FI Beacon ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, how it is stored, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws. By using FI Beacon you agree to the practices described below.
1. Data We Collect
We collect only the minimum data necessary to provide and improve the service. FI Beacon does not collect bank account details, IBAN numbers, nominal salaries, medical information, or any other sensitive personal data.
Account Information
When you register, we collect your email address (required). You may optionally provide a username and display name. If you sign in with Google, we receive your name and email from Google's OAuth service.
Financial Snapshots
You can record monthly savings snapshots. Each snapshot is a single numeric value representing your self-reported total savings at that point in time. We do not ask for or store transaction-level data.
Goals
You may create personal financial goals (e.g., "emergency fund", "FI target amount"). Goal data consists of a description and a target value — no sensitive financial details.
Reminders
If you enable monthly reminders, we store your reminder configuration (e.g., preferred day of month) so we can send you a notification to log your snapshot.
Subscription Metadata
When you subscribe to a paid plan, we store subscription status, plan type, and identifiers provided by our payment processor. We do not store credit card numbers, billing addresses, or other payment instrument details.
Automatically Collected Data
We may collect standard server logs including IP address, browser type, and referring URL. These logs are used for security monitoring and are not linked to your account profile.
2. How We Use Data
Provide the Service
Your account information, snapshots, goals, and reminders are used to operate FI Beacon's core features — the dashboard, FI calculations, goal tracking, and reminder notifications.
Improve the Experience
Aggregated, anonymised usage data may be used to understand how the application is used and to prioritise future improvements. We do not sell or share personal data with third-party advertisers.
Communicate with You
We may send transactional emails related to your account (e.g., email verification, password reset, reminder notifications). You can disable optional notifications at any time.
3. Payment Processing
All payments are processed through DodoPayments, our Merchant of Record. When you subscribe to a paid plan, you are redirected to a secure checkout page hosted by DodoPayments. Your payment details (credit card, billing address) are collected and processed entirely by DodoPayments; they are never transmitted to or stored on our servers.
We receive only the information necessary to manage your subscription: a subscription identifier, plan type, and current status. For details on how DodoPayments handles your payment data, please refer to their privacy policy.
4. Data Storage
Your data is stored in a PostgreSQL database hosted on secure, managed infrastructure. All communication between clients and servers is encrypted via HTTPS/TLS.
Access to production infrastructure is restricted to authorised personnel and protected by strong access controls. Database backups are encrypted and retained according to our operational procedures.
We retain your data for as long as your account is active. If you delete your account, all associated data is permanently removed in accordance with our deletion process (see Your Rights below).
5. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR) and similar data protection laws, you have the following rights regarding your personal data:
Right of Access
You can request a copy of the personal data we hold about you at any time.
Right to Data Export
You can export all of your personal data in a machine-readable format directly from the application.
Right to Deletion
You can delete your account and all associated data. Account deletion is permanent and requires a confirmation code for security.
Right to Correction
You can update or correct your personal information — including your profile, snapshots, and goals — at any time through the application.
To exercise any of these rights, use the relevant features within the application or contact us at the address provided below.
6. Cookies
FI Beacon uses a limited number of cookies, each serving a specific purpose:
| Type | Purpose | Details |
|---|---|---|
| Authentication | Keep you signed in | Session and refresh-token cookies are essential for the application to function. They are set when you log in and removed when you log out. |
| Analytics | Understand usage patterns | We may use first-party or privacy-focused analytics cookies to collect anonymised usage statistics. No personally identifiable information is tracked. |
| Payment (third-party) | Process subscriptions | DodoPayments may set cookies during the checkout flow. These cookies are governed by DodoPayments' own cookie policy and are not controlled by FI Beacon. |
You can manage cookie preferences through your browser settings. Disabling essential authentication cookies will prevent you from signing in.
7. Security
We take the security of your data seriously and implement the following measures:
- HTTPS everywhere — all data in transit is encrypted using TLS.
- Access control — production infrastructure access is restricted and audited. API endpoints enforce authentication and authorisation.
- Secure password storage — passwords are hashed using industry-standard algorithms. We never store passwords in plain text.
- Bot protection — authentication flows are protected by CAPTCHA (Cloudflare Turnstile) to prevent automated abuse.
- Minimal data collection — by design, we collect only non-sensitive, self-reported data, reducing the impact of any potential breach.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
9. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us through the contact page on this website.