‹ Fynr

Privacy Policy

Last updated: 2026-05-08

1. Who we are

Fynr (fynr.app) is a personal-finance web app operated by Michael Ottiger, a private individual resident in Switzerland (the “data controller” under GDPR Art. 4(7) and the Swiss FADP). For privacy questions or data-subject requests reach us at info@fynr.app.

Fynr is a free, hobby-scale personal service. It is provided “as-is” with no warranty or fitness for any particular purpose. See the Terms of Service for details.

2. What data we collect

We collect only what's needed to make the app work:

  • Identity — email, name and avatar URL provided by Google when you sign in via our auth provider Auth0.
  • Financial entries you create — accounts, transactions, categories, budgets, plans, goals, recurring templates, asset values and notes. This is the core of what the app exists to do.
  • Receipt images you upload — stored encrypted at rest in Cloudflare R2; only retrievable by members of your workspace.
  • Profile preferences — display name, address aliases, income source patterns, language, theme and currency choices.
  • Workspace membership — which workspaces you belong to, the role you have in each, and any invites you've sent.
  • Audit log — per-action records (who, what, when, truncated IP, user-agent) used to detect abuse and let you see who changed what in shared workspaces. IPs are truncated before storage.
  • Push subscription endpoints — if you opt in to notifications, the URL/keys your browser issues. No content of notifications is logged beyond delivery status.
  • Session cookies — a signed authentication cookie (stash-session), a short-lived OAuth state cookie (stash-pkce), and two preference cookies for active workspace and display currency. We do not use any analytics, tracking or advertising cookies.

3. Why we process it (legal basis)

  • Contract performance (GDPR Art. 6(1)(b)) — storing and processing your financial entries so the app can do what you asked it to do.
  • Legitimate interests (Art. 6(1)(f)) — the audit log, rate limiting, and abuse detection necessary to keep the service secure for you and other users.
  • Consent (Art. 6(1)(a)) — push notifications, only when you explicitly enable them in Settings.

4. Who we share it with

We do not sell or rent your data. We use these processors:

  • Cloudflare, Inc. — hosting (Workers), database (D1), object storage (R2), key-value (KV). Servers globally; data is replicated within their network. Cloudflare's privacy policy.
  • Auth0 / Okta — identity provider. They handle the Google OAuth handshake and tell us your email + name. Their privacy policy.
  • Google LLC (Gemini API) — receipt OCR. When you upload a receipt, the image is sent to Google's Gemini API to extract the amount, merchant, date and suggested category. Google does not use API content for model training under their commercial API terms. Their API terms. If you do not want any image to leave our servers, do not use the receipt scanner — manual entry is always available.
  • Open ER-API — daily FX rates. We send no user data; we only fetch their public exchange-rate endpoint.
  • Mozilla / Apple / Google Push Services — if you enable push notifications, the relevant browser vendor's push gateway delivers our payload to your device. Payloads are end-to-end encrypted with keys generated in your browser; the gateway sees only routing metadata.

We do not share data with advertisers, brokers, or analytics providers.

5. International transfers

Cloudflare and Auth0 store data on servers worldwide. Where data leaves the EEA/Switzerland it does so under the Standard Contractual Clauses (SCCs) those vendors maintain. By using the service, you accept this transfer.

6. How long we keep it

  • While your account is active — we keep your data so the app continues to work.
  • After you delete your account — user record, workspaces you own, transactions, receipts and push subscriptions are deleted within 30 days. Audit-log rows referencing you are anonymised (your user_id replaced with a tombstone) but retained for up to 12 months for abuse forensics, then deleted.
  • Backups — Cloudflare D1 retains automated backups for up to 30 days; deleted data persists in those backups for that duration before being overwritten.

7. Your rights

Under GDPR / Swiss FADP you have the right to:

  • Access the data we hold about you (Settings → Data Export gives you a JSON dump).
  • Correct inaccurate data (edit it directly in the app).
  • Delete your account and all associated data (Settings → Delete account).
  • Restrict or object to processing — email us.
  • Receive your data in a portable format — the export above is JSON.
  • Withdraw consent for push notifications at any time (Settings → Notifications).
  • Lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC, edoeb.admin.ch), or with your local EU supervisory authority.

8. Security

We use HTTPS everywhere, signed JWT session cookies marked HttpOnly + Secure + SameSite=Lax, CSRF protection, per-IP and per-user rate limits, SQL parameterisation, a strict Content Security Policy, encrypted Web Push payloads, and signed receipt URLs scoped to workspace membership. No system is perfectly secure; if we discover a breach affecting your data we will notify you and the FDPIC within 72 hours per GDPR Art. 33.

9. Children

Fynr is not intended for users under 18. We do not knowingly collect data from children. If you believe a child has signed up, contact us at info@fynr.app and we will delete the account.

10. Changes to this policy

We may update this policy. Material changes will be announced in-app before they take effect. The “last updated” date at the top of this page always reflects the current version.

11. Contact

Privacy questions: info@fynr.app.