FinbloomFinbloom

Privacy Policy

Last updated: April 16, 2026

1. Information We Collect

When you use Finbloom, we collect:

  • Account information: email address, name, country, and preferred currency (provided during registration and onboarding)
  • Financial data: salary, income profiles, expenses, loans, investments, assets, insurance policies, and monthly records that you enter or import
  • Usage data: pages visited, features used, and interactions with AI-generated content
  • Brokerage data: if you connect a brokerage account (e.g., Trading 212, Alpaca, Interactive Brokers), we receive portfolio positions, account balances, transaction history, and dividend data. Depending on the broker, you either provide API credentials directly or authorize access via OAuth — a secure industry-standard protocol where you log in on the broker's website and grant Finbloom read-only access. We never receive or store your brokerage login password.
  • Bank account data: if you connect a bank account via a licensed PSD2 provider, we receive read-only access to transaction history, balances, and account metadata. Your bank credentials are handled exclusively by your bank and the PSD2 provider — Finbloom never receives or stores your banking passwords.
  • Uploaded documents: investment statements, CSV files, PDFs, and images you upload for AI-powered document parsing

2. How We Use Your Data

Your data is used to:

  • Provide personalized financial analytics, projections, and AI-generated insights
  • Generate dashboard blocks, charts, reports, and insight blocks
  • Synchronize with connected brokerage accounts and bank accounts
  • Calculate monthly records, net worth, savings rates, and financial projections
  • Parse uploaded documents into structured financial data
  • Send transactional emails (password resets, billing receipts) and in-app notifications (dividends received, sync status, anomaly alerts)
  • Improve the Service through anonymized, aggregated analytics

We do not use your data for advertising, behavioral profiling, or sale to third parties.

3. Data Storage and Security

All sensitive financial fields are encrypted at rest using AES-256-GCM field-level encryption with per-user encryption keys. This includes transaction amounts, salary, account names, portfolio values, and all brokerage credentials (API keys, OAuth tokens, refresh tokens, and session data). For full details, see our Encryption Policy.

Data is stored in encrypted databases hosted on EU-based servers. We follow industry-standard security practices including HTTPS everywhere, token-based authentication, and principle of least privilege for data access.

4. AI Processing

Financial data is sent to AI providers to generate insights, parse documents, and power the financial advisor chat. Data sent to AI providers is:

  • Used solely to process your specific request
  • Not used to train AI models
  • Transmitted encrypted in transit (TLS 1.2+)
  • Deleted by the provider after processing, per their data processing agreements

We do not store AI conversation logs beyond what is needed to provide the Service.

5. Third-Party Services

We use the following categories of third-party services to deliver the Service:

  • Authentication provider: identity management and login
  • Payment processor: subscription management and billing
  • Email delivery service: transactional emails
  • Hosting provider: application hosting and serverless compute
  • AI providers: financial insights, document parsing, and chat
  • PSD2 provider: licensed Account Information Service Provider for bank connections
  • Brokerage APIs: Trading 212, Alpaca, Interactive Brokers (for portfolio sync)
  • Object storage provider: encrypted file storage for uploaded documents

Data is shared with these providers only as necessary to deliver the Service. We maintain data processing agreements with all providers.

6. Data Sharing

We do not sell, rent, or share your personal or financial data with third parties for marketing, advertising, or any purpose beyond delivering the Service. Data is shared only with the service providers listed above, and only to the extent necessary.

7. Data Retention

Your data is retained for as long as your account is active. Upon account deletion:

  • All personal and financial data is permanently deleted within 30 days
  • Per-user encryption keys are destroyed, rendering any residual encrypted data unrecoverable
  • Connected brokerage and bank credentials are deleted immediately

We may retain anonymized, aggregated data that cannot identify individual users. Data may be retained beyond 30 days only where required by law.

8. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access and export your data
  • Correct inaccurate information
  • Delete your account and all associated data at any time
  • Revoke bank or brokerage connections instantly from your settings
  • Withdraw consent for optional data processing
  • Port your data to another service
  • Object to processing based on legitimate interests

To exercise any of these rights, contact us at support@quantizebg.com.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies, advertising cookies, or analytics cookies that identify individual users.

10. Children

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

11. International Data Transfers

Your data is stored in the EU. Where data is processed by third-party providers outside the EU (e.g., AI providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and data processing agreements.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

For privacy-related inquiries, data requests, or complaints, contact us at support@quantizebg.com.