F
Finora

Privacy Policy

Last updated: April 2026

Who We Are

Finora ("we", "our", "us") is a personal finance and expense tracking app operated by Finora (get-finora.com). Our registered contact is hello@get-finora.com.

What Finora Does

Finora is an expense tracking app that reads your bank SMS messages (Android only) and Gmail transaction emails to automatically log your expenses. We extract only structured data — amounts, merchant names, dates — and never store the raw content of your messages on our servers.

Data We Collect

  • Email address — for account creation and login via OTP verification.
  • Transaction data — amounts, merchant names, dates, and categories extracted from SMS and email. Raw SMS/email text stays on your device only.
  • Subscription and billing data — managed by RevenueCat and/or Razorpay. We store only your subscription status and tier — not card or payment details.
  • App usage — anonymous feature usage analytics (screens visited). No financial data is included in analytics.

Data We Never Collect

  • Full SMS message content is never sent to our servers
  • Email body content is never stored on our servers
  • Bank account numbers, card numbers, or UPI PINs
  • Contacts, photos, or location data

How Your Data Is Stored

All transaction data is stored locally on your device first (SQLite). If you enable cloud sync, your structured transaction data (amounts, merchants, dates, categories) is synced to our secure database hosted on Supabase with row-level security — meaning only you can access your own data. All data is encrypted in transit (TLS 1.2+) and at rest.

SMS & Email Access

SMS (Android only): We request READ_SMS and RECEIVE_SMS permissions to detect bank transaction alerts. Parsing happens entirely on your device. The raw SMS text is stored locally and never transmitted.

Gmail: We use Google OAuth to access your Gmail account with read-only scope limited to transaction-related emails. Email content is parsed on-device. Only extracted transaction fields are stored.

Third-Party Services

  • Supabase — database and authentication infrastructure
  • RevenueCat — mobile subscription management
  • Razorpay — payment processing (web subscriptions)
  • Google — Gmail OAuth (read-only access to email)

Each third party is bound by their own privacy policies and applicable data protection laws.

Data Sharing

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes. Data is shared with third-party processors only as necessary to operate the service (e.g., authentication, payments).

Data Deletion

You can delete your account and all associated data at any time from Settings → Delete Account. This permanently removes your data from both your device and our servers within 30 days. You can also export your data as CSV before deletion. For data deletion requests, email privacy@get-finora.com.

DPDP Act Compliance

Finora complies with India's Digital Personal Data Protection Act, 2023. We process your data only for the stated purpose of expense tracking. You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Withdraw consent at any time

For any data-related requests, contact privacy@get-finora.com.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of Finora after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email privacy@get-finora.com