1. Introduction
Fiacore ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our personal finance management platform.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and guidance from the Information Commissioner's Office (ICO).
Data Controller: Fiacore Ltd
Company Number: 16696707 (Registered in England and Wales)
Registered Address: 11 Chester Road, London, E7 8QT
ICO Registration: ZC068211 (Registered 18 December 2025)
Data Protection Officer: Mr Maulikkumar Patel
DPO Email: patelmaulik8519@gmail.com
DPO Phone: 07342 733843
2. Information We Collect
2.1 Personal Information
- Account Data: Name, email address, phone number (optional)
- Authentication Data: Password (hashed), two-factor authentication preferences
- Profile Data: Currency preferences, country, language settings
2.2 Financial Information
- Transaction Data: Income, expenses, transaction descriptions, dates, amounts
- Financial Goals: Savings targets, investment goals, loan details
- Bank Statements: Uploaded statements for transaction import (processed locally, not stored externally)
2.3 Technical Information
- Device Data: Browser type, operating system, device identifiers (encrypted)
- Usage Data: Pages visited, features used, session duration
- IP Address: SHA-256 hashed (one-way, not reversible)
2.4 Visitor Analytics (With Consent)
When you consent to analytics cookies, we collect the following to improve our services:
| Data Type |
Storage Method |
Retention Period |
| IP Address |
SHA-256 hashed (irreversible) |
12 months |
| Country |
Plaintext |
12 months |
| City/Region |
Plaintext |
12 months |
| User Agent |
AES-256-GCM encrypted |
12 months |
| Pages Visited |
Plaintext |
12 months |
Privacy Note: Your IP address is never stored in plaintext. We use industry-standard SHA-256 hashing to ensure your IP cannot be recovered. City and country data without IP address is not considered personal data under GDPR. You can opt out of analytics tracking via the Cookie Preferences option.
3. How We Use Your Information
3.1 Legal Basis for Processing
Under UK GDPR Article 6, we process your data based on:
- Contract: To provide our financial management services to you
- Consent: For optional features like AI-powered insights and marketing communications
- Legitimate Interest: For security, fraud prevention, and service improvement
- Legal Obligation: To comply with financial regulations and tax requirements
3.2 Purposes of Processing
- Providing personalized financial insights and analysis
- AI-powered transaction categorization and predictions
- Generating reports, charts, and financial summaries
- Sending account notifications and security alerts
- Improving our services through anonymized analytics
- Preventing fraud and ensuring platform security
4. Data Security
We implement industry-leading security measures to protect your data:
- AES-256-GCM Encryption: All personal data encrypted at rest
- Deterministic Encryption: For searchable fields while maintaining security
- IP Address Hashing: SHA-256 one-way hashing for access logs
- Two-Factor Authentication: Optional but recommended for all accounts
- Server-Side Sessions: PostgreSQL-backed sessions with cryptographic regeneration
- Regular Security Audits: OWASP Top 10 compliance monitoring
For more details on our security practices, please see our
Security Policy.
5. Data Sharing
5.1 We Do Not Sell Your Data
We will never sell, rent, or trade your personal or financial information to third parties.
5.2 Third-Party Service Providers
We may share data with trusted providers who assist in operating our platform:
- Cloud Infrastructure: Secure hosting providers (data remains encrypted)
- AI Processing: OpenAI for financial insights (anonymized data only)
- Email Services: For account notifications and verification
- Authentication: Firebase for secure login (optional)
5.3 Legal Requirements
We may disclose data when required by law, court order, or to protect our legal rights.
6. Data Retention
- Active Accounts: Data retained while your account is active
- Deleted Accounts: Personal data deleted within 30 days of account deletion
- Financial Records: May be retained for up to 7 years for legal/tax purposes
- Security Logs: Hashed access logs retained for 12 months
- Visitor Analytics: Automatically deleted after 12 months (based on ICO guidance)
Our automated data purge system runs daily to ensure analytics data older than 12 months is permanently deleted in compliance with ICO data minimization guidelines.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise any of these rights, please visit our Data Subject Rights page or contact us at privacy@fiacore.com.
8. Cookies
We use cookies to improve your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
9. International Data Transfers
Your data is primarily processed within the UK and European Economic Area. If data is transferred outside these regions, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
10. Children's Privacy
Fiacore is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification. The "last updated" date at the top indicates when changes were made.
12. Complaints
If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
13. Contact Us