Privacy Policy for FinSum

Effective Date: December 23, 2025
Last Updated: December 23, 2025

1. Introduction

Welcome to FinSum ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the application.

2. Information We Collect

2.1 Personal Information

Account Information: Email address, password, and user preferences
Profile Data: User-created categories, budget settings, and financial goals
Authentication Data: Secure login credentials and biometric authentication data (stored locally)

2.2 Financial Information

SMS Transaction Data: We automatically read SMS messages from supported Ethiopian banks to extract transaction information
Transaction Records: Amount, date, merchant, transaction type, and account balance information
Bank Information: Supported bank identifiers and transaction patterns
Budget Data: User-defined budgets, spending limits, and financial categories

2.3 Technical Information

Device Information: Device model, operating system version, unique device identifiers
Usage Analytics: App usage patterns, feature utilization, and performance metrics
Log Data: Error logs, crash reports, and diagnostic information

2.4 Backup Information

Local Backups: Transaction data stored locally on your device
Cloud Backups: Encrypted backup data stored in Google Drive (optional, user-controlled)

3. How We Use Your Information

3.1 Primary Functions

We are not collecting user data to our database. The data collect is store on the users device. Transaction Processing: Automatically categorize and analyze SMS-based bank transactions
Financial Analytics: Provide spending insights, budget tracking, and financial summaries
Data Synchronization: Sync your financial data across app sessions
Backup Services: Create secure backups of your financial data

3.2 Service Improvement

App Enhancement: Improve app functionality and user experience
Bank Pattern Updates: Update SMS parsing patterns for better transaction recognition
Performance Optimization: Monitor and improve app performance and reliability

3.3 Communication

Administrative Messages: Send important updates about the service
Budget Notifications: Alert you about budget limits and spending patterns
Security Alerts: Notify you of important security-related events

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, trade, or rent your personal financial information to third parties.

4.2 Limited Sharing

We may share your information only in the following circumstances:
Service Providers: With trusted third-party services (Firebase, Google Drive) that help us operate the app
Legal Requirements: When required by law, court order, or government regulation
Security Purposes: To protect against fraud, security threats, or illegal activities
Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification)

4.3 Aggregated Data

We may use and share aggregated, anonymized data that cannot identify individual users for research and improvement purposes.

5. Data Security

5.1 Security Measures

Encryption: All sensitive data is encrypted both in transit and at rest
Firebase Security: Utilizes Google Firebase's enterprise-grade security infrastructure
Local Security: Biometric authentication and secure local storage
Access Controls: Strict access controls and authentication requirements

5.2 Data Protection

Secure Transmission: All data transmission uses industry-standard encryption protocols
Regular Updates: Regular security updates and vulnerability assessments
Incident Response: Established procedures for security incident response

6. Your Rights and Choices

6.1 Data Access and Control

Account Access: View and manage your account information within the app
Data Export: Export your financial data in standard formats
Data Deletion: Request deletion of your account and associated data
Backup Control: Choose whether to enable cloud backup features

6.2 Communication Preferences

Notifications: Control which notifications you receive
Marketing: Opt-out of promotional communications (we currently don't send marketing emails)

6.3 SMS Permissions

SMS Access: You can revoke SMS reading permissions at any time through device settings
Manual Entry: Continue using the app with manual transaction entry if SMS access is disabled

7. Data Retention

7.1 Retention Periods

Active Accounts: Data retained while your account is active and for legitimate business purposes
Inactive Accounts: Data may be retained for up to 2 years after account inactivity
Legal Requirements: Some data may be retained longer to comply with legal obligations

7.2 Data Deletion

Account Deletion: When you delete your account, we will delete your personal data within 30 days
Backup Data: Cloud backup data will be deleted according to your backup service settings
Legal Retention: Some data may be retained as required by law or for legitimate business interests

8. International Data Transfers

8.1 Data Location

Primary Storage: Data is primarily stored on servers located in secure data centers
Firebase Infrastructure: Utilizes Google's global infrastructure with appropriate safeguards
Compliance: All transfers comply with applicable data protection laws

9. Children's Privacy

9.1 Age Restrictions

Minimum Age: Our service is not intended for children under 13 years of age
Parental Consent: We do not knowingly collect personal information from children under 13
Discovery: If we learn we have collected information from a child under 13, we will delete it promptly

10. Changes to Privacy Policy

10.1 Updates

Notification: We will notify users of material changes to this Privacy Policy
Effective Date: Changes become effective on the date specified in the updated policy
Continued Use: Continued use of the service after changes constitutes acceptance

11. Contact Information

11.1 Privacy Questions

If you have questions about this Privacy Policy or our data practices, please contact us:
Email: simonkasahun@gmail.com
Address: Addis Ababa, Ethiopia
Response Time: We will respond to privacy inquiries within 30 days

11. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing includes:
Contract Performance: Processing necessary to provide the financial management service
Legitimate Interests: Improving our service and ensuring security
Consent: Where you have provided specific consent for certain processing activities
Legal Obligations: Compliance with applicable laws and regulations

12. Ethiopian Data Protection

12.1 Local Compliance

Ethiopian Laws: We comply with applicable Ethiopian data protection and privacy laws
Local Data: Financial data from Ethiopian banks is processed in accordance with local banking regulations
User Rights: Ethiopian users have the same privacy rights as outlined in this policy

13. Third-Party Services

13.1 Integrated Services

Firebase: Google Firebase for authentication, database, and analytics
Google Drive: Optional cloud backup service
Play Services: Google Play Services for app functionality

13.2 Third-Party Policies

These services have their own privacy policies, which we encourage you to review.
---
Note: This Privacy Policy is designed to be transparent about our data practices. We are committed to protecting your financial privacy and will continue to update our practices to meet the highest standards of data protection.