πŸ’°
Log InSign Up
Back to Home

Privacy Policy

Last Updated: October 13, 2025

1. Introduction

Welcome to Financial Helper. We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our service.

By using Financial Helper, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our service, we collect:

  • Account Information: Name, email address, and password (encrypted)
  • Financial Data: Bank statements, transactions, account numbers, and financial institution names
  • User-Generated Content: Categories you create, goals you set, and notes you add

2.2 Information Collected Automatically

When you use our service, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent on the service
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Cookies and Similar Technologies: Authentication tokens, session data, and preferences

2.3 Temporary Accounts

When you upload a statement without creating an account, we create a temporary anonymous account. We store a temporary token in your browser to associate your data with your session. This data is retained temporarily and may be deleted if not converted to a full account.

3. How We Use Your Information

We use your information to:

  • Provide Our Services: Parse statements, categorize transactions, detect patterns, and generate insights
  • Maintain Your Account: Authenticate you, store your preferences, and manage your data
  • Improve Our Service: Analyze usage patterns, fix bugs, and develop new features
  • Communicate With You: Send service updates, security alerts, and respond to inquiries
  • Ensure Security: Detect fraud, prevent abuse, and protect against security threats
  • Comply With Legal Obligations: Respond to legal requests and enforce our Terms of Service

4. Data Processing and Analysis

4.1 Statement Processing

When you upload a bank statement, we:

  • Parse the file to extract transaction data
  • Automatically categorize transactions using algorithms
  • Detect recurring payments and patterns
  • Generate visualizations and analytics
  • Store the processed data in our secure database

4.2 AI and Algorithms

We use algorithms and pattern recognition to provide insights into your spending habits. This processing happens automatically and does not involve manual review by our staff.

5. Data Sharing and Disclosure

5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal or financial data to third parties for marketing purposes.

5.2 When We May Share Data

We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate our platform (e.g., Cloudflare for hosting, database providers)
  • Legal Requirements: When required by law, court order, or government request
  • Protection of Rights: To protect our rights, property, or safety, or that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With Your Consent: When you explicitly authorize us to share your data

6. Data Security

We take data security seriously and implement multiple layers of protection:

6.1 Technical Safeguards

  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest in our database
  • Authentication: Passwords are hashed using industry-standard algorithms (bcrypt)
  • Access Controls: Strict access controls limit who can access user data
  • Secure Infrastructure: Hosted on Cloudflare's secure infrastructure
  • Regular Audits: We conduct security audits and vulnerability assessments

6.2 Organizational Safeguards

  • Limited access to personal data on a need-to-know basis
  • Employee training on data protection practices
  • Incident response procedures for data breaches

Important: While we implement strong security measures, no system is 100% secure. You are responsible for keeping your password confidential and notifying us of any unauthorized access.

7. Data Retention

7.1 Active Accounts

We retain your data for as long as your account is active and for a reasonable period afterward to:

  • Provide continuous service
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

7.2 Temporary Accounts

Data associated with temporary accounts may be deleted after a period of inactivity (typically 90 days).

7.3 Account Deletion

When you delete your account, we will remove your personal data from our active systems within 30 days. Some data may be retained in backups for up to 90 days for disaster recovery purposes.

8. Your Rights and Choices

You have the following rights regarding your personal data:

8.1 Access and Portability

  • Request a copy of your personal data
  • Export your transaction data

8.2 Correction and Updates

  • Update your account information at any time
  • Edit or delete transactions and categories

8.3 Deletion

  • Delete individual statements or transactions
  • Delete your entire account through account settings

8.4 Objection and Restriction

  • Object to certain data processing activities
  • Request restriction of processing in specific situations

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Authentication: To keep you logged in (sessionToken, tmpToken)
  • Preferences: To remember your language and settings
  • Security: To detect fraudulent activity and abuse
  • Analytics: To understand how you use our service

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features.

10. Third-Party Services

Our service is hosted on Cloudflare infrastructure. We use the following third-party services:

  • Cloudflare: Hosting, CDN, and security services
  • Database Providers: For secure data storage (Cloudflare D1)

These service providers are contractually obligated to protect your data and use it only for providing services to us.

11. International Data Transfers

Your data may be processed and stored in servers located in different countries. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy, regardless of where it is processed.

12. Children's Privacy

Our service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately, and we will delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a prominent notice on our service. Your continued use after changes indicates acceptance of the updated policy.

14. Your Legal Rights

14.1 European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

14.2 California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether your information is sold or disclosed
  • Right to say no to the sale of personal information (we don't sell data)
  • Right to access your personal information
  • Right to deletion of your personal information
  • Right to equal service and price

14.3 Brazilian Users (LGPD)

If you are a resident of Brazil, your personal data is protected by the General Data Protection Law (LGPD - Law No. 13.709/2018). You have the following rights:

  • Right to confirmation of the existence of personal data processing
  • Right to access your personal data
  • Right to correction of incomplete, inaccurate, or outdated data
  • Right to anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data
  • Right to data portability to another service or product provider
  • Right to deletion of personal data processed with consent
  • Right to information about public and private entities with whom we share data
  • Right to information about the possibility of not providing consent and the consequences of refusal
  • Right to revoke consent at any time
  • Right to petition regarding your data before ANPD (National Data Protection Authority)
  • Right to oppose processing carried out in non-compliance with LGPD

To exercise any of these rights, contact us through the channels indicated in section 15 (Contact Us).

ANPD: You can also file a complaint with ANPD through the website: https://www.gov.br/anpd

15. Legal Bases for Data Processing (LGPD)

We process your personal data based on the following legal hypotheses provided in Art. 7 of LGPD:

  • Consent: When you create a full account, you provide explicit consent for the processing of your personal data
  • Contract Execution: Data processing is necessary for the execution of the service contract between you and Financial Helper
  • Legitimate Interest: To improve our services, ensure security, and prevent fraud, provided your fundamental rights and freedoms do not prevail
  • Legal Obligation Compliance: When necessary to comply with applicable legal or regulatory obligations
  • Regular Exercise of Rights: To protect our rights in judicial, administrative, or arbitration proceedings
  • Life Protection: When necessary for the protection of life or physical safety of the data subject or third parties

The specific legal basis for each processing activity may vary. If you have questions about which legal basis applies to your data processing, please contact us.

16. Data Localization and International Transfers

In compliance with LGPD, we inform:

  • Data Storage: Your data is stored on Cloudflare servers, which may be located in Brazil or other countries
  • Processing: Data processing may occur in Brazil and/or on Cloudflare's international servers

Protection Guarantees: All international data transfers are carried out with appropriate safeguards, including:

  • Standard contractual clauses approved by ANPD
  • International security certifications
  • Technical and organizational measures for data protection
  • Contractual commitment from providers to comply with LGPD

We ensure that the level of data protection in international transfers is equivalent to that provided by LGPD.

17. Specific Retention Period (LGPD)

As required by LGPD, we keep your data only for the time necessary for the informed purposes:

  • Account Data: Maintained while the account is active and for up to 90 days after deletion for audit and security purposes
  • Transaction Data: Maintained while the account is active and for up to 5 years after deletion to comply with legal obligations (tax and accounting requirements)
  • Temporary Accounts: Data automatically deleted after 90 days of inactivity
  • Access Logs: Maintained for up to 6 months for security purposes
  • Communications: Emails and messages maintained for up to 2 years

When there is a legal retention obligation (e.g., tax requirements), data may be maintained for the legally required period

After the retention period ends, data is eliminated securely and permanently.

18. Data Protection Officer (DPO)

In compliance with Art. 41 of LGPD, we have appointed a Data Protection Officer (DPO) responsible for:

  • Accepting complaints and communications from data subjects
  • Providing clarifications about data processing
  • Receiving communications from ANPD
  • Adopting necessary measures to ensure LGPD compliance

For matters related to data protection and exercising your rights under LGPD, contact our Officer:

Email: dpo@financialhelper.com

We respond to all requests within 15 business days, as established by LGPD.

19. Third-Party Data Sharing

In compliance with LGPD's transparency duty, we inform that we share data with the following categories of third parties:

  • Cloudflare Inc. (United States): Hosting, CDN, and security services - under standard contractual clauses
  • Cloudflare D1 (variable location): Database storage - with LGPD compliance guarantees

We do not share your data with other entities beyond those mentioned, except in the circumstances provided in section 5 (Data Sharing and Disclosure)

You have the right to request detailed information about specific entities with whom your data has been shared.

20. Consent and Revocation

When data processing is based on consent:

  • Consent is collected explicitly and prominently when creating a full account
  • Consent is specific to the purposes informed in this Policy
  • You are informed about the consequences of providing or denying consent
  • You can revoke consent at any time through account settings or by contacting us

Consent revocation does not affect the lawfulness of processing performed previously

Revocation may result in our inability to continue providing certain services that depend on that data

21. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@financialhelper.com

Data Protection Officer: dpo@financialhelper.com

Website: financialhelper.com

By using Financial Helper, you acknowledge that you have read and understood this Privacy Policy. For Brazilian users, using the service implies free, informed, and unequivocal consent to the processing of your personal data as described in this policy, in compliance with LGPD.