Privacy Policy of Finluna Budget Manager

Last Updated: June 16, 2026 | Effective Date: June 16, 2026

1. Introduction & Acceptance

This Privacy Policy governs all data collection, storage, usage, disclosure, and protection activities of Finluna Budget Manager (hereinafter referred to as “Finluna”, “our app”, “we”, “us”, or “our”), a personal financial bookkeeping and expense tracking mobile application distributed via Google Play Store.

By downloading, installing, registering an account, accessing, or using Finluna on any Android device, you fully acknowledge, understand, and consent to the data handling rules outlined within this Privacy Policy. If you disagree with any terms below, you must uninstall the app immediately and cease all usage.

This policy complies with Google Play Developer User Data Policy, Google Play Data Safety disclosure standards, the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Children’s Online Privacy Protection Act (COPPA), and global regional data protection laws applicable to mobile financial applications.

Finluna is a lightweight personal finance tool focused on local-first expense recording. We prioritize minimizing sensitive financial data transmission to cloud servers and strictly separate user private transaction records from third-party advertising or tracking systems.

2. Data We Collect & Collection Purpose

2.1 Data You Voluntarily Submit

  • Account identity information: Email address (for account registration, login, password recovery, cloud sync), display nickname (optional)
  • Financial transaction data: Income/expense amount, transaction category, payment method, transaction notes, custom budget rules, recurring bill records
  • Receipt media data: Photos, screenshots of receipts, invoices, bank statements uploaded by you for expense matching (stored locally by default)
  • User feedback data: Text, device information submitted via in-app support contact forms

2.2 Automatically Collected Device & Technical Data

  • Device metadata: Android OS version, device model, screen resolution, app installation version, unique advertising ID (opt-out available)
  • Anonymous crash & performance logs: Aggregated error reports to fix app bugs; logs contain no raw financial transaction content
  • Local storage identifiers: Encrypted local database key for offline data storage

2.3 Data We Do NOT Collect

  • Full bank account numbers, credit card CVV, bank login credentials, social security numbers, tax identification numbers
  • Real-time precise geographic location (no background location tracking)
  • Device contact list, call logs, SMS records (no permission requests for these groups)

3. Handling Financial & Receipt Data

All your financial transaction records and receipt images are stored on your local device storage by default. Cloud synchronization is an optional feature that you manually enable; cloud sync only activates after your explicit opt-in confirmation.

  • Local storage: Transaction databases are encrypted with AES-256 algorithm on your phone’s internal storage; Finluna cannot read local records without your device access.
  • Cloud sync storage: If you turn on cross-device sync, your encrypted financial data is transmitted to our secure cloud servers over TLS 1.3 encrypted channels. Receipt photos are compressed and encrypted before cloud upload.
  • Receipt photo usage: Uploaded receipt images are solely used for your personal expense reference and OCR text extraction (to auto-fill transaction amounts). We never extract financial details from receipts for advertising or resale purposes.
  • Offline mode support: Full bookkeeping functionality works without internet connection; no local financial data is auto-uploaded to servers in offline status.

4. How We Use Collected Data

We only process your personal and financial data for limited, declared purposes, and will not repurpose data outside the scope below without separate explicit consent:

  1. Core service delivery: Create your user account, store expense records, generate budget reports, enable cross-device cloud synchronization, process receipt OCR recognition.
  2. App maintenance & optimization: Resolve app crashes, fix functional defects, optimize performance for different Android device models.
  3. Account security: Send password reset emails, detect abnormal login activities, prevent unauthorized account access.
  4. User support: Respond to your inquiries, troubleshoot sync failures, resolve feedback requests submitted via support channels.
  5. Compliance verification: Fulfill legal obligations under Google Play policies and global data protection regulations.

We will not use your financial transaction data to send targeted advertisements, nor sell your financial records to any third-party commercial organizations.

5. Third-Party Data Sharing & Disclosure

Finluna limits third-party data sharing to essential service providers only. All third-party partners sign data processing agreements requiring strict data encryption and non-disclosure rules.

5.1 Authorized Service Providers

  • Cloud hosting vendor: Secure server storage for optional cross-device sync data; vendor cannot decrypt your encrypted financial records.
  • Email delivery service: Send account verification, password recovery, and policy update notification emails.
  • Crash analytics SDK (Google Firebase): Collect anonymous aggregated crash logs; SDK does not access transaction database content.

5.2 Legal Mandatory Disclosure

We may disclose your data if required by valid court orders, government regulatory requests, or necessary to protect our legal rights, user safety, and platform compliance with Google Play rules.

5.3 Strict Prohibitions

We never sell, rent, trade, or license your personal financial data, email addresses, receipt images, or transaction history to advertisers, marketing agencies, data brokers, or unrelated third-party companies.

