FYFFree Your Financials

Privacy Policy

Plain English. No fine print.

Effective date: May 15, 2026  ·  Applies to fyf.services

FYF is operated by Free Your Financials (“FYF,” “we,” “us”). This policy explains what information we collect, how we use it, and what rights you have. If something isn't clear, email us at privacy@fyf.services.

FYF is designed to help you understand your finances while respecting your privacy. We do not sell your personal information or financial information.

1. What we collect

Account information. Your display name and email address. Your email is stored encrypted at rest. We also store a one-way hash of your email for login lookups — the hash cannot be reversed to recover your address.

Password. If you use email/password sign-in, your password is stored as a one-way hash. We cannot read your password and will never ask for it by email or phone.

Financial information. Income, monthly budget, bills, expenses, and debt balances — the information you enter to use FYF. We use encryption and access controls to protect this information. We never access your bank account and we require no banking credentials.

Transactions and daily logs. The spending and income entries you log manually. These are stored in your account and used only to generate your personal financial summary.

Onboarding answers and story chapters. The narrative answers you write during onboarding, and the story chapters derived from them. These are personal and stored in your account. They are not shared.

Goals and milestones. The goals you set and progress milestones you achieve inside FYF.

Usage data. Streaks, lesson completions, level progress, and similar in-app behavioral data used to support progress tracking, observations, and habit-building features.

Anonymous product analytics. We record anonymized product events — such as lesson completions, daily check-ins, and milestone shares — to understand how features are used. These events are linked to an opaque random identifier that is separate from your account ID and cannot be used to identify you. No financial amounts, transaction descriptions, goal labels, debt information, or personally identifiable information is ever included in analytics events. We also use a privacy-focused analytics service to understand how FYF is used and improve the product. It does not use cookies or build advertising profiles.

Email preferences. Whether you have daily reminder emails and/or monthly statement emails enabled. These are separate preferences you can change independently in account settings at any time.

Google account data (if you sign in with Google). We receive your name, email address, and a stable Google account identifier (“sub”). We verify that your Google email is confirmed before creating an account. We do not receive your Google password or any other Google account data.

Cookies. We use a small number of strictly necessary cookies to keep you signed in and to support account creation — for example, completing sign-in with Google or linking a referral. We store only a one-way hash of your session token; the raw token exists only in your browser and is never stored on our servers. We do not use cookies for advertising or cross-site tracking.

2. What we do not collect

We do not connect to your bank account. We do not collect your banking login credentials, PIN, SIN (Social Insurance Number), or government-issued ID.

We do not use advertising trackers, behavioral tracking pixels, or tools like Google Analytics or Meta Pixel.

We do not build advertising profiles from your financial data. We will never sell or share your financial information with advertisers.

3. How we use your information

To operate FYF and provide you with your financial dashboard, observations, lessons, and story features.

To send you account emails: password reset links (transactional, always sent when requested), daily reminder emails if you have reminders enabled, and monthly statement emails if you have statement emails enabled. Reminders and statements are controlled by separate preferences in account settings, and each can be disabled independently. We do not send marketing emails.

To keep you securely logged in via session cookies.

To improve FYF — we collect anonymized product events (described in section 1) to understand how features are used and where users encounter friction. This analysis never involves your personal financial figures, and event data is linked only to an opaque identifier that cannot be used to reconstruct your identity or financial history.

FYF provides educational and behavioral tools, not professional financial advice. Your data is used to show your own picture back to you — not to make financial recommendations on our behalf.

4. How we protect your data

We use encryption to protect sensitive financial information and personal identifiers such as your email address. Access to your data is limited to what's needed to operate the service.

Session tokens are stored in your browser as httpOnly, secure cookies and are never stored in plaintext on our servers — only a one-way hash is stored.

Password reset tokens follow the same pattern: the raw token exists only in the email link we send you, and only its hash is stored on our servers.

We do not log your financial information to application logs.

5. Third-party service providers

We use a small number of trusted third-party providers to operate FYF. Each acts as a data processor under our direction. We do not sell your financial data, and we do not share it with any of them for advertising or marketing purposes.

Railway — hosts the PostgreSQL database where your account data is stored. Railway is a US-based cloud infrastructure provider.

Vercel — hosts the FYF web application and processes incoming requests. Request logs (IP address, user agent, URL path) may be retained briefly for security and debugging purposes.

Resend — delivers transactional emails, including password resets, reminders, and financial statements. These emails may contain financial summary information you've already seen in FYF.

Anthropic — helps generate certain written financial summaries within FYF. Only the information required to generate those summaries is shared. It is not used for advertising or marketing purposes.

Google — provides optional sign-in via Google OAuth. If you use Google sign-in, Google processes your authentication. We receive only the data described in section 1.

Upstash — provides Redis-based rate limiting and email send deduplication. Upstash may process anonymized request identifiers (hashed user ID + date) but receives no personal data values.

Typography (Poppins and Lora fonts) is self-hosted by FYF. No runtime requests are made to Google Fonts servers.

6. Reminder emails and communication

Daily reminder emails are sent to users who have the feature enabled and who have not logged activity that day. Reminders are enabled by default. You can disable them at any time in your account settings.

Password reset emails are transactional and cannot be opted out of — they are only sent when you request a password reset.

We do not send promotional or marketing emails without your explicit consent.

7. Data retention and deletion

Your data is retained for as long as your account is active. You can delete your account at any time from your account settings. Deletion is immediate and permanent — all your data is removed and cannot be recovered.

We may retain de-identified aggregate usage information that cannot reasonably be linked back to you.

8. Your rights

You have the right to access, correct, and delete the personal information FYF holds about you. Account deletion is available directly in the app. For other requests, contact us at privacy@fyf.services.

Canadian residents have additional rights under PIPEDA (the Personal Information Protection and Electronic Documents Act), including the right to know what personal information we hold and to challenge the accuracy of that information.

9. Changes to this policy

If we make material changes to this policy, we will notify you by email and update the effective date above. We'll give you time to review changes before they take effect. Continuing to use FYF after that point means you're comfortable with the updated policy.

10. Contact

Privacy questions and data requests: privacy@fyf.services

You will receive a response from a person, not an automated reply.