Privacy policy
Effective date: July 7, 2026
Finlume is a personal finance tracker operated by Second Profit LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA. This policy explains what information the app handles, why, and what control you have over it. The short version: your financial data is yours — we store it so the app works across your devices, we never sell it, and there are no ads and no tracking.
Information we collect
Account information. When you create an account we store your email address. If you sign in with Google, we also receive your name and profile picture from your Google account. Passwords for email-based accounts are handled by our authentication provider (Supabase Auth) and are never visible to us.
Financial data you enter. Wallets, balances, transactions, categories, tags, budgets, recurring items, and any notes you attach. Everything is entered manually by you — Finlume does not connect to your bank and never asks for bank credentials.
Sharing data. If you share a wallet, we store the email address you invite and the permission you grant, so the invitation can be delivered inside the app.
Billing. Payments for the Pro plan are processed by Stripe. Your card details go directly to Stripe and are never stored on our servers; we keep only your subscription status.
Preferences. Small display preferences (like your chosen list or table view) are stored locally in your browser, not on our servers.
What we don't do
We do not sell or rent your data. We do not show ads. We do not run analytics or tracking scripts. We do not read your financial data for any purpose other than operating the service.
How your data is used
Your data is used to provide the service: storing your records, syncing them across your devices, computing your dashboards and reports, processing your subscription, and responding when you contact us for support.
Where your data lives and how it's protected
Data is stored in a managed PostgreSQL database and authentication service provided by Supabase. Connections are encrypted in transit (TLS) and data is encrypted at rest. Access is enforced with row-level security: each account can only read and write its own records, or records explicitly shared with it. The app itself is served via Cloudflare Pages.
Third-party services
These are the only services involved in running Finlume:
Supabase — database and authentication. Google — optional sign-in only. Stripe — subscription payments. Market data providers (Alpha Vantage, Frankfurter/European Central Bank, jsDelivr currency lists) — used to fetch exchange rates and stock or crypto prices. These lookups send only ticker symbols and currency codes; they never include your identity, your amounts, or any personal data.
Wallet sharing
Sharing is always something you initiate. When you invite someone to a wallet, they can see that wallet's data (transactions, balances, and details) according to the permission you chose, and your email address is visible to them as the inviter. You can revoke access at any time from the wallet's settings, and invitees can leave at any time.
Data retention and deletion
We keep your data for as long as your account exists. You can export your data from within the app at any time, and you can permanently delete your account and all of its data from Settings. You can also email us and we will delete it for you.
Your rights
You can access, correct, export, and delete your data at any time from within the app. If you need anything beyond what the app offers — or have any question about your data — contact us at info@finlume.com.
Children
Finlume is not directed at children under 13, and we do not knowingly collect personal information from them.
Changes to this policy
If we change this policy, we will update this page and the effective date above. Meaningful changes will be announced in the app.
Contact
Questions about privacy? Email info@finlume.com or write to Second Profit LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA.