Privacy Policy

The Application is offered as a Freemium service. This policy explains how we process your personal data when you use the Application. The processing of personal data complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Finnish Data Protection Act, and other applicable laws.

1. Information We Collect

When you use the Application, we may collect the following categories of information:

a) Automatically Collected Information

• Device IP address
• Pages of the Application visited, time and date of visit, time spent
• Operating system and device identifiers
• Crash logs, performance data, diagnostic data

b) User-Provided Information

When you create an account or use certain features of the Application, you may provide us with personal data. This can include (but is not limited to):

• Basic account details such as name, email address, and profile picture
• Authentication details when signing in via Google, Apple, or other third-party login providers
• Financial account data retrieved via an Account Information Service Provider (AISP), such as IBAN, balances, and transaction data (used to provide financial insights)
• Optional content you choose to upload, such as photos of bills or receipts
• Preferences and settings you provide for personalization of the Application
• Any other information you voluntarily provide when contacting support, completing forms, or using interactive features

c) Communication Data

• Email correspondence with support
• Notifications and messages related to financial services

We do not collect precise geolocation data.

2. Purposes and Legal Bases of Processing

• To provide and operate the Application (performance of a contract, GDPR Art. 6(1)(b))
• To comply with legal obligations related to financial services, accounting, and anti-money laundering (legal obligation, GDPR Art. 6(1)(c))
• To improve and secure the Application through analytics and diagnostics (legitimate interest, GDPR Art. 6(1)(f))
• To send important service-related notices (performance of a contract)
• To send marketing communications, if you have given consent (consent, GDPR Art. 6(1)(a))

3. Data Retention

• Personal data will be retained as long as you maintain an account with the Application.
• Financial data retrieved via AISP will be retained for the duration of the service relationship and as required by applicable law (e.g., up to 6 years for accounting/AML).
• Optional photos will be deleted once you remove your account or request deletion of your data.
• We will process deletion requests within 30 days. Backup copies may remain for up to 90 days before being automatically purged.
• After termination of your account, data will be securely deleted or anonymized unless retention is required by law.

4. Sharing of Data

We may share your personal data with:

• Trusted third-party service providers (e.g., hosting, analytics, crash reporting) who act under our instructions and do not use your data independently.
• Financial institutions and lenders, only if you authorize us to request loan offers or conduct account aggregation.
• Authorities if required by law (e.g., courts, police, financial regulators).

We use the following third-party services, which have their own privacy policies:

• Google Play Services
• Apple App Store services
• Firebase Cloud Messaging
• Expo
• Sentry
• RevenueCat
• PostHog (product analytics)
• Google Analytics (directly or via PostHog)

In the future, we may use marketing and advertising services such as Meta (Facebook/Instagram), TikTok, or other platforms. These will only be used with your consent and in compliance with applicable law.

5. Cookies and Tracking

The Application and our third-party service providers may use cookies, SDKs, and similar tracking technologies for functionality, analytics, and—if you provide consent—marketing purposes.

You can manage or withdraw your consent for tracking in your device settings or within the Application where options are provided.

6. International Data Transfers

Some service providers may be located outside the EU/EEA. In such cases, we ensure adequate safeguards through:

• European Commission adequacy decisions, or
• Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Data Subject Rights

As a user, you have the following rights under GDPR:

• Right of access – obtain confirmation and a copy of your personal data.
• Right to rectification – correct inaccurate or incomplete data.
• Right to erasure – request deletion of your data, where legally possible.
• Right to restriction of processing – in certain circumstances.
• Right to data portability – receive data in a machine-readable format.
• Right to object – to processing based on legitimate interest or direct marketing.
• Right to withdraw consent – if processing is based on your consent.
• Right to lodge a complaint with the Office of the Data Protection Ombudsman (tietosuoja.fi).

You can exercise your rights by contacting us at info@rensa.fi.

8. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, and secure hosting.

9. Children

The Application is not intended for children under 13. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data immediately.

10. Changes to This Policy

This Privacy Policy may be updated from time to time. We will notify you of significant changes by updating this page and, where appropriate, by sending you an email or in-app notification. Please review this policy regularly. Continued use of the Application after updates constitutes acceptance.

11. Contact