🔒

Privacy & Security

Plain English — no legalese. Last updated May 2026.

G Fin Tracker is a personal finance app built to help you and your household track spending, investments, and taxes. Your financial data is sensitive — here is exactly how it is stored, who can access it, and what your rights are.

🗄️

What Data We Store

When you use G Fin Tracker, the following information is stored in our database (Supabase — PostgreSQL hosted on AWS):

Account info — your email address, name, household name, and sign-in method (Google, Microsoft, or email/password)
Financial transactions — dates, payees, categories, amounts, and any notes you add
Budgets, goals, and rules — your budget categories, savings goals, and auto-categorization rules
Investment data — stock holdings, transactions, and performance history you enter
Tax data — deduction tags on transactions, retirement contributions, mileage logs, and donation records
Settings & preferences — filing status, state, feature preferences

We do not store your actual bank credentials, credit card numbers, or brokerage login information. G Fin Tracker has no connection to your bank — you import data manually via CSV or enter it directly.

☁️

Receipts & Documents — Stored in Your Cloud

Receipt images and tax documents (W-2s, 1099s, PDFs) that you upload are stored directly in your own Google Drive or OneDrive account — not in our database. We never see or store these files on our servers.

Files are uploaded to a folder you control in your personal cloud storage
Only you (and anyone you choose to share that Drive/OneDrive folder with) can access them
Our database stores only the file URL/ID, so we can display a link back to your file
Deleting your account removes the URL reference from our database, but does not delete the file from your Drive/OneDrive — you stay in control

✅ This design means your most sensitive documents — tax forms, pay stubs, receipts — never touch our infrastructure. They live in your personal cloud storage account.

👥

Who Can Access Your Data

You. When you sign in, you can only see data associated with your account. No other user can access your transactions, budgets, or any other data.

The developer / admin. As the person who built and runs this app, access to the underlying database is technically possible through the Supabase admin dashboard. This is no different from any hosted web app — the administrator of the system has access to the infrastructure it runs on. We do not access, read, or share your data except to operate the service for you.

Nobody else. Your data is not sold, shared, or used for advertising. There are no third-party analytics SDKs or trackers in this app.

🔐 All database access from the app runs server-side only — the database credentials never reach your browser. Row-Level Security (RLS) is enabled on all tables, blocking any direct API access with public credentials.

🛡️

How Your Data Is Protected

🔐

Encrypted at rest

All database data is encrypted at rest using AES-256 by Supabase on AWS infrastructure.

🔒

Encrypted in transit

All communication between your browser and our servers uses HTTPS/TLS encryption. Your data is never sent over an unencrypted connection.

🗄️

Row-Level Security

Every database table has Row-Level Security enabled. Even if someone obtained a public database key, they could not query your data.

🔑

Passwords hashed

If you use email/password sign-in, your password is hashed with bcrypt (cost factor 12) before storage. We cannot read your password — ever.

🧩

Session isolation

Your session is a short-lived JWT token. You can invalidate all active sessions instantly from Settings → Account → Sign Out All Devices.

☁️

OAuth — no password stored

If you sign in with Google or Microsoft, we never receive your password. Authentication is handled entirely by Google/Microsoft on their servers.

⚖️

Your Rights

📥

Export your data

You can download all your financial data as an Excel workbook at any time from Settings → Account → Download My Data.

🗑️

Delete your account

You can permanently delete your account and all associated data from Settings → Account → Delete Account. Deletion is immediate and irreversible. Your uploaded receipts in Google Drive / OneDrive are not affected — they remain in your personal cloud storage.

✏️

Correct your data

All data you enter can be edited or deleted directly in the app at any time.

🚪

Leave at any time

There is no lock-in. Export your data, delete your account, and you are done. No retention, no re-marketing, no lingering data.

🔗

Third-Party Services We Use

Service	Purpose	Data Shared
Supabase	Database & storage	Your financial data (encrypted)
Vercel	App hosting	Request logs only (no financial data)
Google OAuth	Sign-in (if used)	Email address only
Microsoft OAuth	Sign-in (if used)	Email address only
Google Drive	Receipt storage (if connected)	Only files you explicitly upload
OneDrive	Receipt storage (if connected)	Only files you explicitly upload

No advertising platforms, analytics trackers, or data brokers are used.

📬

Questions?

If you have questions about your data or want to request information about what is stored for your account, you can reach out directly through the app or delete your account from Settings at any time.

← Back to Settings