Back to home

Privacy Policy

Last updated: 15.04.2026

1. Data Controller

The data controller is OceanWeb Technologies s.r.o., registered in the Slovak Republic. Contact: info@financero.io. This Privacy Policy is drafted in accordance with Regulation (EU) 2016/679 (GDPR) and Slovak Act No. 18/2018 Coll. on Personal Data Protection.

2. Legal Basis for Processing

We process your personal data on the following legal bases under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service.
  • Legitimate interest (Art. 6(1)(f)): Service security, fraud prevention, and basic analytics.
  • Legal obligation (Art. 6(1)(c)): Compliance with tax and regulatory requirements.
  • Consent (Art. 6(1)(a)): For optional features. You may withdraw consent at any time.

3. Data We Collect

3.1 Data You Provide

  • Account data: Email address, password (bcrypt hashed).
  • Financial data: Transaction descriptions, amounts, dates, categories, account names, IBANs, bank names, saving plans, budget limits — all manually entered by you.
  • Preferences: Language, currency, date format.

3.2 Automatically Collected

  • Session data: Authentication cookies for session management.
  • Server logs: IP address, timestamps, user agent — retained 30 days.

3.3 Data We Do NOT Collect

We do not collect: real names (optional), phone numbers, physical addresses, or device fingerprints.

4. How We Use Your Data

  • Providing the Service (transactions, statistics, insights).
  • Authenticating your identity and securing your account.
  • Processing Premium payments via Stripe (see Section 6).
  • Generating Financero Insights and Financial Health analysis from your data (Premium only). Financero Insights are processed on our servers. The Financial Health (Financial Health) feature uses a third-party AI service to generate personalized financial advice — your transaction summaries and financial data are sent to the AI provider's API for analysis (see Section 6).
  • Sending essential communications (password resets, security notices).

We do NOT use your financial data for advertising or selling to third parties. Your financial data is only shared with our AI provider for the purpose of generating personalized financial advice (Premium feature, Financial Health), and is not used for training AI models. Analytics and marketing tools (see Section 9) process only anonymized website usage data.

5. Data Storage and Security

Data stored on secured EU servers. We implement: TLS 1.3 encryption, encrypted database connections, bcrypt password hashing, rate limiting, and regular security updates.

6. Third-Party Processors

  • Stripe, Inc. — payment processing (email, payment details). EU with US transfer under EU-U.S. Data Privacy Framework.
  • Google LLC — analytics via Google Analytics (anonymized usage data). EU with US transfer under EU-U.S. Data Privacy Framework.
  • Meta Platforms, Inc. — advertising measurement via Meta Pixel (browsing behavior on our site). EU with US transfer under EU-U.S. Data Privacy Framework. Meta acts as joint controller for certain data.
  • AI Provider (EU-based) — AI-powered financial analysis for the Financial Health feature (Premium only). Transaction summaries, category breakdowns, and account data are sent to the AI provider's API to generate personalized financial advice. Our AI provider is based in the EU and processes data within the EU. Data is not retained by the provider after processing. This processing occurs only for Premium users and only when the Financial Health feature is active.

All processors are bound by GDPR-compliant Data Processing Agreements. Your financial data is only shared with our AI provider for the specific purpose of generating personalized financial advice (Premium feature). We do not share financial data with any other third party. You may request the identity of our AI provider by contacting info@financero.io.

7. International Transfers

Data primarily stored in EU/EEA. Stripe, Google, and Meta may process data in the US under the EU-U.S. Data Privacy Framework.

8. Data Retention

  • Active accounts: Retained for as long as your account exists.
  • Account deletion & 30-day grace period: When you request deletion, your account is immediately deactivated and you are signed out. We retain your data for 30 days so you can restore the account via a secure link sent to your email. On day 30, all personal data — transactions, accounts, categories, recurring rules, plans, budgets, assets, attachments, and profile — is permanently and irreversibly purged from our systems. Any active Premium subscription is cancelled at that moment. If you restore your account within the grace period, no data is lost.
  • Server logs: 30 days, then purged.
  • Payment records: 10 years per Slovak Act No. 431/2002 Coll. (legal obligation). These records contain only invoice/tax data, not your financial tracking data.
  • Transaction wipe: When you use the "Wipe account transactions" action in Danger Zone, all transactions in the selected account are moved to Trash, where they are retained for 30 days before being permanently purged. You may restore them during that window from Settings → Trash.

9. Cookies and Tracking Technologies

We use the following categories of cookies and tracking technologies:

9.1 Strictly Necessary Cookies

Session cookies for authentication and CSRF protection. These are essential for the Service to function and do not require consent under the ePrivacy Directive (2009/136/EC).

9.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymized usage data including pages visited, session duration, and approximate location (country/city level). Data is processed by Google LLC under the EU-U.S. Data Privacy Framework. You can opt out via the cookie consent banner or by installing the Google Analytics Opt-out Browser Add-on.

9.3 Marketing and Advertising Cookies

We use Meta Pixel (Facebook Pixel) to measure the effectiveness of our advertising and to deliver targeted ads on Meta platforms (Facebook, Instagram). The Meta Pixel may collect data about your browsing behavior on our site, which Meta processes as a joint controller. For more information, see Meta's Privacy Policy.

9.4 Cookie Consent

In accordance with the ePrivacy Directive (2009/136/EC) and GDPR, we request your consent before placing analytics and marketing cookies. You can manage your cookie preferences at any time through the cookie consent banner or by contacting us. Strictly necessary cookies cannot be disabled as they are required for the Service to operate.

10. Your Rights Under GDPR (Articles 15-22)

  • Access (Art. 15): Request a copy of your data.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17): Request deletion ("right to be forgotten"). You can delete your own account at any time from Settings → Danger Zone. Deletion takes effect immediately and data is permanently purged after a 30-day grace period during which you can restore the account via the link in our confirmation email (see Section 8).
  • Restriction (Art. 18): Limit processing.
  • Portability (Art. 20): Receive data in machine-readable format. You can export all your transactions to CSV at any time from Settings → Data.
  • Objection (Art. 21): Object to legitimate interest processing.
  • Withdraw consent: At any time without affecting prior processing.

Contact info@financero.io. Response within 30 days per GDPR.

11. Children's Privacy

Not directed at children under 16. We do not knowingly collect data from children under 16.

12. Right to Lodge a Complaint

Slovak supervisory authority: Úrad na ochranu osobných údajov SR, dataprotection.gov.sk.

13. Changes

Material changes notified 30 days in advance via email or in-app notification.

14. Contact

OceanWeb Technologies s.r.o.
Privacy: info@financero.io
General: info@financero.io