Plain-English Summary: FinCommand is a personal finance tool. Your financial data stays in your own browser (localStorage) and is optionally synced to your private cloud account. We do not sell your data, share it with advertisers, or use it for any purpose other than providing the service to you. You own your data and can export or delete it at any time.
FinCommand ("we", "us", "our") is a personal finance platform operated as a private business. Our service is accessible at fincommand.net. For questions about this policy, contact us at [email protected].
We are based in Canada and comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Where our users are located in the European Economic Area, we also comply with the General Data Protection Regulation (GDPR). For users in California, we comply with the California Consumer Privacy Act (CCPA).
When you create an account, we collect:
If you sign in with Google, we receive your email address and name from Google. We do not receive your Google password or phone number.
FinCommand processes personal financial data that you voluntarily enter, including:
This data is stored locally in your browser (localStorage) by default and optionally synced to your private cloud account. It is never analyzed, sold, or shared with third parties.
We collect limited usage data to improve the service and understand how features are used:
We do not use session recording, heatmaps, or invasive analytics tools.
When you use the Import Statement feature, you upload CSV or PDF files from your bank or credit card. These files are processed locally in your browser — the raw file content is never transmitted to our servers. Only the parsed transaction data (date, description, amount, category) is stored in your browser's localStorage and optionally synced to your account.
If you use the AI Advisor feature, your conversation messages are sent to Anthropic's Claude API via FinCommand's secure server-side proxy. Your messages are never sent directly from your browser to Anthropic — they pass through FinCommand's infrastructure first, where your subscription token is validated before the request is forwarded. Conversations are stored in your browser's localStorage. Please do not include sensitive personal information (SIN, account numbers, passwords) in AI conversations. Refer to Anthropic's Privacy Policy for their data handling practices.
We use your data solely to provide and improve the FinCommand service:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing the service | Account info, financial data you enter | Contract performance |
| Account authentication | Email, password hash, OAuth tokens | Contract performance |
| Cloud sync across devices | Financial data (encrypted in transit) | Consent (opt-in feature) |
| Sending account emails | Email address | Contract performance |
| Product improvement | Anonymized usage patterns | Legitimate interest |
| Security & fraud prevention | IP address, session data | Legitimate interest |
| Legal compliance | As required by law | Legal obligation |
We do not use your data for advertising, profiling, or any purpose not listed above. We do not sell your data to third parties.
By default, all your financial data is stored in your browser's localStorage — a private, sandboxed storage area on your own device. This data does not leave your device unless you explicitly choose to sync it to your account or export a backup file.
When you are signed into your FinCommand account, your financial data is synced to Supabase, our cloud database provider. Your data is:
We implement the following security measures:
No method of electronic transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.
FinCommand uses the following third-party services to operate. Each has its own privacy policy:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase | Authentication, cloud database | Email, name, financial data (your account data only) | supabase.com/privacy |
| Cloudflare | Hosting, CDN, API proxy | IP address, request metadata | cloudflare.com/privacypolicy |
| Financial Modeling Prep (FMP) | Real-time stock quotes, financial data | Stock ticker symbols you look up (no personal data) | financialmodelingprep.com |
| Anthropic (Claude) | AI Advisor feature | Messages you send to the AI Advisor | anthropic.com/privacy |
| Google (Gemini) | AI Advisor feature (optional) | Messages you send to the AI Advisor | policies.google.com/privacy |
| Alpha Vantage | Stock earnings data (if user provides key) | Stock ticker symbols (no personal data) | alphavantage.co/privacy |
| Google Fonts | Typography | IP address (standard web font request) | policies.google.com/privacy |
We do not share your financial data with any of the above services except Supabase (which stores it for your cloud sync). Stock data services only receive ticker symbols — never your account balances or personal information.
If you choose to sign in with Google, you will be redirected to Google's authentication page. We receive the following information from Google after successful authentication:
We do not receive your Google password, phone number, contacts, calendar, or any other Google account data. The information received from Google is used solely to create and authenticate your FinCommand account.
By signing in with Google, you also agree to Google's Terms of Service and Privacy Policy. You can revoke FinCommand's access to your Google account at any time through your Google Account permissions settings.
FinCommand's use of Google user data is limited to the practices described in this privacy policy and complies with the Google API Services User Data Policy, including the Limited Use requirements.
The following API keys belong to FinCommand and are stored securely as server-side environment secrets in Cloudflare. They are never exposed to your browser:
Some optional features allow you to provide your own API keys for enhanced functionality (e.g., Alpha Vantage for additional earnings data). If you choose to provide these:
You can delete any stored keys at any time from the Settings section of the app.
FinCommand uses browser localStorage (not traditional cookies) to store your data and preferences. localStorage is a standard browser feature that stores data on your device only — it is not transmitted with every request like cookies are.
We use the following types of browser storage:
| Type | Purpose | Can You Delete It? |
|---|---|---|
| localStorage (financial data) | Stores your budget, net worth, stock, and retirement data locally | Yes — via browser settings or the Export & Clear option in the app |
| localStorage (auth tokens) | Stores your login session tokens so you stay signed in | Yes — signing out clears these automatically |
| localStorage (preferences) | Stores your theme, UI settings, and module preferences | Yes — via browser settings |
| Cloudflare cookies | Security and performance (set by Cloudflare infrastructure) | Yes — via browser settings |
We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.
Local data: Financial data stored in your browser's localStorage persists until you clear your browser data or explicitly delete it from within the app. It is entirely under your control.
Cloud data: Financial data synced to your account is retained for as long as your account is active. If you delete your account, all associated cloud data is permanently deleted within 30 days.
Account data: Your email address and account information are retained for as long as your account is active. Upon account deletion, your personal information is removed from our systems within 30 days, except where retention is required by law.
Usage logs: Session logs (open timestamps) are retained for up to 12 months for product improvement purposes, then deleted.
Backup files: If you export a backup file, that file is downloaded entirely to your device. We do not retain a copy.
You have the following rights regarding your personal data:
You can export all your financial data at any time using the Export All Data feature in the Backup section. This downloads a complete JSON file of everything stored in your account.
You can edit or correct any data you have entered directly within the app at any time.
You can delete your account and all associated data by contacting us at [email protected]. We will process deletion requests within 30 days. You can also clear your local browser data at any time through your browser settings.
You can sign out at any time, which stops cloud sync. You can revoke Google OAuth access through your Google Account settings at any time without affecting your FinCommand account.
If you are located in the European Economic Area, you have additional rights under GDPR including the right to object to processing, the right to restriction, and the right to lodge a complaint with a supervisory authority. Contact us at [email protected] to exercise these rights.
California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at [email protected].
Canadian users have the right to access their personal information and to challenge its accuracy. You may contact our privacy officer at [email protected] with any privacy-related inquiries or complaints.
FinCommand is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at [email protected] and we will promptly delete the information.
Users between 13 and 18 should use FinCommand only with parental or guardian consent.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of FinCommand after changes take effect constitutes acceptance of the updated policy. If you disagree with the changes, you may delete your account before they take effect.
Previous versions of this policy are available upon request by contacting [email protected].
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:
Email: [email protected]
Website: fincommand.net
We aim to respond to all privacy-related inquiries within 5 business days.