PerfintraPerfintra

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy describes how Perfintra collects, uses, stores, and protects your personal information when you use our application, and explains your rights regarding that information.

1. Information We Collect

Account Data

When you register, we collect your name, email address, username, and password. Your password is stored as a bcrypt hash — never in plain text.

Financial Data (via Plaid)

When you connect a bank account, we use Plaid to establish the connection. Through Plaid we receive bank account names, last 4 digits, transaction history, and an encrypted access token to fetch future transactions. We do not receive or store your bank login credentials — these are entered directly into Plaid's secure interface.

Usage & Audit Data

We record AI feature usage counts and an immutable audit log of data deletion and export events for compliance purposes.

Session Data

We use a single httpOnly, Secure, SameSite=Strict cookie (auth_token) that expires after 7 days. We do not use tracking cookies, advertising cookies, or third-party analytics.

2. How We Use Your Information

  • Providing the core service — transaction tracking, dashboards, recurring rules
  • Connecting and syncing bank accounts via Plaid
  • AI-powered features — chat assistant, spending insights, and budget suggestions via Google Gemini (aggregated spending totals by category, not individual transactions). Transaction descriptions and amounts are sent to Gemini only during bank sync to categorise new transactions.
  • Security, fraud prevention, and compliance

We do not sell your data, use it for advertising, or share it beyond what is described in Section 4.

3. Security

  • Plaid access tokens are encrypted at rest using AES-256-GCM
  • Passwords are hashed using bcrypt and never stored in plain text
  • All data in transit is encrypted using TLS/HTTPS
  • All API routes require authentication; queries are scoped to your account

4. Third-Party Services

We use the following services that may process your data:

ServicePurposePrivacy Policy
PlaidBank account connectivityplaid.com/legal
Google GeminiAI chat, spending insights, budget suggestions, and bank transaction categorisationpolicies.google.com

5. Data Retention

DataRetention
Account & transaction dataUntil account deletion
Plaid access tokensDeleted immediately on disconnect or account deletion
Unreviewed bank sync dataMaximum 90 days, auto-purged
Session cookie7 days
Audit log recordsRetained for compliance

6. Your Rights

AccessView all your data within the app at any time.
PortabilityExport all transactions as CSV from Account Settings → Download my data.
DeletionPermanently delete your account and all data from Account Settings → Delete account.
RectificationUpdate your name, email, password, and preferences from Account Settings.
Withdraw consentDisconnect any bank account at any time from Account Settings → Bank Accounts.

7. Children's Privacy

Perfintra is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page.

9. Contact

If you have questions about this policy or how your data is handled, please contact us through the application.