Finance Manager Logo

Privacy Policy

Effective: 01 January 2025

Last Reviewed: 06 November 2025

1) Who we are and scope

This Privacy Policy explains how FinanceMe collects, uses, discloses, and protects personal information when you use our web or mobile services, and it applies to all users unless a region‑specific addendum states otherwise.

This policy is written to be clear, layered, and easy to navigate; where relevant, regional rights and disclosures (e.g., Malaysia PDPA and US California) are highlighted for transparency.

2) Notice at collection (summary of categories, purposes, retention)

We collect: account identifiers (name, email, profile image, account ID), user‑submitted finance data (income, bills, loans, investments, goals, QR codes/receipts), and technical data (device, IP for currency detection, session/auth tokens, feature usage).

Purposes include: providing and securing the service, personalization (currency detection), support, service analytics and improvement, and required legal compliance.

Retention: account data is retained while the account is active; deleted accounts are removed within 30 days and backups within 90 days; security logs and incident records may be retained longer where the law requires or to protect the service.

We do not sell or "share" personal information for cross‑context behavioral advertising; if that ever changes, we will provide an opt‑out mechanism before any such activity begins.

3) Personal data we collect

Account Information: name, email, optional profile image, and an identity provider account identifier used for authentication.

Financial Data You Provide: income, bills and commitments, loan details, freelance projects and earnings, investment holdings/transactions, financial goals/targets, and uploaded QR codes/payment receipts.

Usage and Technical Data: device/browser, operating system, IP address solely for currency detection, session/auth tokens, and feature usage patterns for support and improvement.

4) How we use personal data

  • Provide and Operate the Service: store, display, and compute over your finance data at your direction.
  • Personalization: detect likely currency from your approximate location signal (IP) to set defaults.
  • Security and Abuse Prevention: authenticate users, maintain access controls, detect anomalous activity, and protect accounts.
  • Support and Communications: respond to inquiries, send service notices, status, and policy updates.
  • Improvement and Quality: analyze aggregated or de‑identified usage to improve performance and features.
  • Compliance: meet legal obligations and enforce terms, including incident logging and audit trails.

5) Legal bases or permissions (where required)

We rely on: performance of a contract (to deliver the service you requested), consent (where you opt in, e.g., certain communications), legitimate interests (security, improvement, fraud prevention proportional to your privacy), and legal obligations.

Where consent is the basis, you may withdraw it at any time without affecting prior lawful processing, and we provide a simple contact channel to do so.

6) Data retention

  • Active Accounts: retained while your account is active to provide the service.
  • Deleted Accounts: deleted within 30 days of your deletion request; backups are purged within 90 days thereafter.
  • Security/Incident Records: retained for the minimum period necessary to investigate, comply, and prevent recurrence as required by law and security standards.

7) Recipients and international transfers

Service Providers (categories): identity/authentication, cloud hosting and database, price data retrieval, IP geolocation, customer support, and error logging; providers only receive what is necessary to deliver their contracted services.

Cross‑Border Transfers: personal data may be processed in jurisdictions where providers operate, subject to safeguards; under Malaysia's amended PDPA, transfers are permitted to countries with substantially similar protection, with exceptions based on consent, contract necessity, or protection of vital interests.

From 1 April 2025, Malaysia's cross‑border transfer regime allows transfer on an equivalence basis and recommends transfer impact assessments or appropriate safeguards per forthcoming guidance; this policy will be updated to reflect final guidance.

8) Security

We implement administrative, technical, and physical measures aligned to recognized standards, including encryption in transit and at rest where supported, access controls, least‑privilege, vulnerability and dependency management, and vendor due diligence.

Users should protect credentials and enable available security controls; no security program can guarantee absolute protection, but we strive to mitigate risks proportionately.

9) Data breaches and incident response

If we become aware of a personal data breach, we will assess risk, contain and remediate, and notify the appropriate authority and affected users where required.

Under Malaysia's updated PDPA, organizations must notify the Commissioner within 72 hours and affected individuals within seven days where there is a risk of significant harm; we maintain a breach register consistent with those requirements.

10) Your privacy rights

You can request access, correction, deletion, restriction/objection (where available), portability of certain data, and withdrawal of consent via the contact below; verification steps may apply, and we will respond within applicable timelines.

Malaysia will introduce a statutory portability right and mandatory breach notifications from June 2025; we will honor local rights that apply to you based on your residency and law.

11) California residents (CPRA)

We provide a "notice at collection" and disclose categories, purposes, and retention; we do not sell or "share" personal information for cross‑context advertising, and we do not use sensitive personal information to infer characteristics or for targeted advertising.

California residents may request access, correction, deletion, and portability; if our practices change to include selling or sharing, we will offer opt‑out links and related controls before any such activity begins.

12) Children's privacy

The service is not directed to children under 13, and we do not knowingly collect personal information from children; if you believe a child has provided data, contact us to remove it.

Where local law sets a higher age for certain activities, we will apply the higher standard in that jurisdiction.

13) Cookies and tracking

We use essential cookies or equivalent storage strictly for authentication, session continuity, and core functionality.

We do not use advertising pixels or cross‑site tracking, and any analytics rely on aggregated or de‑identified usage for service improvement only.

14) App marketplace alignment

This policy reflects the data types and purposes disclosed in our app marketplace listings and is kept in sync with those disclosures.

If there is any discrepancy, the most restrictive applicable disclosure controls how we handle your data until the inconsistency is resolved.

15) Changes to this policy

We will post updates here, set a new Effective Date, and notify via in‑app notice or email for material changes; continued use after the Effective Date constitutes acceptance.

Archived versions or a change log are available on request for transparency.

16) Contact

Data protection contact and rights requests: support@financeme.cc

If and when a Data Protection Officer is appointed under Malaysia's PDPA amendments, the DPO's contact details will be published in this section.

By using FinanceMe, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.