Privacy Policy

This Privacy Policy describes how Encephalon, operator of Fin Pulse ("we," "us," "our"), collects, uses, and protects your information when you use our personal budgeting and expense tracking application. It applies to all users worldwide, including those in the EU/EEA (GDPR) and California (CCPA). By using Fin Pulse you consent to the practices described here.

Account & Identity

• Email address, hashed password, display name, preferred currency, and locale settings.

Financial & Transaction Data

• Manually entered transactions: amounts, dates, categories, notes, and receipt images you attach.
• Budget configurations, savings goal parameters, and EMI/loan calculator inputs.

Device & Usage Analytics

• Device type, OS version, app version, and crash/error logs (for debugging).
• Aggregated feature interaction and session analytics (collected in pseudonymised form) to improve the App.
• Push notification tokens (if you enable notifications).

Location Data

• Coarse country/region data for currency and locale auto detection.
• Precise location only if you explicitly grant permission for a specific feature (e.g., tagging a transaction to a nearby merchant). You may revoke this at any time in your device settings.

We use your data to:

• Create and manage your account and deliver all App features, including budgets, reports, and bank sync.
• Process premium subscription payments and manage your plan.
• Send transactional emails (verification, password reset, receipts) and in-app alerts (budget warnings, bill reminders) — only if you enable them.
• Analyze anonymized usage patterns and diagnose crashes to improve performance and build new features.
• Detect and prevent fraud, enforce our Terms, and comply with applicable laws.

We do not use your financial data for advertising, sell it to data brokers, or allow third-party advertisers to target you based on your financial behavior.

We do not sell your personal data. We share it only in these limited circumstances:

• Service Providers: Trusted vendors (cloud hosting, crash analytics, payment processors, push notification services) who process data on our behalf under strict data processing agreements. Payment processors handle billing only and never receive your financial transaction data.
• Open Banking Partners: If you connect a bank account, your credentials are processed directly by the third-party Open Banking provider (e.g., Plaid). That provider's privacy policy governs their handling of your banking credentials. We only receive read-only transaction and balance data.
• Legal Disclosures: We may share data if required by law, court order, or government authority, or to protect the rights and safety of Encephalon or our users.
• Business Transfers: In a merger or acquisition, your data may transfer to the acquiring entity under the same privacy protections. We will notify you before this occurs.

Retention

• Account and transaction data is retained while your account is active and deleted or anonymized within 30 days of account deletion.
• Legal and compliance records are retained as required by applicable law (typically 5–7 years).
• You can export all your data in CSV format at any time before deleting your account.

Security Measures

• All data in transit is protected by TLS/SSL encryption. Sensitive cloud data is encrypted at rest.
• Passwords are stored using strong one-way hashing; we cannot retrieve your password.
• App-level access is protected by your PIN or biometric (fingerprint/Face ID) lock.
• Internal access to user data is restricted to authorized personnel on a need-to-know basis.

No method of electronic transmission is 100% secure. In the event of a data breach we will notify affected users in accordance with applicable law.

Depending on your location, you have the right to access, correct, delete, or export your personal data; restrict or object to processing; withdraw consent at any time; and lodge a complaint with your local data protection authority (EU/EEA users). California residents also have rights under the CCPA including the right to know what data we hold and to request its deletion. We do not sell personal data, so opt-out-of-sale rights do not apply.

To exercise any right, email us at encephalon01.tech@gmail.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Fin Pulse is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us at encephalon01.tech@gmail.com and we will promptly delete it.

As a global service, your data may be processed in countries with different data protection laws. We ensure appropriate safeguards (such as Standard Contractual Clauses for EEA transfers) are in place for all cross-border data transfers.

We may update this Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before they take effect, and the Effective Date will be updated accordingly. Continued use after the effective date constitutes acceptance.

For privacy questions, data requests, or concerns:

Email: encephalon01.tech@gmail.com
App: Fin Pulse · Data Controller: Encephalon

We aim to respond within 5–10 business days.