How FinStage collects, uses, and protects your information.
Effective May 24, 2026
Summary — FinStage keeps your data on your device. We
never sell or share your transactions, never show ads, and never use
third-party analytics. Cloud backup is optional and stored only in your
own Google Drive.
1. Introduction
FinStage (“we”, “our”, or “us”) is a personal expense tracker that
helps you record and review your spending privately on your device. We
respect your privacy and built FinStage to collect as little data as
possible. This Privacy Policy explains in plain language what
information FinStage accesses, how it is used, where it is stored, and
what choices you have. It applies to the FinStage mobile application
(the “App”) and any related services we provide.
By creating an account or using the App, you agree to the practices
described in this Policy. If you do not agree, please do not use the
App.
2. Information We Collect
FinStage collects only what is needed to run the App. The categories
below describe every type of data the App can access. The amount and
sensitivity is listed because it maps directly to the Google Play Data
Safety form.
Google Account profile — your name, email address, profile picture, and Google account ID. Collected only after you tap “Continue with Google” and consent on Google’s screen. Used to identify you in the App and to enable Cloud Backup.
Financial data you create — transactions (amount, date, type, category, note), accounts, categories, budgets, and reminders. You create all of this yourself; the App never imports it from elsewhere. It is stored on your device and, if Cloud Backup is on, in your own Google Drive.
App preferences — display name, default currency, notification time, theme, language, and backup frequency.
App PIN (optional) — if you enable an in-app PIN, the PIN is stored in the device’s secure hardware keystore (via expo-secure-store / Android Keystore). It never leaves your device and is never sent to us or to Google.
Diagnostic data — basic stability events used to detect crashes. FinStage does not use Firebase Analytics, Crashlytics, AdMob, Facebook SDK, or any third-party advertising or behavioural-analytics SDKs.
3. How We Use Your Information
FinStage uses your information only to provide the features you ask for. Specifically:
To sign you in with Google and keep you signed in.
To display your transactions, balances, charts, and reports.
To trigger the local reminders you have enabled (for example, “Don’t forget to log today’s spending”). Notifications are scheduled on your device and never go through our servers.
To back up and restore your data on Google Drive when you enable Cloud Backup.
To export your data as a PDF report when you tap “Export PDF”.
To diagnose crashes and improve reliability of the App.
4. Google API Services — Limited Use Disclosure
FinStage’s use of information received from Google APIs adheres to the
Google API Services User Data Policy,
including the Limited Use requirements.
When you enable Cloud Backup, FinStage requests only the Google Drive
“appDataFolder” scope (drive.appdata). This is a hidden,
app-private folder that only FinStage can read or write — it is
not your regular Drive. We use it solely to store an
encrypted JSON snapshot of your FinStage data so you can restore it on
another device.
FinStage does not request, read, or write any other Google Drive files or folders.
FinStage does not transfer your Drive data to any third party except as needed to provide or improve user-facing features, and only with your consent.
FinStage does not use your Drive data for serving advertisements.
FinStage does not allow humans to read your Drive data unless we have your specific consent, it is needed for security (e.g., investigating abuse), or it is required by law.
FinStage does not use your Drive data to train any AI/ML models.
5. Where Your Data Is Stored
Your transactions and preferences live in encrypted on-device storage (AsyncStorage / Android internal storage). They never leave your phone unless you enable Cloud Backup.
If Cloud Backup is on, a JSON snapshot of your data is uploaded to your own Google Drive’s appDataFolder. Backups are tied to your Google account, are not visible to other users or apps, and are transmitted over HTTPS/TLS.
Authentication is handled by Firebase Authentication (Google LLC). Firebase stores the token Google issues at sign-in so we can verify it’s still you. We do not run any application servers that store your financial data.
6. Sharing and Disclosure of Information
FinStage does not sell, rent, trade, or monetise your personal information. We do not show third-party advertising. We share data only in the limited situations below.
With Google LLC — Firebase Authentication processes your sign-in, and Google Drive stores your backup. Both act as our service providers and are governed by Google’s privacy commitments (policies.google.com/privacy).
For legal reasons — we may disclose information if compelled by valid legal process or to protect the rights, property, or safety of users, ourselves, or the public.
Business transfers — if FinStage is involved in a merger, acquisition, or asset sale, your information may transfer to the successor. We will notify you in the App or by email before your information becomes subject to a different privacy policy.
