Privacy Policy

Fintrackau ("we", "us", "our") is committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what data we collect, how we use it, and your rights as a user.

1. What Data We Collect

• Account information: Your full name and email address, collected at registration.
• Transaction metadata: Transaction date, amount, merchant name, and category — uploaded by you via CSV or manual entry.
• Receipt images: Photos or scans of receipts you upload for OCR processing.
• Usage data: Pages visited, features used, and session timestamps, collected via server-side logs and session tracking for service improvement. We do not use third-party advertising cookies.
• Payment information: Subscription billing is handled by Stripe — we do not store credit card numbers.

2. What We Do NOT Collect

• Credit card or debit card numbers (full card numbers are never stored).
• Bank account numbers (only masked last 4 digits may be stored if you use bank sync).
• Passwords stored in plaintext — all passwords are hashed using bcrypt before storage.
• Government identifiers such as Tax File Numbers (TFN) or Medicare numbers.

3. How We Store Your Data

• Encryption at rest: All data is stored using AES-256 encryption on AWS (Amazon Web Services) in the ap-southeast-2 (Sydney) region.
• Encryption in transit: All communications between your browser and our servers use TLS 1.2 or higher.
• Access controls: Access to production data is restricted to authorised personnel only, using least-privilege principles.
• Two-Factor Authentication: We offer TOTP-based 2FA for your account to add an extra layer of security.
• Data breach notification: In the event of a data breach likely to result in serious harm to affected individuals, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme.

4. Data Retention

• Receipts and transactions are retained for as long as your account is active.
• Upon account closure, your account enters a 14-calendar-day grace period to allow recovery in the event of accidental closure. During this period your data remains intact and your account can be reinstated by contacting us. After 14 days, all personal data — including transactions, receipts, and account information — is permanently and irreversibly deleted.
• We retain a hashed device fingerprint for up to 12 months after account closure, solely to prevent abuse of the free trial. This fingerprint is non-reversible, cannot identify you, and is not linked to any of your personal data.
• You may request immediate deletion of your data at any time by contacting us at support@fintrackau.com (see Section 8).

5. Third Parties

We use the following third-party services to operate Fintrackau:

• Stripe: Payment processing for subscriptions. Stripe is PCI-DSS compliant. Their privacy policy applies to payment data. We never see your full card details.
• Google Gemini AI: Used to generate market insights (electricity, mobile, internet, credit card comparisons). No personally identifiable information (PII) is sent to Gemini. Only general market queries are made.
• AWS: Cloud infrastructure hosting, located in Sydney (ap-southeast-2).

We do not sell your personal information to any third party.

6. Your Rights

Under the Australian Privacy Act, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or out-of-date personal information.
• Request deletion of your account and associated data.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your data.

To exercise any of these rights, contact us at support@fintrackau.com.

7. Not Financial Advice

Fintrackau is a financial management tool, not a licensed financial advisor. We are not an Australian Financial Services Licensee (AFSL). All insights, recommendations and estimates provided by Fintrackau are for informational purposes only and do not constitute financial advice. Always consult a qualified financial advisor or accountant before making financial decisions.

8. Contact Us

For privacy-related enquiries, requests, or complaints, please contact:
Fintrackau Support
Email: support@fintrackau.com

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by a notice on our website. Continued use of Fintrackau after changes constitutes acceptance of the updated policy.