6. Data Storage & Retention Policy

  • Account lifecycle retention: Your account data and synced financial records are retained while your Finluna account remains active.
  • Post-deletion retention: After you submit a full account deletion request via in-app settings, all cloud-stored data, encrypted transaction records, and receipt files are permanently erased within 30 calendar days. Local device data deletion requires manual removal via app storage clear or full uninstall.
  • Aggregated anonymous analytics: De-identified performance crash logs are retained for a maximum of 12 months for product optimization, then fully purged automatically.
  • Backup retention: Encrypted cloud backups are retained for up to 90 days for disaster recovery; backups cannot be accessed by internal staff without decryption keys controlled by you.

7. Data Security Protection Measures

We implement industry-standard technical and administrative safeguards to protect your sensitive financial data against unauthorized access, leakage, modification, or destruction:

  • Transmission encryption: All data upload/download uses TLS 1.3 end-to-end encryption.
  • Storage encryption: Local database and cloud synced files adopt AES-256 symmetric encryption algorithm.
  • Access control: Internal team access to cloud servers is restricted with multi-factor authentication and role-based permission limits.
  • Regular security audits: Quarterly vulnerability scanning of cloud infrastructure and application codebase.
  • Data breach response protocol: If an unauthorized data exposure incident occurs, we will notify affected users and relevant regulatory authorities within 72 hours per legal requirements.

Please note that no digital storage or internet transmission system can guarantee absolute 100% security; you shall take reasonable steps to protect your device login credentials and Finluna account password.

8. Your General Data Privacy Rights

Regardless of your residential region, you possess the following controllable rights for your personal data stored within Finluna:

  1. Right to Access: Request a full export copy of all your account, transaction, and receipt data in readable digital format.
  2. Right to Rectification:Edit, correct, or update incorrect financial records, account nickname, and email address inside the app settings page.
  3. Right to Erasure: Submit an account deletion request to permanently remove all cloud-stored personal and financial data.
  4. Right to Restrict Processing: Disable cloud sync, turn off anonymous crash analytics collection via app privacy settings.
  5. Right to Data Portability: Export all expense data as CSV spreadsheet files for local backup.
  6. Right to Withdraw Consent: Revoke your permission for optional data collection features at any time through in-app privacy controls.

All data right requests can be submitted via the “Privacy Support” contact channel listed in Section 13; we will respond to valid requests within 30 business days.

9. CCPA Rights for California Resident Users

If you are a resident of California, United States, you hold additional rights under the California Consumer Privacy Act (CCPA/CPRA):

  • Right to know: Request full disclosure of categories of personal data collected, used, and shared in the past 12 months.
  • Right to delete: Demand permanent deletion of all personal data we hold about you, subject to limited legal retention exceptions.
  • Right to opt-out of sale: We do not sell any personal financial data, so no opt-out procedure is required.
  • Right to non-discrimination: We will not restrict core app functionality if you exercise your CCPA privacy rights.

You may authorize a designated agent to submit CCPA data requests on your behalf with verified identity documentation.

10. GDPR Rights for EEA / United Kingdom / Switzerland Users

For users residing within the European Economic Area, United Kingdom, or Switzerland, the GDPR applies to all your personal data processing activities. Beyond the general rights listed in Section 8, you hold the right to object to data processing based on legitimate interest grounds.

When processing your data for cloud sync and app optimization services, the legal basis for processing includes your explicit consent and the performance of our service contract with you. You have the right to lodge a formal complaint with your local data protection supervisory authority if you believe we violate GDPR data protection rules.

Cross-border data transfers outside the EEA/UK use European Commission approved Standard Contractual Clauses (SCCs) to maintain equivalent data protection standards.

11. Children’s Privacy (COPPA Compliance)

Finluna Budget Manager is designed and marketed for users aged 13 years or older. We do not knowingly collect personal identifiable information from children under 13 years of age without verifiable parental consent as required by COPPA.

If you are a parent or guardian and discover your minor child has submitted personal or financial data to Finluna without your approval, contact our privacy support team immediately. We will permanently delete all related child account data within 14 days upon verified parental request.

12. Policy Modifications & Update Notices

We reserve the right to revise or update this Privacy Policy periodically to adapt to updated Google Play policies, new legal regulatory requirements, or app functional adjustments.

  • Material changes (adjustments to financial data storage, third-party sharing rules) will be notified via in-app pop-up alerts and registered account emails at least 14 days before the updated policy takes effect.
  • Minor wording corrections or format adjustments will update the “Last Updated” date at the top of this page without separate advance notice.
  • Your continued use of Finluna after the effective date of revised terms constitutes acceptance of the updated Privacy Policy.

13. Privacy Support & Contact Information

For all privacy-related inquiries, data access/delete requests, regulatory compliance questions, or data breach reports, reach our dedicated privacy team via the contact method below:

App Name: Finluna Budget Manager

Privacy Support Email: privacy@finluna.app

Developer Entity: Finluna Tech

Response Timeframe: All valid privacy requests processed within 30 calendar days

Please include your registered account email and brief description of your privacy request in all correspondence for faster identity verification and processing.