Legal

Privacy Policy

Last updated: April 14, 2026

This Privacy Policy explains how Finsharc ("we", "us", "our") processes personal data when you visit https://www.finsharc.com, use our marketing site, use our native mobile applications ("Apps") on iOS or Android, join waitlists or betas, use embedded demos, contact us, or subscribe to updates. It is designed to align with common expectations under the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and similar frameworks, and with platform rules (including Apple App Store and Google Play data-safety and permission requirements). In-product notices, permission prompts on your device, and regional supplements may provide additional detail where required by law.

1. Data controller

The data controller for personal data described in this Policy is the organization operating Finsharc under the domain referenced above. For privacy requests, contact us at info@finsharc.com.

2. Categories of personal data

Depending on how you interact with us, we may process:

  • Identity and contact data: name, email address, and any other details you include when you email us, submit waitlist or beta requests (including via web forms or mailto links), or correspond through support channels.
  • Technical and usage data: IP address, approximate location derived from IP, browser and device type, operating system, referring URLs, pages viewed, timestamps, crash or performance diagnostics, and similar data. This may be collected by our hosting provider, content delivery networks, app platforms, or analytics tools we configure.
  • Communications metadata: records of inquiries, subject lines, and message routing needed to respond and demonstrate compliance.
  • Content you create or import in the Apps: text, numbers, and files you enter or attach (for example budgets, notes, or exported data), and media you choose to provide through the camera, photo library, document picker, or file upload flows described in Section 3.
  • Audio and voice-related data: when you use features that rely on the microphone (for example voice input or voice-driven commands), we process audio signals or derived text as described in Section 3. We do not use the microphone for unrelated advertising profiling.
  • Image and visual data: when you use the camera or select images from your gallery or files (for example receipt capture or attaching images), we process the pixels or derived information you submit for the stated features in Section 3.

We do not use this website to collect full payment card numbers, government identifiers, or the contents of your financial ledgers. Financial and transaction data you store inside the Apps is processed to provide the service and is covered by this Policy together with any in-app privacy summary and your device permission choices.

3. Native mobile apps: camera, microphone, photos, and files

Our Apps may request access to your device's camera, microphone, photo library or media gallery, and files or documents (including the system file picker on iOS and Android). Access is requested only where needed for specific features (for example capturing or uploading receipt images, attaching documents, or using voice recognition / speech input). Apple and Google require a clear purpose for each permission; we describe the intended use at the time of the request and in store listings where applicable.

How it works. Permissions are typically granted or denied through your operating system. You may change or revoke permissions later in device settings; if you deny access, features that depend on that permission may be unavailable or limited. Unless a feature clearly requires continuous capture (and we disclose that in the product), we do not use the camera or microphone in the background for unrelated purposes.

Camera and gallery / files. When you take a photo, scan, or choose an image or file, we process that content to provide the feature you invoked (for example attaching a receipt, importing a document, or populating fields from an image). Images may be processed on your device and/or transmitted to our servers using encryption in transit, consistent with our security measures in Section 8. We retain such content only as long as needed for the feature, your account settings, backup or sync you enable, and legal or operational retention described in Section 7.

Microphone and voice recognition. When you use voice features, we process audio or derived transcripts to interpret your request and operate the product (for example voice entry or commands). Audio is not sold to third parties for their own marketing. Where required by law or platform policy, we rely on consent or another valid legal basis in addition to providing the service you asked for. Voice or images could incidentally reveal sensitive information (for example health-related receipts); you should only capture or upload what you are comfortable sharing, and we process such data only as needed to deliver the Apps and as permitted under applicable law, including Article 9 GDPR where special categories may be involved.

Processors and transfers. Infrastructure or AI subprocessors that help us host, secure, transcribe, or analyze content act on our instructions under agreements that require appropriate confidentiality and security. Cross-border transfers follow Section 6.

4. Purposes and legal bases (GDPR / UK GDPR)

Where GDPR or the UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract or pre-contract steps (Art. 6(1)(b)): providing the Apps and related features you request; handling waitlist and beta requests; and delivering demos or materials you ask for.
  • Legitimate interests (Art. 6(1)(f)): operating, securing, and improving the website and Apps; measuring aggregated usage; fraud prevention; defending legal claims; and internal reporting, balanced against your rights.
  • Consent (Art. 6(1)(a)): where the platform or law requires explicit consent for certain sensor or media processing, or where we use non-essential cookies or optional marketing, we will ask for consent where required and you may withdraw it at any time without affecting processing that was lawful before withdrawal (subject to retention grounds).
  • Legal obligation (Art. 6(1)(c)): retaining or disclosing information where law or competent authority requires it.

