Privacy Policy

1. Introduction

Free Finance Tracker (freefinancetracker.com) is a free personal finance tracking application. This privacy policy explains how your data is collected, used, and protected when you use Free Finance Tracker.

2. Data Collection

Free Finance Tracker collects and stores only the data you explicitly enter into the application:

• Account information: Your name, email address, and hashed password for authentication purposes.
• Financial data: Bank accounts, credit cards, investments, loans, bills, income, budgets, savings goals, and any other financial information you choose to track.
• Preferences: Display settings such as theme (dark/light mode), default currency, dashboard layout, and notification preferences.
• Email address: Used for account login, password recovery, and optional bill/reminder notifications if SMTP is configured.

Free Finance Tracker does not collect analytics, telemetry, usage statistics, or behavioral data of any kind.

3. Data Storage

All data you enter is stored securely on our servers. Your financial information resides in an encrypted database and is never shared with or sold to third parties.

We do not collect, transmit, or share your personal or financial data with any third party. Your data is used solely to provide you with the Free Finance Tracker service.

4. Third-Party Services

Free Finance Tracker integrates with the following external services for specific functionality:

• Finnhub API (finnhub.io) — Used to retrieve real-time and historical stock prices. Only stock ticker symbols (e.g., "AAPL", "MSFT") are sent to this service. No personal or financial data is transmitted.
• Yahoo Finance Charts — Used for embedding stock chart visualizations. Only stock ticker symbols are included in requests.
• Exchange Rate APIs — Used to fetch current currency exchange rates. Only currency code pairs (e.g., "USD/EUR") are sent. No personal data is transmitted.

These services receive only the minimum information required to function (stock symbols or currency codes). Your account balances, transaction history, personal details, and all other financial data are never shared with these services.

5. Cookies & Local Storage

Free Finance Tracker does not use tracking cookies, advertising cookies, or any third-party cookie services.

The application uses browser local storage for the following purposes:

• JWT authentication token: Stored in localStorage to maintain your login session. This token is sent only to your own account.
• Theme preference: Your dark/light mode selection is stored in localStorage so it persists between visits.
• Dashboard layout: Widget arrangement preferences may be stored locally for performance.

6. Data Security

Free Finance Tracker implements the following security measures to protect your data:

• Password hashing: All passwords are hashed using bcrypt with a cost factor of 12. Plain-text passwords are never stored.
• Two-factor authentication (2FA): Optional TOTP-based two-factor authentication compatible with Google Authenticator, Authy, and other standard TOTP applications.
• JWT authentication: API requests are authenticated using signed JSON Web Tokens with configurable expiration.
• SQL injection prevention: All database queries use parameterized prepared statements.
• XSS protection: User input is sanitized and escaped before rendering.
• CSRF protection: API endpoints validate authentication tokens on every request.

We take security seriously and continuously work to protect your data with industry-standard practices.

7. Your Rights & Data Control

You have full control over your data at all times:

• Export: You can export all of your financial data as JSON at any time from the application settings.
• Delete: You can delete your account and all associated data from within the application. This action is permanent and removes all records from the database.
• Portability: Your data can be exported in standard formats for use with other services.

8. SMTP & Email Communications

Free Finance Tracker may send email notifications for bill reminders, password resets, and account verification. Emails are sent from no-reply@freefinancetracker.com using our secure SMTP service.

• Emails are sent only for account-related purposes (verification, password reset, bill reminders, notifications you opt into).
• We will never send marketing emails or share your email address with third parties.
• You can opt out of non-essential email notifications at any time from your notification preferences.

9. Children's Privacy

Free Finance Tracker is not directed at children under the age of 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has created an account, we will promptly delete the account and all associated data.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in the application or applicable best practices. When changes are made, the "Last updated" date at the top of this page will be revised. We encourage you to review this page periodically.

11. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

• Right of access: You can request a copy of all personal data we hold about you.
• Right to rectification: You can correct inaccurate personal data directly within the application.
• Right to erasure: You can delete your account and all associated data at any time from the application settings.
• Right to data portability: You can export all your data as JSON from the application.
• Right to restrict processing: You can deactivate your account at any time.
• Right to object: You can opt out of all email notifications in your notification preferences.

Legal basis for processing: We process your data based on your consent (account creation) and legitimate interest (providing the Service you requested). We do not process data for marketing, profiling, or automated decision-making.

Data retention: Your data is retained as long as your account is active. Upon account deletion, all data is permanently removed from the database.

12. CCPA Compliance (California Users)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of the sale of personal information. We do not sell, rent, or trade your personal information to third parties.

13. Contact

If you have questions about this privacy policy, wish to exercise your data rights, or have concerns about data handling, please contact us via our feedback page or visit freefinancetracker.com.