Privacy Policy

Last Updated: July 25, 2025

This Privacy Policy explains how Fynk collects, uses, shares, and protects your personal information when you visit our website at getfynk.io, use our mobile application, or engage with us in other related ways, including customer support, feedback, or promotional events.

IMPORTANT: Fynk helps you track your subscriptions and cut the waste. We analyze your existing bank transaction data to find recurring payments and help you take action, but we do not process payments, conduct financial transactions, or act as a financial institution.

By using Fynk, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

1. Information We Collect

Information You Provide Voluntarily: When you create an account, we collect your email address, name, and authentication method (such as Google or Apple Sign-In). If you contact support, we collect your name, email address, and the contents of your message. If you subscribe or purchase, while payments are handled via third parties (such as Apple, Google, RevenueCat), we may collect transaction metadata but not your full payment details.

By requesting a Subscription Cancellation service, you authorize Fynk to act as your limited agent and contact your service provider to cancel your subscription. We will provide account verification details, including but not limited to your full name, service address, account number, payment verification, security code, or other security credentials, to validate the account with the service provider. If necessary for our agents to represent that they are the account holder, you consent to such representation solely to perform the Subscription Cancellation.

Information Collected Automatically: We automatically collect device and usage data, including your IP address, browser type, operating system, device model and identifier, mobile advertising identifier (IDFA on iOS, AdID on Android, used for analytics, personalization, and advertising), and general location. We collect analytics data such as session information, including screen views, feature usage, app crashes, timestamps, and diagnostic logs through services like Firebase, Amplitude, AppsFlyer, and web2wave.com. We use cookies and similar technologies to improve your experience and analyze app usage. In mobile applications, we may send push notifications for subscription reminders, price changes (including trial endings), cancellation confirmations, and marketing offers. You can manage notification preferences through device settings.

Financial Information via Third Parties: IMPORTANT: We do not directly access or store your banking credentials.

With your explicit consent, we use secure third-party APIs (such as Quiltt.io or Basiq, certified open banking providers) to connect to your financial institutions and retrieve bank account metadata (account name, account type, institution name), historical transaction data (dates, merchants, amounts, descriptions), recurring payment patterns for subscription identification, and account balance information when available and with your consent.

Key protections: You provide credentials directly to the certified banking provider, not to us. We do not store, access, or have visibility into your banking passwords. All financial data transmission is encrypted using bank-level security protocols. We only access data necessary for subscription tracking and analysis. You can revoke access to your financial data at any time.

2. How We Use Your Information

Fynk is designed to help users track their subscriptions and cut the waste by securely analyzing financial transaction data. Our smart tech understands your subscriptions through integrations with certified third-party APIs such as Quiltt.io or Basiq, and helps you take action without the hassle.

Core Service Functions: To create and manage your account, to securely connect your financial accounts via third-party APIs for analysis, to analyze transaction patterns and identify recurring payments and subscriptions, to help you review where your money is going each month, to provide cancellation instructions for each service or assist with cancellation requests, and to help you stay on top of your subscriptions and cut the waste.

Business Operations: To manage billing and entitlements for in-app purchases, to respond to your inquiries and provide customer support, to send service-related updates and administrative communications, to improve, secure, and debug our products and services, and to ensure platform security and prevent fraud.

Legal Compliance: To comply with applicable legal obligations and regulatory requirements and to respond to lawful requests from authorities when required.

We do NOT: Process payments or financial transactions, act as a bank or financial institution, provide financial advice or recommendations, share your financial data for advertising or marketing purposes, or sell your personal information to third parties.

3. Legal Basis for Processing (EU/EEA Users)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds: consent when you explicitly agree to connect your financial accounts or receive marketing communications, contractual performance to provide our subscription tracking and analysis services, legitimate interest to improve our services, ensure security, and prevent fraud provided your rights are not overridden, and legal obligation to comply with applicable laws and regulations.

You may withdraw your consent at any time where processing is based on consent.

4. Information Sharing and Disclosure

We may share your information with:

Service Providers and Partners: Technology Providers: Firebase (analytics and hosting), RevenueCat (subscription billing), Amplitude (usage analytics), AppsFlyer (mobile analytics), web2wave.com (analytics). Financial Data Providers: Quiltt.io, Basiq, or other certified open banking APIs (only the data necessary for account connection). Infrastructure Providers: Cloud hosting, security, and data processing services.

Legal Requirements: Authorities when required by law, court order, or government request. Legal Protection to protect our rights, property, or safety, or that of our users or others.

Business Transfers: Corporate Transactions in connection with a merger, acquisition, or sale of assets, subject to equivalent privacy protections.

We do NOT: Sell, rent, or trade your personal information to third parties, share your financial data for advertising purposes, or provide your data to data brokers or marketing companies.

