Legal

Privacy Policy

Last updated: 3 July 2026

This Privacy Policy explains how Arkadiusz Szczepkowicz, operating as a sole proprietorship (jednoosobowa działalność gospodarcza) registered in Poland ("we", "us", "our", or the "Company"), processes information in connection with the Finance Bay application (the "App"). It is written to comply with the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA, and other applicable privacy laws worldwide.

Finance Bay is designed to be privacy-conscious: your portfolio and financial records are stored on your own device, and we do not require an account. However, the App does use a small number of third-party services for stability, security, analytics, payments, and optional features, and those involve limited processing of personal data as described below. This Policy describes that processing honestly and in full.

This Policy should be read together with our Terms of Service.

1. Who we are (Data Controller)

For the processing described here, the data controller is:

Full business registration details (tax identification/NIP, business register number/REGON, and registered address) are set out in our Terms of Service and in the public Polish business register (CEIDG).

For some processing, third parties act as independent controllers (for example, Apple for payments). This is indicated below.

We have not appointed a Data Protection Officer, as we are not required to do so under Article 37 GDPR. Privacy enquiries can be directed to the contact above. Information about supervisory authorities appears in Section 20.

2. Our privacy commitments

In short — what we do not do:

The sections below explain, in full, the limited data that is processed and why.

3. Data you keep on your device

Your User Data — the portfolios, positions, transactions, holdings, dividends, custom assets, tax settings, and notes you enter or import — is synchronised across your own devices through Apple iCloud / CloudKit using your personal Apple Account.

We do not receive, collect, or store your User Data on our own servers. It remains under your control on your device and in your private iCloud storage, which is governed by Apple's Privacy Policy. We cannot access the contents of your iCloud data.

Please do not enter special-category data (such as health, biometric, racial, religious, or similar sensitive information) into free-text fields. The App is not intended to process such data, and we do not knowingly do so.

4. Information processed when you use the App

Beyond the User Data above, the following limited information is processed through third-party services and our own infrastructure:

a. Crash, error, and performance diagnostics (Sentry)

To keep the App stable, we use Sentry for crash reporting, app-hang detection, and limited performance monitoring. When the App crashes, hangs, or encounters a failed network request, Sentry may process:

Crash reports do not include screenshots or snapshots of the App's screen content. Sentry data is processed on Sentry's infrastructure in the United States. See Sentry's Privacy Policy.

b. Product analytics (PostHog)

In TestFlight and App Store builds, we use PostHog to understand how features are used so we can improve the App. PostHog may process:

For attribution purposes, this pseudonymous PostHog identifier may be associated with your subscription record (see Section 4c). We do not use this data for cross-app or cross-site advertising tracking. PostHog data is hosted on PostHog's European Union infrastructure (eu.i.posthog.com). You can turn analytics and diagnostics off at any time — see Section 13 (Your choices and controls). See also PostHog's Privacy Policy.

c. Subscriptions and purchases (Apple & RevenueCat)

Purchases are processed by Apple through your Apple Account; we never receive or store your payment-card details. We use RevenueCat to manage subscription status and entitlements. In this context the following may be processed:

If you request a refund, RevenueCat may share certain consumption data with Apple to support Apple's refund decision (for example, account age, total amount paid, number/amount of prior refunds, and platform). This is subject to Apple's and RevenueCat's privacy policies. Apple acts as an independent controller for payment processing.

d. App security and network infrastructure

The App communicates with our backend at api.financebay.app, which proxies market-data requests and secures the API. To protect the service against abuse, the App uses Apple's DeviceCheck and App Attest to verify that requests come from a genuine, untampered instance of the App. In this process we may process:

Our backend keeps limited security logs (such as IP address and request metadata) generated by these protective measures for up to one month, to detect and prevent abuse, after which they are deleted. We do not retain server logs containing your financial or portfolio data. This data is used for security, fraud prevention, and delivering the data you request, and not to identify you personally or build advertising profiles.

e. Market data

When you view prices, quotes, charts, dividends, earnings dates, news, or benchmarks, the App requests market data from third-party providers (including Financial Modeling Prep) via our backend. These requests transmit the ticker or asset identifiers you look up, together with the network metadata in Section 4d. They do not include your identity.

f. Device permissions: Calendar and Notifications

5. Cookies, SDKs, and similar technologies

Finance Bay is a native app and does not use website cookies. It uses on-device storage (such as system preferences/UserDefaults and the Keychain) and the third-party software development kits (SDKs) named in this Policy, which may store identifiers on your device for the purposes described. You can clear most of this by deleting the App.

Because the App is not a web browser, legacy "Do Not Track" browser signals do not apply; however, we honour the Global Privacy Control (GPC) signal where applicable (see Section 16), and we do not engage in the cross-context tracking those signals are designed to limit.