7. Permissions We Request
FinStage only requests permissions it actively uses. You can revoke any of them at any time from your device’s system settings.
Internet (INTERNET) — required to sign in with Google and to upload/download Cloud Backups. The App functions fully offline if you never enable backup.
Notifications (POST_NOTIFICATIONS on Android 13+) — required to deliver the daily/weekly reminders you turn on inside the App. Reminders are scheduled locally; no push servers are involved.
Boot completed (RECEIVE_BOOT_COMPLETED) — required to re-schedule your reminder alarms after your phone restarts.
Exact alarm (SCHEDULE_EXACT_ALARM) — required so reminders fire at the exact time you choose.
Storage access — only invoked when you tap “Export PDF”. You pick the destination folder via the Android system picker; FinStage can only write to that folder and nowhere else.
8. Security
We protect your information with the same security stack Google uses for its own products:
All network traffic uses HTTPS / TLS 1.2 or higher.
Sign-in is handled by Firebase Authentication, which never exposes your password to FinStage.
Cloud Backup files reside in a private, app-only folder inside your Google account.
If you set an in-app PIN, it is stored inside the device’s hardware-backed keystore (Android Keystore / iOS Keychain) and never transmitted off-device.
9. Your Rights and Choices
You stay in full control of your data at all times. Every right below is exercised directly inside the App — no email or web form required.
Access & export — Settings → Export PDF generates a complete copy of your data that you can save or share anywhere.
Edit & correct — every transaction, account, and category can be edited or deleted from the home screen.
Disconnect Cloud Backup — Settings → Cloud Backup → “Turn off backup” stops syncing and removes the backup from your Google Drive.
Delete your account — Settings → Danger zone → “Delete account” permanently erases your FinStage account, all transactions on this device, and the Google Drive backup. This action is immediate and cannot be undone.
If you cannot access the App (lost device, etc.) you can request account & data deletion by emailing contact.finstage@gmail.com from the address tied to your Google account. We will verify ownership and delete your data within 30 days.
10. Data Retention
FinStage keeps your data only as long as you keep using the App.
Transactions and preferences remain on your device until you delete them, uninstall the App, or delete your account.
Cloud Backups remain in your Google Drive appDataFolder until you turn off backup or delete your account.
Firebase Authentication retains your sign-in token until you sign out or delete your account, after which it is purged from Google’s identity service.
Crash diagnostics are retained for up to 90 days, then automatically purged.
11. Regional Privacy Rights (GDPR, UK GDPR, CCPA)
If you live in the European Economic Area, the United Kingdom, Switzerland, California, or another jurisdiction with comparable laws, you have additional rights regarding your personal data.
Right to access, rectify, or erase — fulfilled in-app via Settings → Export PDF, in-app editing, or Settings → Danger zone → Delete account.
Right to restrict or object to processing — disable Cloud Backup or notifications at any time, or sign out completely.
Right to data portability — Export PDF (human-readable) is available today. A machine-readable JSON export can be requested by emailing contact.finstage@gmail.com.
Right to lodge a complaint — you may complain to your local data-protection authority. We will cooperate fully with any such investigation.
Legal bases (GDPR) — we process your data on the basis of your consent (Google Sign-In, Cloud Backup) and to perform the contract created when you accept this Policy.
12. Children’s Privacy
FinStage is not directed to children under 13 (or the equivalent minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has provided us with information, please email contact.finstage@gmail.com and we will delete it.
13. International Data Transfers
FinStage is operated globally. Because we use Google’s infrastructure (Firebase Authentication and Google Drive), your information may be processed in countries other than your own, including the United States. Google relies on Standard Contractual Clauses approved by the European Commission for such transfers. By using FinStage you understand and consent to these transfers.
14. Third-Party Services
FinStage relies on the following Google services. Their use of your data is governed by their own privacy policies, linked below.
Google Play Services — required by all Android apps for core platform features — policies.google.com/privacy
15. Cookies, Trackers and Advertising
FinStage does not place cookies, beacons, fingerprinting scripts, or any cross-app tracking identifiers on your device. We do not show advertising of any kind, and we do not share data with advertising networks. Your Google advertising ID is not collected by FinStage.
16. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the “Effective date” at the top and, for material changes, notify you in-app or by email before the change takes effect. Your continued use of FinStage after the change means you accept the updated Policy.
17. Contact Us
If you have any questions, requests, or complaints about this Policy or your data — including account-deletion requests submitted by email — please contact: