Finanzbook Privacy Policy

Effective Date: April 29, 2025

Last Updated: April 29, 2025

Finanzbook (“we”, “us”, or “our”) is operated by OsnaDigit UG (haftungsbeschränkt). We are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Finanzbook expense tracker application (“the App”), in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Who We Are

Data Controller:
OsnaDigit UG (haftungsbeschränkt)
Am Franz-Felix-See 209
48268 Greven
Email: info@osnadigit.de

Data Protection Officer (DPO):
Not applicable (a DPO is not currently required for our processing activities)

2. What Data We Collect

We collect and process the following types of personal data:

• Account Information: Name, email address, username (if registration is required) – AWS Cognito is used for user authentication and authorization, which may collect and store your login credentials (e.g., email, password) to manage access to the app.
• Financial Data: Expense categories, amounts, transaction dates, and notes (as entered by you)
• Device Information: IP address, operating system, app version
• Usage Data: Interactions with the app (anonymized if used for analytics)

3. Legal Basis for Processing

We process your data based on:

• Consent (Art. 6(1)(a) GDPR): For optional features and analytics
• Contract performance (Art. 6(1)(b) GDPR): To deliver core features of Finanzbook
• Legal obligations (Art. 6(1)(c) GDPR): Where necessary to comply with applicable laws

4. How We Use Your Data

We use your data to:

• Operate and maintain Finanzbook
• Help you track and manage personal or household expenses
• Provide customer support and respond to inquiries
• Improve app functionality and user experience
• Ensure data security and prevent abuse

5. Data Storage and Retention

Your data is securely stored on servers located in Germany, operated by our hosting provider STRATO AG, which is ISO 27001-certified. We retain your data only as long as necessary for the purposes described in this policy or to comply with legal obligations. You may request account deletion or data removal at any time (see Section 7).

6. Data Sharing and Transfers

We do not sell or share your personal data for advertising purposes. We may share data with STRATO AG, our hosting provider, for the sole purpose of secure infrastructure operation. STRATO AG is headquartered in Germany and complies fully with GDPR. We have a Data Processing Agreement (DPA) in place with Strato in accordance with Article 28 GDPR. We also use AWS Cognito (Amazon Web Services) for user authentication and authorization. As part of this service, AWS Cognito may collect and process user credentials (such as email address and password) to authenticate users and authorize access to the app. AWS Cognito is compliant with the GDPR and provides secure storage of user data. No personal data is transferred outside the EU unless you are located outside the EU and use the service from abroad.

7. Your Rights Under GDPR

As a data subject, you have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data (“right to be forgotten”)
• Restrict or object to processing
• Export your data (data portability)
• Withdraw consent at any time (when processing is based on consent)

To exercise any of these rights, contact us at: info@osnadigit.de

8. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

• End-to-end encryption
• Secure infrastructure hosted in Germany (STRATO AG)
• Role-based access control
• Regular security updates and system audits

9. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify the German data protection authority (BfDI) and affected users in accordance with Articles 33 and 34 of the GDPR.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in legal, technical, or operational requirements. You will be notified of any material changes via the App or by email. The latest version will always be available within the App and, if applicable, on our website.

11. Contact

If you have any questions or concerns about this Privacy Policy or your personal data, please contact:

OsnaDigit UG (haftungsbeschränkt)
Am Franz-Felix-See 209
48268 Greven
Email: info@osnadigit.de