Privacy Policy

FinTarget ("we", "us", "our") is committed to protecting the privacy of all individuals who use our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services at fintarget.app.

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you are located in the European Union or United Kingdom, we also comply with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

By using FinTarget, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.

We collect the following categories of personal information:

We collect personal information in the following ways:

Directly from you — when you create an account, update your profile, enter financial data, or contact us via the contact form.

Automatically — when you use our platform, we collect technical data such as your IP address, browser type, and usage patterns through our hosting and analytics infrastructure.

From third-party services — we use Supabase for authentication. When you sign in, Supabase processes your login credentials on our behalf.

We do not collect personal information from publicly available sources or purchase data from data brokers.

We collect and use your personal information for the following purposes:

To provide our service — creating and managing your account, storing your financial data, and delivering the core features of the platform.

Authentication and security — verifying your identity when you log in, sending password reset emails, and protecting your account from unauthorised access.

Communications — sending transactional emails such as account confirmation, password reset, and email change notifications. We do not send marketing emails unless you explicitly opt in.

Platform improvement — analysing usage patterns to improve the performance, reliability, and features of FinTarget.

Legal compliance — meeting our obligations under applicable laws and regulations.

Customer support — responding to enquiries submitted via our contact form.

We share your personal information only with the third-party service providers necessary to operate FinTarget. These providers are contractually obligated to protect your data and may only use it for the specific purposes we authorise.

Supabase — provides our database, authentication, and backend infrastructure. Your account data and financial records are stored in Supabase's secure cloud environment.

Vercel — hosts our web application and serves the FinTarget platform to users globally.

Resend — delivers transactional emails such as password resets and account confirmations.

Yahoo Finance (via yahoo-finance2) — provides real-time and historical stock price data. We send ticker symbols to this service to retrieve price information. No personal data is shared.

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

Some of our third-party service providers store and process data outside of Australia. Specifically:

- Supabase stores data in servers located in the United States. - Vercel operates globally with servers in the United States and other regions. - Resend processes email delivery through servers in the United States.

By using FinTarget, you consent to your personal information being transferred to and processed in these countries. We take reasonable steps to ensure these providers maintain appropriate data protection standards consistent with Australian Privacy Principles.

You have the following rights regarding your personal information:

Access — you may request a copy of the personal information we hold about you at any time.

Correction — if your information is inaccurate or incomplete, you may update it directly in your account settings or request a correction from us.

Deletion — you may request that we delete your account and all associated personal data. Please contact us at hello@fintarget.app to make this request.

Restriction — you may request that we restrict the processing of your data in certain circumstances.

Complaints — if you believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, contact us at hello@fintarget.app.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it, including:

- All data is encrypted in transit using TLS (HTTPS). - Passwords are hashed and never stored in plain text. - Database access is protected by row-level security — your data is only accessible to your own account. - Authentication tokens are managed securely via Supabase Auth. - Access to administrative functions is restricted to authorised personnel only.

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

We retain your personal information for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it by law.

Usage logs and technical data may be retained for up to 12 months for security and debugging purposes before being deleted.

FinTarget uses cookies and similar technologies to maintain your authentication session and improve your experience on the platform.

Session cookies — used to keep you logged in during your session. These are deleted when you close your browser.

Persistent cookies — used to remember your preferences across sessions.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the platform, particularly authentication.

We do not use third-party advertising cookies or tracking pixels.

FinTarget is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@fintarget.app and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make material changes, we will notify you by email or by displaying a prominent notice on the platform.

The date of the most recent update is shown at the top of this page. Continued use of FinTarget after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Email: <a href="mailto:hello@fintarget.app" class="text-[#2255b8] hover:underline">hello@fintarget.app</a> Website: <a href="/contact" class="text-[#2255b8] hover:underline">fintarget.app/contact</a>

We will respond to all enquiries within 5 business days.

If you are located in the European Union or United Kingdom, you have additional rights under the GDPR and UK Data Protection Act 2018:

Right to erasure — you may request that we delete your personal data where there is no compelling reason for us to continue processing it.

Right to data portability — you may request a copy of your personal data in a structured, machine-readable format.

Right to object — you may object to processing of your personal data where we are relying on a legitimate interest.

Right to withdraw consent — where processing is based on consent, you may withdraw that consent at any time.

Right to lodge a complaint — you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the EU, contact your national supervisory authority.

Our legal basis for processing personal data under GDPR is: - Contract performance — processing necessary to provide the FinTarget service you have signed up for. - Legitimate interests — processing for platform security, fraud prevention, and service improvement. - Legal obligation — processing required to comply with applicable laws.