Back to Home

Privacy Policy

Last updated: February 24, 2026

Introduction

Welcome to Winy Finance. We are committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial management application.

By using Winy Finance, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Financial Information

Through our integration with Plaid, a secure third-party financial data aggregator, we collect:

  • Bank account information (account numbers, balances, transaction history)
  • Credit card information (account details, transactions, balances)
  • Investment account details (holdings, transactions, performance)
  • Loan and mortgage information
  • Other financial account data you choose to connect

Personal Information

  • Name and email address
  • Phone number (if provided)
  • Profile information and preferences
  • Authentication credentials (securely hashed)

Usage Information

  • Device information (type, operating system, browser)
  • IP address and general location data
  • App usage patterns and interactions
  • Feature preferences and settings
  • Error logs and diagnostic data

How We Use Your Information

We use the collected information for the following purposes:

  • Provide Services: Display your financial data, track transactions, analyze spending patterns, and deliver personalized insights
  • Budgeting and Goals: Help you create and monitor budgets, savings goals, and debt repayment plans
  • AI Features: Power our AI Copilot to provide intelligent financial recommendations and insights
  • Service Improvement: Analyze usage patterns to improve features and user experience
  • Security: Detect and prevent fraud, unauthorized access, and security threats
  • Communication: Send important updates, security alerts, and service notifications
  • Legal Compliance: Meet regulatory requirements and respond to legal requests

How We Share Your Information

Third-Party Service Providers

We share data with trusted service providers who help us operate our service:

  • Plaid: Securely connects to your financial institutions to retrieve account and transaction data. Plaid is subject to its own privacy policy.
  • Cloud Hosting: Data storage and computing infrastructure providers
  • Analytics Services: Tools to help us understand app usage and improve features
  • Authentication Services: Identity verification and secure login providers

Legal Requirements

We may disclose your information when required by law, including:

  • In response to valid legal processes (subpoenas, court orders)
  • To comply with regulatory requirements
  • To protect our rights, privacy, safety, or property
  • To investigate or prevent illegal activities or fraud

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email or prominent notice in the app.

We do NOT sell your personal or financial information to third parties for marketing purposes.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
  • Secure Storage: Financial data is encrypted at rest using AES-256 encryption
  • Access Controls: Strict internal access controls limit who can view your data
  • Plaid Security: Financial credentials are never stored on our servers—Plaid uses bank-level security
  • Regular Audits: We conduct regular security audits and vulnerability assessments
  • Monitoring: 24/7 system monitoring for suspicious activity

While we strive to protect your information, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and enable two-factor authentication where available.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Active Accounts: Financial and personal data is retained while your account is active
  • Transaction History: Stored for up to 7 years to support budgeting analysis and tax records
  • Deleted Accounts: Data is permanently deleted within 30 days of account closure, except where required by law
  • Backup Data: May be retained in encrypted backups for up to 90 days after deletion

Your Privacy Rights

Depending on your location, you may have the following rights:

General Rights

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal obligations)
  • Data Portability: Request your data in a machine-readable format
  • Opt-Out: Unsubscribe from marketing communications
  • Disconnect Accounts: Remove linked financial accounts at any time

GDPR Rights (European Users)

If you are in the European Economic Area, you have additional rights under GDPR:

  • Right to object to processing
  • Right to restrict processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

CCPA Rights (California Users)

California residents have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising privacy rights

To exercise any of these rights, please contact us at privacy@winy.finance

Children's Privacy

Winy Finance is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Other legally approved transfer mechanisms

Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you signed in
  • Remember your preferences
  • Analyze how you use our service
  • Improve performance and user experience

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our service.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated policy in the app
  • Sending an email notification
  • Displaying a prominent notice when you log in

Your continued use of Winy Finance after changes are posted constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@winy.finance

Support: support@winy.finance

Response Time: We aim to respond to all privacy inquiries within 7 business days.

Third-Party Links

Our service may contain links to third-party websites or services (such as your financial institutions). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Data Processing Legal Basis (GDPR)

For users in the European Economic Area, our legal bases for processing your personal data include:

  • Contract Performance: Processing necessary to provide the services you requested
  • Consent: Where you have given explicit consent for specific processing activities
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement)
  • Legal Obligation: Processing required to comply with legal or regulatory requirements