (public market data)
Brand search cache	1 hour (results), 7 days (images)
AI request log in D1	Indefinite (only token hash and non-personal metadata)
Operational logs on Cloudflare	Up to 30 days
Receipts and entitlements in RevenueCat	In accordance with RevenueCat’s policies
Data sent to OpenAI	Up to 30 days per OpenAI’s policy (not used for training)

How to delete your data:

Selective deletion: archive or delete each transaction, wallet, category, goal, or subscription within the App.
Complete deletion: uninstall the App. This removes all local data, the schema backups, and the access token stored in the Keychain.
Subscription account deletion: manage and cancel your Finyvo Plus subscription from Settings → [Your name] → Subscriptions.
Specific requests: if you need to confirm or request the deletion of specific data on our backend (for example, operational logs that might contain your IP), write to us at [email protected] and we will process the request within 30 calendar days.

Your rights

Depending on your country of residence, you have one or more of the following rights over your personal data:

Access: request information about the data we process relating to you.
Rectification: correct inaccurate or outdated data. For data on your device, edit it directly in the App.
Deletion / erasure (“right to be forgotten”): delete the data we retain about you.
Restriction of processing: ask us to limit the use of your data.
Objection to processing based on legitimate interest.
Portability: receive your data in a structured, commonly used, and machine-readable format.
Withdrawal of consent when the processing is based on it.
Not to be subject to automated decisions with significant effects on you. Finyvo does not make significant automated decisions about you; AI suggestions are recommendations that require your confirmation.
Lodge a complaint with the supervisory authority of your country.

To exercise these rights, write to us at [email protected]. We will respond within 30 calendar days, extendable to up to 60 days in complex cases, as permitted by applicable laws.

Applicable legal framework and legal bases

the Dominican Republic

The processing of personal data by Finyvo is carried out in accordance with Ley No. 172-13 on the Protection of Personal Data, in force since December 13, 2013.

European Union / European Economic Area / United Kingdom

For users residing in the EEA or the United Kingdom, Regulation (EU) 2016/679 (GDPR) and the UK GDPR apply. The legal bases for the various processing activities are:

Processing	Legal basis
Local storage of financial data and provision of the core service	Performance of a contract (Art. 6(1)(b) GDPR)
Optional AI features	Legitimate interest (Art. 6(1)(f) GDPR) and, where applicable, consent (Art. 6(1)(a) GDPR)
Technical diagnostics, fraud prevention, security	Legitimate interest (Art. 6(1)(f) GDPR)
Compliance with legal and tax obligations	Legal obligation (Art. 6(1)(c) GDPR)
Management of the Finyvo Plus subscription	Performance of a contract (Art. 6(1)(b) GDPR)

United States: California (CCPA / CPRA)

For California residents, under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you have the right to know which categories of personal information we collect, to access, correct, or delete your personal information, to limit the use of sensitive information, not to be subject to discrimination for exercising your rights, and to opt out of the “sale” or “sharing” of personal information.

Finyvo does not sell or share personal information within the meaning defined by CCPA/CPRA. We do not trade data with advertisers or ad networks.

Brazil: LGPD

For residents of Brazil, the Lei Geral de Proteção de Dados (Lei 13.709/2018) applies. Your rights are substantially equivalent to those listed above. The contact for LGPD-related privacy matters is the same privacy email: [email protected].

Other Latin American countries

The following frameworks may apply if you are a resident:

Mexico: Ley Federal de Protección de Datos Personales en Posesión de los Particulares.
Argentina: Ley 25.326 de Protección de los Datos Personales.
Colombia: Ley Estatutaria 1581 de 2012.
Chile: Ley 19.628 (with the 2024 reform on personal data protection).
Peru: Ley 29.733 de Protección de Datos Personales.

Finyvo is committed to respecting the substantive rights that each framework grants to its residents and to responding to requests within the applicable timeframes.

Supervisory authorities and how to complain

If you believe that your rights have not been adequately addressed, you may turn to the competent supervisory authority:

Jurisdiction	Authority
the Dominican Republic (consumer protection)	Pro-Consumidor: proconsumidor.gob.do
European Union / EEA	National data protection authority (DPA) of your country
United Kingdom	ICO: ico.org.uk
California (USA)	CPPA: cppa.ca.gov
Brazil	ANPD: gov.br/anpd
Mexico	INAI: home.inai.org.mx
Argentina	AAIP: argentina.gob.ar/aaip
Colombia	SIC: sic.gov.co

Before turning to the authority, we invite you to contact us first at [email protected] to try to resolve your complaint directly.

Privacy of minors

Finyvo is rated 4+ on the App Store, but it is not designed for or directed at children under 13. We do not knowingly collect personal information from children under 13 (or under the applicable minimum age in your country, which may be higher under local rules such as GDPR-K).

If you are a parent or guardian and discover that a child under 13 has used the App, write to us at [email protected]. We will take the necessary measures to address the situation and, where appropriate, delete the corresponding information.

App Store privacy label

In accordance with the privacy declaration required by Apple (App Store Privacy Nutrition Label) and the privacy manifest (PrivacyInfo.xcprivacy) embedded in the App, Finyvo declares:

Category	Declaration
Data used to track you	None
Data linked to your identity	In-app purchases (via RevenueCat / Apple); technical device identifiers necessary to operate the service
Data NOT linked to your identity	Technical diagnostic events processed locally by Apple (MetricKit)
“Required reason” APIs	UserDefaults (reason CA92.1), File Timestamp (reason C617.1)

Changes to this Policy

This Policy may be updated periodically to reflect changes in the App, in applicable legislation, or in our practices. When material changes occur:

We will publish the updated version on the website and within the App.
We will update the “Last updated” date at the top of the document.
When the changes affect the user’s substantive rights, we will notify you within the App.

Continued use of the App after the effective date of the changes constitutes acceptance of the new Policy.

Cookies and Tracking Policy (website)

This section applies only to the finyvo.com website and its subdomains. It does not apply to the iOS App, which does not use cookies.

The Finyvo website is designed not to collect personal information through marketing cookies or third-party tracking pixels.

Technologies used

Type	Storage	Expiration	Purpose
Necessary (language preferences)	localStorage	Until cleared	Remember the selected language
Necessary (theme preference)	localStorage	Until cleared	Remember the visual theme

What the website does NOT use:

Google Analytics
Meta Pixel / Facebook Pixel
TikTok Pixel
LinkedIn Insight Tag
Hotjar / Crazy Egg / Microsoft Clarity
Marketing, retargeting, or third-party advertising cookies

If in the future we decide to integrate site analytics (for example, TelemetryDeck or Plausible, both privacy-respecting), we will update this section before enabling them and will display a consent banner where legally required.

You can clear the site’s local storage at any time from your browser’s privacy settings.

Privacy contact

For any inquiry, rights request, or complaint related to privacy:

[email protected]

We will respond within the applicable legal timeframes (normally 30 calendar days).