6. Legal bases for processing (GDPR)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

ProcessingLegal basis
Crash/diagnostics (Sentry); product analytics (PostHog); securing our APILegitimate interests (Art. 6(1)(f)) — to keep the App stable, secure, and improving. You may object or opt out (Sections 12–13).
Providing subscriptions and managing entitlementsPerformance of a contract (Art. 6(1)(b))
Calendar and Notification accessConsent (Art. 6(1)(a)), which you may withdraw at any time via your device settings
Complying with legal, tax, and accounting obligationsLegal obligation (Art. 6(1)(c))

Where local law requires consent for analytics or diagnostics SDKs, we will rely on consent to the extent required, and you can use the in-app controls in Section 13 to opt out.

7. How we use information

We use the limited information above to: operate and secure the App; diagnose and fix crashes and bugs; understand and improve feature usage; process and validate subscriptions; deliver the market data you request; and comply with law. We do not sell your personal information, and we do not use it for cross-context behavioural advertising.

We may also create and use aggregated or de-identified information — which cannot reasonably be used to identify you — to analyse usage and improve the App. We will not attempt to re-identify such information.

8. Communications

We send only service-related (transactional) communications that are necessary to operate the App — for example, important notices about the App, your subscription, or changes to these policies. We do not send marketing or promotional emails or push notifications. Any notification the App sends (for example, a notice before a free trial ends) is generated locally on your device, and you can turn notifications off at any time in your device settings.

9. Who we share information with (processors and recipients)

We share data only with the service providers needed to run the App. Each is bound by its own terms and, where acting as our processor, by a data-processing agreement:

RecipientRolePurposeLocation
AppleIndependent controller / processorApp distribution, payments, iCloud sync, push, attestationGlobal / US
RevenueCatProcessorSubscription managementUS
SentryProcessorCrash & error diagnosticsUS
PostHogProcessorProduct analytics (TestFlight/App Store)EU
Financial Modeling PrepProcessor / sourceMarket dataUS

We may also disclose information where required by law or valid legal process, to enforce our Terms, to protect the rights, safety, or property of users or others, or in connection with a merger, acquisition, or other business transfer (in which case we will provide notice and this Policy will continue to apply, or you will be informed of any new policy).

Links to third-party content. The App may display links to third-party websites and news sources. We do not control and are not responsible for their content or privacy practices; please review their policies before providing any information to them.

10. International data transfers

Some recipients are located outside the European Economic Area (notably in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the EU–US Data Privacy Framework (where the recipient is certified), and/or adequacy decisions, as applicable. You may contact us for more information about these safeguards.

11. Automated decision-making and profiling

We do not use your personal data to make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you, and we do not carry out profiling for such purposes.

12. Your rights

Depending on where you live, you have rights over your personal data, which may include the right to: access it; rectify it; erase it; restrict or object to processing (including processing based on legitimate interests); data portability; and to withdraw consent at any time without affecting prior processing. You also have the right to lodge a complaint with a supervisory authority.

Because much of the App's data stays on your device, you can exercise many rights directly — see Section 13. To exercise rights in respect of data processed through our service providers, contact us at support@financebay.app, and we will respond within the timeframes required by law (generally within one month under the GDPR). We may need to verify your request before acting on it. For data held by Apple, RevenueCat, or other independent controllers, please also refer to their respective policies.

13. Your choices and controls

You are in control of the data the App processes:

14. Data retention

15. Security

We use appropriate technical and organisational measures to protect personal data, including encrypted data transfer (TLS), Keychain storage for sensitive credentials, and device attestation to protect our API. No method of transmission or storage is completely secure, but we work to safeguard information against unauthorised access, loss, or misuse.

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected individuals, in accordance with Articles 33–34 GDPR and other applicable law.

16. California privacy rights (CCPA/CPRA)

If you are a California resident: in the past 12 months we have processed the limited categories described above (identifiers such as pseudonymous IDs and IP address; internet/usage activity; and coarse location). We use it for the business purposes described in Section 7.

We do not "sell" or "share" personal information as those terms are defined under the CPRA, and we do not process sensitive personal information for purposes that would trigger a right to limit. You have the right to know, access, delete, and correct your personal information, and not to be discriminated against for exercising these rights. We honour the Global Privacy Control (GPC) signal where applicable. To exercise these rights, contact support@financebay.app.

California "Shine the Light" (Civil Code §1798.83): we do not disclose personal information to third parties for their own direct-marketing purposes. Nevada residents: we do not sell personal information as defined under Nevada law.

17. Other jurisdictions

18. Children's privacy

The App is intended for users aged 18 and over and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

19. Changes to this Policy

We may update this Policy to reflect changes in our practices or the law. The "Last updated" date reflects the latest version, and the current version is always available within the App and on our website at https://financebay.app. For material changes we will provide reasonable notice. Your continued use of the App after changes take effect constitutes acceptance of the updated Policy.

20. Contact and complaints

For any privacy question or to exercise your rights:

Arkadiusz Szczepkowicz
Sole proprietor (jednoosobowa działalność gospodarcza), Poland
Email: support@financebay.app

Supervisory authorities. If you are in the EU/EEA, you may lodge a complaint with your local supervisory authority. Our lead authority is the Polish President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), https://uodo.gov.pl. If you are in the UK, you may contact the Information Commissioner's Office (ICO).