Privacy Policy

Last updated: 2026-06-28

MyFins ("the Service") is a personal finance projection tool currently in closed beta. This policy explains what data we collect, why, who we share it with, and the rights you have over it.

The Service is operated by Arnas Goldberg ("we"). You can contact us at a.goldbergas@gmail.com for any question about your data.

What we collect

• Account data — your email, name, password hash, and any feature-flag preferences. You provide these when you sign up.
• Financial data — accounts, balances, entries, transactions, and household membership that you create inside the app. This is the data the projection engine uses.
• Session cookie — one HttpOnly cookie that keeps you signed in. No tracking cookies, no third-party advertising.
• Operational logs and error reports — when a server error occurs, technical details are sent to Sentry (see below) so we can diagnose it. We strip cookies, request bodies, and query strings from these reports before sending.

What we do with it

We use the data to run the Service: render your projection, send transactional emails (e.g. password reset), and keep your account accessible. We do not sell data and we do not use it to train any machine-learning model.

Processors we share data with

These third parties process data on our behalf so the Service can function. They are bound by their own privacy commitments.

• Vercel — hosts the application. Vercel sees incoming requests, including your IP address while you use the Service. Privacy
• Neon — Postgres database where your account and financial data are stored, encrypted at rest. Privacy
• Resend — sends transactional emails (password reset). Receives your email address and the message body. Privacy
• Sentry — receives server-side error reports. Errors do not include cookies, request bodies, or query strings. Privacy

Operator access — honest caveat

Your financial data is stored using server-managed encryption at rest. We do not implement end-to-end encryption: this means the operator (Arnas Goldberg) has the technical ability to read your data. We do not access individual users' data except to investigate a specific bug they have reported. If end-to-end privacy is important to you, do not use this Service.

Your rights (GDPR)

• Access / portability — download a JSON copy of everything we store about you from Settings → Export data, or by contacting us.
• Erasure — delete your account from Settings → Danger zone. After a 7-day grace period, your data is permanently removed from the database. You can cancel during the grace period.
• Rectification — you can edit all your data directly in the app.
• Object / restrict — contact us to limit how we process your data.
• Lodge a complaint — with your national data protection authority. For Italian users, the Garante per la protezione dei dati personali (garanteprivacy.it).

Retention

We keep your account data as long as your account exists. Deleted accounts are removed within 7 days (the grace period above). Database backups roll over within 30 days. Sentry error reports are kept for 90 days.

Changes to this policy

If we change anything material, we will update the "Last updated" date above and, where reasonable, notify signed-in users.