Skip to main content
FinBoom.Get Started

Privacy Policy

Last updated: February 2026

In short

  • We never connect to your bank or brokerage. You control what data enters FinBoom.
  • We never sell, share, or monetize your financial data. Not to advertisers, not to anyone.
  • Your data is encrypted in transit and at rest, protected by row-level security policies.
  • You can export all your data as CSV or JSON anytime.
  • You can permanently delete your account and all data in one click.

What makes FinBoom different

Most finance apps ask you to link your bank accounts, share broker credentials, or grant read access to your transactions. FinBoom takes the opposite approach:

Other appsConnect bank accounts, read transactions automatically
FinBoomYou enter data manually or import via spreadsheet. We never touch your accounts.

This is intentional. We believe your financial data is deeply personal, and no app should need access to your bank account to help you track your wealth.

What we collect

  • Account info: your name and email address (from Google sign-in or email registration). Used solely for authentication and account identification.
  • Financial data you enter: asset names, values, currencies, liabilities, income, expenses, snapshots, and goals. This is the data you choose to input. We never pull it from external sources.
  • Basic analytics: anonymous page views to understand which features are used. No personal identifiers are collected. No third-party analytics trackers.

Why we process your data

We only process your data for the following purposes:

  • Account info: to authenticate you, manage your session, and send essential account-related emails (password reset, plan changes).
  • Financial data: to calculate and display your net worth, track goals, generate insights, and create snapshots. This data is only shown back to you.
  • Analytics: to understand product usage patterns and improve the app. No personal data is used for this.

What we do NOT do

  • We never connect to your bank, broker, or any financial institution.
  • We never sell, rent, or share your data with third parties for any reason.
  • We never use your data to profile you, target ads, or build marketing segments.
  • We never store passwords in plain text. All passwords are securely hashed before storage.
  • We never collect PAN, Aadhaar, bank account numbers, or any government-issued identifiers.
  • We never use tracking cookies, advertising pixels, or third-party cookie services.
  • We never train AI models on your data or use it for any purpose other than showing it back to you.

How your data is protected

We use industry-standard security practices at every layer:

Database

PostgreSQL hosted on AWS infrastructure with disk-level encryption at rest. All connections use TLS encryption in transit.

Row-Level Security

Every database table has row-level security policies. Your data can only be accessed by your authenticated session. The database itself enforces user isolation.

Authentication

Google OAuth or email with securely hashed passwords. Session tokens are signed with expiry. We never store plain-text passwords.

Application

HTTPS enforced on all pages. Security headers on every response. Rate limiting on all API endpoints to prevent abuse.

Third-party services

We use a minimal set of third-party services. None of them receive your financial data:

  • Authentication provider: if you sign in with Google, we receive your name, email, and profile picture. No other Google data is accessed.
  • Cloud database provider: hosts your data on encrypted AWS infrastructure with row-level security as described above.
  • FX rate provider: fetches foreign exchange rates for multi-currency support. No personal data is sent in these requests.
  • Payment processor: handles Pro subscription payments. We never see or store your card details. The payment processor handles all payment data directly.
  • Hosting provider: hosts the web application. Standard server logs may be generated but contain no financial data.

Your rights

Under applicable data protection laws, including the Digital Personal Data Protection Act (DPDPA) 2023, you have the following rights:

  • Right to access: all data you enter is visible to you in the app at all times. There is no hidden data collection.
  • Right to correction: you can edit or update any of your data directly in the app.
  • Right to data portability: go to Settings and export all your data (assets, liabilities, snapshots, goals, transactions) as CSV or JSON anytime.
  • Right to erasure: one click in Settings permanently deletes your account and all associated data. Deletion is immediate and irreversible.
  • Right to withdraw consent: you may stop using FinBoom at any time and delete your account. We do not retain data after deletion.

Children's data

FinBoom is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor without appropriate consent, we will delete it promptly.

Cookies

FinBoom uses a single session cookie for authentication to keep you logged in. That is it. No tracking cookies, no advertising cookies, no third-party cookie services.

Data breach notification

In the unlikely event of a data breach affecting your personal data, we will notify you via email and report the breach to the Data Protection Board of India as required under the DPDPA 2023, within the prescribed timeframe.

Changes to this policy

If we update this policy, we will post the changes on this page with an updated date. For significant changes, we will notify you via email. Our core promise, that we never sell, share, or monetize your data, will never change.

Contact us

If you have questions or concerns about your data, reach out to us at support@finboom.app. We will respond to your inquiries within 2 weeks.