5. Data Security and Protection

We implement industry-standard security measures to protect your information:

Technical Safeguards: Encryption of all data in transit (TLS/SSL) and at rest (AES-256), access controls with role-based access with multi-factor authentication, secure APIs where all integrations use secure, certified financial data providers, and regular security audits including ongoing vulnerability assessments and penetration testing.

Financial Data Protection: Bank-Level Security where all financial data connections use the same security standards as your bank, No Direct Banking Access as we never store or access your banking credentials, Tokenized Connections where financial data access is managed through secure tokens that can be revoked anytime, and Regular Connection Monitoring with automated detection of suspicious access patterns.

Data Minimization: We collect only the minimum data necessary for our services, financial data is processed and stored only as long as needed for subscription analysis, and automated deletion of outdated transaction data per retention policies.

While we implement robust security measures, no method of transmission or storage is 100% secure. We continuously monitor and improve our security practices.

6. International Data Transfers

Your personal information may be processed in countries outside of your home jurisdiction, including the United States. When data is transferred internationally, we implement appropriate safeguards: Standard Contractual Clauses approved by the European Commission for EU data transfers, adequacy decisions for transfers to countries with adequate data protection levels, binding corporate rules for internal data protection standards for global operations, and service provider agreements with contractual protections with all international service providers.

7. Data Retention

We retain your information according to the following principles:

Account Data: Active accounts are retained while your account is active and for a reasonable period afterward. Inactive accounts may be archived after 2 years of inactivity. Deleted accounts have personal data deleted within 30 days of the account deletion request.

Financial Data: Transaction data is retained for up to 7 years for subscription tracking and analysis. Connection tokens are retained while account connections are active. Aggregated data may be retained indefinitely in anonymized form for service improvement.

Legal and Security Data: Audit logs are retained for 3 years for security and compliance purposes. Legal disputes may require extended retention where necessary for legal proceedings.

You may request deletion of your data at any time, subject to legal and security requirements.

8. Your Privacy Rights

All Users: You have the right to access (request a copy of your personal data), correction (update or correct inaccurate information), deletion (request deletion of your personal data), data portability (receive your data in a portable format), opt-out (unsubscribe from marketing communications), and account deactivation (close your account and associated data).

California Residents (CCPA/CPRA): California residents have additional rights: Right to Know (categories and specific pieces of personal information collected), Right to Delete (request deletion of personal information), Right to Correct (request correction of inaccurate personal information), Right to Opt-Out (we do not sell or share personal information, but you can request opt-out), and Right to Non-Discrimination (equal service regardless of privacy rights exercise).

To exercise California rights, email support@getfynk.io with "California Privacy Request" in the subject line.

EU/EEA Residents (GDPR): European residents have the right to access and portability (receive a copy of your data in machine-readable format), rectification (correct inaccurate or incomplete data), erasure (request deletion of your personal data), restriction (limit processing of your data), objection (object to certain types of processing), withdraw consent (revoke consent for voluntary data processing), and lodge complaints (file complaints with your local data protection authority).

Contact support@getfynk.io to exercise GDPR rights.

Financial Data Controls: You also have specific controls over your financial data: revoke access (disconnect financial accounts at any time through the app), selective access (choose which accounts to connect), data refresh (control how often we update your financial data), and connection monitoring (view when and how your financial data is accessed).

9. Children's Privacy

Fynk is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have collected data from someone under 18, please contact us immediately, and we will delete such information promptly.

10. Third-Party Links and Services

Our app may contain links to third-party websites or services. This Privacy Policy does not apply to those external services. We encourage you to review the privacy policies of any third-party services you use.

11. Do-Not-Track Signals

Currently, there is no universally accepted standard for Do-Not-Track (DNT) signals. We do not respond to DNT signals, but provide you with various privacy controls throughout our services. We will update this policy if DNT standards are established.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our services or business practices, updates in applicable laws and regulations, and improvements in our data protection practices.

Notification Process: Minor Changes are posted on our website with an updated "Last Updated" date. Material Changes receive notice via email, in-app notification, or prominent website notice. Effective Date means changes take effect on the posted date unless otherwise specified.

We encourage you to review this Privacy Policy regularly to stay informed about our privacy practices.

13. Contact Us

Data Protection Inquiries: Email: support@getfynk.io Subject Line: Privacy Request

For urgent privacy concerns or data security incidents, please use the priority contact method specified above.

This Privacy Policy is designed to be transparent about our data practices while providing you with meaningful controls over your personal information. If you have questions about any aspect of this policy, please don't hesitate to contact us.


Stay in the Loop with Fynk

Subscribe to our newsletter for smart article picks, updates, and tips—delivered fresh to your inbox.

Legal

Privacy Policy

Terms of Use

Stay in the Loop with Fynk

Subscribe to our newsletter for smart article picks, updates, and tips—delivered fresh to your inbox.

Legal

Privacy Policy

Terms of Use

Stay in the Loop with Fynk

Subscribe to our newsletter for smart article picks, updates, and tips—delivered fresh to your inbox.

Legal

Privacy Policy

Terms of Use