Privacy Policy

We collect only the information needed to provide and improve the FinPlann platform:

• Account data — name, email address, and a hashed password (or Google sign-in token for OAuth users)
• Financial inputs — figures you enter into calculators or the Financial Planner (loan amounts, income, investment values, goals)
• Planner snapshots — calculated outputs saved to your profile so you can revisit them
• Session & log data — standard web-server logs (IP address, browser type, pages visited) for security and debugging

Your data is used solely to operate FinPlann and improve your experience:

• Authenticate your account and maintain secure sessions
• Store and display your planner snapshots, calculator history, and loan records
• Enable advisor/firm workflows where you have been granted access
• Improve platform reliability, fix bugs, and understand feature usage (aggregated, never individual profiling)
• Send transactional emails (password reset, account confirmation) — never marketing without consent

Can the FinPlann team see my financial data? Your highest-risk financial values are encrypted at rest in our database using AES-128 (Fernet, AES-128-CBC + HMAC-SHA256). Specifically: income (annual income, loan EMIs), every investment's invested amount and current value, every expense amount, advisor notes about clients, your planner workspace snapshot, AI recommendations, and partial intake-form data. With direct database access these fields appear as unreadable ciphertext. Our admin panel does not display monetary amounts, account balances, or planner details.

What is not encrypted at rest: identifiers we need to look up records by (your email address, your name), category labels and free-text descriptions on expenses and investments, goal target amounts, and Stripe customer/subscription IDs. These are protected by access controls, TLS in transit, and Postgres-level access restrictions, but not by application-level field encryption. We are working to expand the encrypted set.

Encryption in transit: All data between your browser and our servers is encrypted via TLS (HTTPS) with HSTS preloading enabled. Stripe handles all payment processing — we never see or store your card number.

Key management: The encryption key is stored separately from the database, set as an environment variable on the application server, and is never committed to source control.

Passwords: Hashed using Django's industry-standard PBKDF2-SHA256. We never store plain-text passwords.

Hosting: Application and database are hosted on Railway (Google Cloud infrastructure) with SSL-encrypted database connections and automated backups.

While we use reasonable technical and organisational safeguards, no internet system is 100% secure. You are responsible for keeping your login credentials confidential.

We may share limited data with trusted service providers who help operate the platform (e.g., hosting, email delivery). These processors are bound by confidentiality obligations.

AI Recommendations: When you use the AI Action Plan feature, your financial summary (income, expenses, goals, investments) is sent to Anthropic's Claude API to generate personalised recommendations. This data is transmitted over encrypted connections and is not used to train AI models. Anthropic retains API inputs for up to 30 days solely for trust and safety monitoring. You can choose not to use this feature.

In multi-user advisor setups, administrators can view profiles they manage. Users within a shared profile have access to that profile's planner data.

We may disclose data if required by law or to protect the rights, property, or safety of FinPlann, our users, or others.

You may request at any time:

• Access — a copy of the personal data we hold about you
• Correction — update your name or email via your profile settings
• Deletion — request removal of your account and associated data, subject to legal or operational constraints

Email hello@finplann.com with "Privacy Request" in the subject line.

We use a session cookie to keep you logged in. This is a strictly-necessary cookie and does not track you across other websites.

We do not use advertising cookies, analytics cookies, or cross-site tracking. We do not integrate third-party advertising networks.