Finoa
Features Changelog Contact

Finoa

Privacy Policy

Effective Date: 5 May 2026

Finoa is a New Zealand-based budgeting service ("we", "us", or "Finoa"). We are committed to protecting your personal information in accordance with the Privacy Act 2020 (New Zealand). This policy explains what information we collect, how we use it, who we share it with, and your rights as an individual.

01

Information We Collect

Account Information

When you create an account, we collect your email address and any profile information you provide. Authentication uses secure session cookies.

Financial Data

To provide the budgeting service, we collect and store:

  • Bank account names and identifiers (if created manually)
  • Transaction data including date, amount, description, and category
  • Budget amounts and category names you create
  • CSV files you upload for import (processed and immediately deleted — not retained)

All sensitive financial data is encrypted at rest using AES-GCM encryption with a per-household key before storage.

Usage and Technical Data

We may collect standard technical data such as your IP address, browser type, and pages accessed, for security, debugging, and service improvement. This data is not linked to your financial records.

02

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Finoa budgeting service
  • Send transactional emails (billing receipts, account notices)
  • Investigate and resolve support requests
  • Comply with legal obligations under New Zealand law

We do not sell your financial data.

03

Sharing Your Information

We share your information only with trusted service providers who process it on our behalf:

Provider
Cloudflare, Inc.

We do not sell, rent, or trade your personal information with any other parties.

04

Data Storage and Security

Your data is stored on Cloudflare's infrastructure, which operates globally including data centres outside New Zealand (including the United States). By using Finoa, you consent to this overseas storage. Cloudflare stores only encrypted ciphertext — sensitive financial fields are encrypted before leaving our servers.

We use HTTPS, encrypted storage, and access controls throughout. No method of transmission or storage is 100% secure; we encourage you to use a strong, unique password.

05

Data Retention

We retain your data for as long as your account is active. If you close your account, we delete your financial data within 90 days, unless required by law to retain it.

Anonymised or aggregated data that cannot identify you may be retained indefinitely for service improvement.

06

Privacy Breach Notification

If we become aware of a privacy breach that poses a risk of serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as required by the Privacy Act 2020. We will contact you at the email address associated with your account and describe the nature of the breach, what information was affected, and the steps we are taking.

07

Your Rights

Under the Privacy Act 2020, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to correct information that is inaccurate or out of date
  • Deletion — request deletion of your account and associated data
  • Portability — export your transaction data at any time from within the app
  • Complaint — lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz

To exercise any of these rights, please contact us.

08

Cookies

We use essential session cookies required for authentication. We do not use advertising or analytics cookies. Disabling cookies will prevent you from signing in.

09

Children

Finoa is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If you believe we have done so inadvertently, please contact us immediately.

10

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 14 days before they take effect. Continued use of the service constitutes acceptance.

11

Contact Us

For privacy-related requests or questions, email us directly at hello@finoa.app. We aim to respond within 5 business days.

You may also lodge a complaint with the Office of the Privacy Commissioner at privacy.org.nz if you believe your privacy rights have been breached.