Where Article 9 GDPR applies to special categories of personal data (for example if content you upload reveals health or biometric information), we process it only when permitted by law, such as with your explicit consent, where processing is necessary for the establishment, exercise, or defense of legal claims, or another Article 9(2) ground applies, and with appropriate safeguards.

5. Cookies and similar technologies

We may use cookies, local storage, or similar technologies that are strictly necessary for the site to function, and — only if enabled — analytics or preference cookies. Where required (for example in the EEA, UK, or certain U.S. states), we will obtain consent before non-essential cookies are set and provide a way to change preferences.

6. Recipients and international transfers

We use trusted service providers (for example hosting, infrastructure, email, analytics, or speech and image processing subprocessors) who process data on our instructions. They may be located outside your country, including in countries that do not provide the same level of data protection. Where GDPR applies and data is transferred outside the EEA or UK, we use appropriate safeguards such as the European Commission's standard contractual clauses, the UK International Data Transfer Addendum, or other mechanisms recognized under applicable law.

7. Retention

We retain personal data only as long as necessary for the purposes above, including resolving disputes and satisfying legal, accounting, or reporting requirements. Technical logs are typically retained for a limited rolling period unless needed for security investigations. User-generated content (including images, audio-derived data, and attachments) is retained according to your account controls, sync or backup settings, product functionality, and applicable limitation periods. Waitlist and support correspondence is retained according to operational need and applicable limitation periods.

8. Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission over the Internet is completely secure; you should use strong passwords, keep devices updated, and avoid sending highly sensitive information by email unless encrypted channels are provided.

9. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data or completion of incomplete data;
  • Request erasure ("right to be forgotten") where grounds apply;
  • Request restriction of processing in certain circumstances;
  • Receive personal data you provided in a structured, machine-readable format (data portability) where processing is based on consent or contract and automated;
  • Object to processing based on legitimate interests, including profiling in some cases;
  • Withdraw consent where processing is consent-based, without affecting prior lawful processing;
  • Lodge a complaint with a supervisory authority in your country (for EEA residents, a list of authorities is available from the European Data Protection Board).

To exercise these rights, contact info@finsharc.com. We may need to verify your identity. If you are in California or other U.S. states with privacy laws, you may have additional rights (for example to know, delete, or opt out of certain "sales" or "sharing" of personal information as defined locally). We do not sell personal data for money; if we use advertising technology that constitutes a "sale" or "sharing" under local law, we will provide a compliant opt-out.

10. Children

Our Services are not directed to children under 16 (or the higher age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have done so, contact us and we will take steps to delete the information.

11. Financial products and regulated advice

Finsharc provides software and educational content. We are not a bank, broker-dealer, investment adviser, or insurance provider unless separately licensed and disclosed. Nothing on this website is tax, legal, investment, or accounting advice. For decisions with regulatory or financial consequences, consult qualified professionals in your jurisdiction.

12. Changes to this Policy

We may update this Policy to reflect legal, technical, or business changes. We will revise the "Last updated" date and, where required, provide additional notice (for example by email, in-app message, or a banner on the site).

This Policy is provided for transparency. Laws vary by country and sector; you should have qualified counsel review your final documents, entity name, DPO or EU representative appointments (if applicable), and any app-store or sector-specific obligations (e.g. payment rules, open banking, licensing, Apple and Google permission disclosures, and regional privacy laws).

← Back to home

Questions about this page? Contact support.

Download

Get Finsharc on your phone

Native iOS and Android builds with offline-friendly flows, widgets, and on-device intelligence. iOS is available now on the App Store, and Google Play Store is coming soon.

  • Same account across devices; business and personal profiles stay separated.
  • Updates ship through the stores — turn on auto-update for the latest fixes.
Download on theApp Store
Coming soon onGoogle Play Store

Get closer to Finsharc

Download the iOS app now, or join our community to swap tips, report rough edges, and see what we ship next. Android on Google Play Store is coming soon — private, practical, and built for real personal and business use.

Join our Community