Legal
Privacy Policy
Your privacy matters. Here's how FinTrack collects, uses, and protects your personal and financial data.
Effective Date: March 24, 2026 · Last Updated: March 31, 2026
FinTrack ("we", "our", or "us") operates the FinTrack personal finance management application (the "App") available on the Google Play Store and as a web application at fintrack.pk. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.
1. Information We Collect
We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This includes:
- Account information: Name, email address, and password (encrypted)
- Financial data: Income, expenses, budgets, goals, and transaction descriptions you manually enter or import
- Usage information: App preferences, notification settings, and feature usage patterns
- Device information: Device type, operating system version, and app version (for troubleshooting)
2. Mobile App Data Collection
When you use our Android mobile application, we may additionally collect:
- Local storage: Transaction data is cached locally on your device using SQLite for offline access. This data remains on your device and syncs with our servers when connectivity is available.
- Authentication tokens: Encrypted JWT tokens stored securely on your device for automatic login.
- File imports: When you import bank statements (CSV/TXT), the file is uploaded to our server for processing and is not stored permanently after import.
3. Notification Access (Auto-Detect Feature)
Our mobile app includes an optional "Auto-Detect Transactions" feature that uses Android's Notification Listener Service. When enabled:
- The app only reads notifications from banking and payment apps (such as Meezan Bank, SadaPay, NayaPay, JazzCash, EasyPaisa, HBL, UBL, and similar financial apps).
- Notification data is processed locally on your device to extract transaction amounts and descriptions.
- We do not read, store, or transmit notifications from non-financial apps (social media, messaging, email, etc.).
- Extracted transaction data (amount, type, description) is saved to your FinTrack account.
- This feature is entirely optional and can be enabled or disabled at any time from the app settings.
- You must explicitly grant "Notification Access" permission in your Android device settings for this feature to work.
We do not use notification data for advertising, analytics, or any purpose other than creating transaction records in your personal FinTrack account.
4. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our personal finance management services
- Process and display your financial transactions, budgets, and goals
- Generate financial reports and spending analytics for your personal use
- Send notification alerts (budget limits, goal milestones) based on your preferences
- Send optional weekly financial summary emails
- Provide customer support and respond to your inquiries
- Detect and prevent fraud or unauthorized access
5. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- All data transmission uses HTTPS/TLS encryption
- Passwords are hashed using bcrypt (never stored in plain text)
- Authentication uses JWT tokens with short expiry and secure refresh mechanisms
- Mobile app stores sensitive data (tokens) in Android's EncryptedSharedPreferences
- Database access is restricted and uses parameterized queries to prevent SQL injection
- Regular security reviews and updates
6. Data Storage and Retention
- Your data is stored on secure servers hosted by Hostinger.
- We retain your data for as long as your account is active.
- You may request deletion of your account and all associated data at any time.
- Local data cached on your mobile device is cleared when you log out or uninstall the app.
7. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- With your explicit consent
- To comply with legal obligations or valid legal processes
- To protect our rights, privacy, safety, or property
- With payment processors (PayFast and/or Stripe) for subscription management — their respective privacy policies apply to payment data
8. Third-Party Services
Our app uses the following third-party services:
- PayFast: For payment processing (subscription plans) for Pakistani users. We do not store your card information — it is handled entirely by PayFast.
- Stripe: For international payment processing (subscription plans). We do not store your credit card information — it is handled entirely by Stripe.
- Google Play Store: For app distribution on Android devices.
We do not use any third-party analytics, advertising, or tracking SDKs in our mobile app.
9. Your Rights
You have the right to:
- Access your personal information through your profile settings
- Correct inaccurate data at any time
- Export your transaction data (CSV export available)
- Request deletion of your account and all associated data
- Opt-out of email notifications and weekly summaries
- Disable the Auto-Detect feature at any time
- Revoke Notification Access permission through Android device settings
10. Children's Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: