Privacy Policy
Last Updated: July 10, 2026 · Effective Date: July 10, 2026
1. Overview & Global Compliance
Welcome to FinTrack ("we", "us", or "our"), operated by Rauell at rauell.systems. FinTrack is a personal finance tracker designed to help you aggregate, categorize, and monitor your personal transactions.
We are committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, and share your personal information. To ensure high standards of data protection globally, we have structured this policy to meet the compliance frameworks of:
- Kenya Data Protection Act, 2019 (DPA) - for users and transactions based in Kenya.
- General Data Protection Regulation (GDPR) - for users located within the European Economic Area (EEA) and the United Kingdom.
- California Consumer Privacy Act (CCPA) / CPRA - for residents of California, USA.
2. Information We Collect
We collect information that you directly provide to us, as well as transactions and SMS alerts that you route to the application.
| Category | Specific Data Items | Purpose of Processing |
|---|---|---|
| Account Profile | Email address, Full Name, Currency preference, Timezone. | Account creation, secure authentication, user identification. |
| Financial Records | Income, expenses, budget targets, savings goals, manually-created transaction history. | Populating dashboard analytics, calculating cash flows, alerts. |
| SMS Sync & Webhooks | M-Pesa, bank, or cash SMS alert text payloads (e.g. transaction code, sender/recipient name, phone number, amount, account balance, date). | Automated transaction ingestion, parsing, and categorization. |
| Technical & Usage | IP address, browser type, device identifiers, operating system, and application log files. | System security, performance monitoring, and debugging. |
3. Legal Bases for Processing (GDPR & Kenya DPA)
If you reside in the EEA, UK, or Kenya, we process your personal data under the following legal bases:
- Consent: You have given clear and explicit consent to process your personal data, specifically when configuring your automated SMS forwarder (MacroDroid) to send SMS data to the FinTrack API endpoint.
- Contractual Necessity: Processing is required to deliver the core services of FinTrack (providing your personal finance tracking dashboard and expense parsing).
- Legitimate Interests: To maintain security, troubleshoot application crashes, prevent abuse of our services, and optimize app performance.
4. Cross-Border Data Transfers
FinTrack is hosted on Supabase cloud infrastructure, with databases and servers located in regional data centers outside of Kenya and the EEA (such as the United States or Europe).
When we transfer personal data outside of Kenya or the EEA:
- We ensure that the recipient country provides an adequate level of data protection, or
- We implement appropriate safeguards, including Standard Contractual Clauses (SCCs), to protect your data, and use row-level database security policies to isolate and secure data packets.
5. Security & Row-Level Protection
Your financial records are highly sensitive, and we employ robust security standards:
- Row-Level Security (RLS): Our database restricts access to transactions on a per-user basis. No other user, including administrators without system privileges, can read or modify your database rows.
- Data in Transit: All communications between the app, webhook clients, and servers are encrypted using Secure Socket Layer/Transport Layer Security (SSL/TLS).
- No Third-Party Sharing: We do not sell, rent, trade, or share your transaction lists or personal details with any external brokers, advertisers, or third-party institutions.
6. Data Retention & Erasure
We retain your personal data only for as long as necessary to provide the services or until you request its deletion.
How to Delete Your Data:
You can delete individual accounts and all associated transactions at any time via the Linked Accounts table in the Settings page.
To delete your profile and account permanently from the database, please contact us at privacy@rauell.systems. All associated transactions, accounts, and profile info will be permanently purged within 30 days of request.
7. Your Privacy Rights
Depending on your jurisdiction (Kenya DPA, GDPR, CCPA/CPRA), you possess specific legal rights over your personal data:
You have the right to know what personal data we collect, how it is used, and who it is shared with (as detailed in this policy).
You have the right to receive a copy of your personal data in a structured, machine-readable format.
You can update your name, email, and preferences at any time directly through the Settings page.
You can request the deletion of your account and purge all transactions and webhook logs from our system.
You can object to the processing of your data. If you withdraw consent (e.g. disable SMS forwarding), we will stop collecting transactions.
We will not discriminate against you (such as charging different prices or denying service) for exercising your privacy rights.
8. Children's Privacy
FinTrack is not intended for or directed toward individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect or solicit personal data from children. If we discover that we have inadvertently collected information from a child, we will delete it immediately.
9. Contact Us
If you have any questions about this Privacy Policy, your data, or want to submit a request to access, correct, or delete your information, please reach out to us:
Data Controller: Rauell (FinTrack Operator)
Website: rauell.systems
Privacy Email: privacy@rauell.systems