Privacy Policy

Last updated: May 2025

1. Information We Collect

Finance Forecast collects only the information necessary to provide the service. This includes:

  • Your name and email address when you register
  • Financial data you enter (invoices, income, expenses, clients, projects)
  • Your settings and preferences (currency, tax rate, starting balance)
  • Usage metadata (login times, feature usage counts)

We do not collect bank account details, payment card information stored on our servers, or any data from external financial institutions. All financial figures are entered manually by you.

2. How We Use Your Information

Your information is used solely to:

  • Provide and operate the Finance Forecast dashboard and features
  • Generate cashflow forecasts, tax estimates, and financial summaries
  • Send AI-generated insights when you request them (if OpenAI is connected)
  • Send transactional emails (password reset, account notifications)
  • Process subscription payments via Stripe (if you upgrade to a paid plan)

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. AI Features

If you use AI insights, a summary of your anonymised financial data (aggregate totals, counts — not raw transactions) is sent to OpenAI's API to generate responses. This data is processed in accordance with OpenAI's privacy policy. You can choose not to use AI features at any time.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway (or your configured hosting provider). Passwords are hashed using bcrypt and are never stored in plain text. Database connections use SSL. We take reasonable technical and organisational measures to protect your data, but no system is 100% secure.

5. Cookies and Sessions

We use session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics. The only cookie stored is a secure, HTTP-only session token required for authentication.

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all associated data is permanently deleted from our systems within 30 days. You may request deletion of your data at any time by contacting us.

7. Your Rights

You have the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data (available via CSV export in the dashboard)
  • Withdraw consent to AI processing at any time

8. Third-Party Services

We use the following third-party services:

  • Railway — infrastructure and database hosting
  • Stripe — payment processing for paid subscriptions
  • Resend — transactional email delivery
  • OpenAI — AI insight generation (optional, only when you request it)

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a notice in the dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related enquiries, please contact the operator via the contact details provided in your purchase or deployment documentation.

← Back to home