Terms of ServiceVolver al registro

Privacy Policy

Effective date: April 7, 2026

Lupafina ("Lupafina," "we," "us," or "our") provides a web-based personal finance application available at https://lupafina.com/ and as a progressive web app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use the Service.

1. Who we are

Lupafina is operated from Montevideo, Uruguay.

Contact for privacy questions: ec.business.ia@gmail.com

If Lupafina is not yet incorporated as a separate legal entity, references to "Lupafina" in this Privacy Policy mean the individual or business operator responsible for the Service.

2. Scope

This Privacy Policy applies to personal data collected through:

  • our website and web application;
  • account registration and login;
  • use of finance-tracking features;
  • communications with us;
  • analytics, security, support, and AI tools connected to the Service.

3. Personal data we collect

Depending on how you use the Service, we may collect the following categories of personal data:

A. Account and identity data

  • name;
  • email address;
  • password, if you sign up using email and password authentication.

If you sign in with Google or another third-party provider, we may receive profile information such as your name, email, and authentication identifier from that provider. We do not receive your third-party account password.

B. Financial and app content data

  • expenses, income, savings, and other transaction records you enter;
  • balances and account-related values you choose to track;
  • savings goals, target dates, progress data, and related notes;
  • workspace names and other organizational data you create in the app;
  • prompts, requests, or instructions you submit to AI-powered features;
  • outputs generated by AI-powered features based on your content.

C. Technical and usage data

We may automatically collect limited technical data such as:

  • IP address;
  • browser type;
  • device type;
  • operating system;
  • pages viewed, feature usage, session activity, and approximate timestamps;
  • error logs, crash reports, and performance diagnostics.

D. Communications data

  • messages you send to us;
  • support requests;
  • feedback submissions.

4. How we use personal data

We may use personal data to:

  • create and manage user accounts;
  • authenticate users and secure the Service;
  • provide finance tracking, balance summaries, and savings-goal features;
  • store and display user-entered financial information;
  • generate AI-powered summaries, insights, categorizations, forecasts, and related functionality;
  • improve app performance, usability, reliability, and model quality;
  • detect abuse, fraud, unauthorized access, or technical issues;
  • respond to support requests and communicate with users;
  • comply with legal obligations;
  • prepare for, offer, and manage future paid plans or subscriptions, if introduced;
  • provide account deletion, data export, and account support features.

5. Legal bases for processing

Where applicable under data protection laws, we process personal data on the basis of one or more of the following:

  • performance of a contract, such as providing the Service you request;
  • legitimate interests, such as keeping the Service secure, improving features, and preventing misuse;
  • consent, where required by law, including for optional AI model improvement uses or certain cookies or communications;
  • compliance with legal obligations.

6. Cookies and similar technologies

We use only limited cookies and similar technologies.

At present, we use:

  • NEXT_LOCALE — a functional cookie used to remember your language preference.

We also use Vercel Analytics, which is designed to operate without cookies.

We do not use marketing cookies or third-party tracking cookies.

Because we use only a functional cookie and cookie-free analytics, a cookie consent banner is generally not required for these technologies alone. Where required by law, we will update this notice and provide any additional disclosures.

7. Sharing of personal data

We do not sell personal data. We may share personal data with trusted service providers that help us operate the Service, such as providers for:

  • hosting and deployment;
  • database storage;
  • authentication;
  • analytics;
  • monitoring and error logging;
  • email delivery;
  • AI features or infrastructure.

Based on our current setup, these providers may include services such as Vercel, MongoDB, and other processors we use to operate the Service.

We may also share personal data with third-party AI or machine learning providers to:

  • analyze user-entered financial data;
  • generate AI-powered outputs;
  • improve model quality and the Service, where you have consented or where otherwise permitted by law.

Where we use service providers that process personal data on our behalf, they act under contractual obligations to protect the data and use it only for the purposes we specify.

We do not authorize service providers to use your personal data for their own marketing purposes.

We may also disclose personal data:

  • if required by law, regulation, court order, or lawful request;
  • to protect rights, safety, security, or property;
  • in connection with a merger, acquisition, financing, or asset transfer.

8. International data transfers

Because some service providers may process or store data in countries other than the user’s country of residence, personal data may be transferred internationally.

Where required, we take reasonable steps to use appropriate safeguards for international transfers.

9. Data retention

We retain personal data for as long as reasonably necessary to:

  • provide the Service;
  • maintain user accounts;
  • comply with legal obligations;
  • resolve disputes;
  • enforce our agreements;
  • improve the Service and our AI systems, where permitted by law and your settings or consent.

If you delete your account, we will aim to delete or anonymize your personal data within a reasonable period, except where retention is required for legal, security, fraud-prevention, backup, or legitimate operational reasons.

If you have consented to AI model improvement, we may retain and use de-identified, aggregated, or otherwise protected data for model improvement where permitted by law and consistent with our disclosures.

10. Data security

We use reasonable administrative, technical, and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. However, no system can be guaranteed to be completely secure.

11. Your rights

Depending on your location, you may have rights to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • request a copy of certain data;
  • request export of your data in a portable format, where available.

To exercise privacy rights, contact us at: ec.business.ia@gmail.com

We may need to verify your identity before fulfilling a request.

12. Children’s privacy

Lupafina is not intended for children under the age required by applicable law to use the Service without parental or guardian consent, and we do not knowingly collect personal data from such children.

If you believe a child has provided personal data through the Service, contact us and we will take appropriate steps.

13. Third-party services and links

The Service may integrate with or link to third-party services. Their privacy practices are governed by their own policies, not this Privacy Policy.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date and, where appropriate, provide additional notice.

15. Contact

For privacy questions or rights requests, contact:

Lupafina
Montevideo, Uruguay
Email: ec.business.ia@gmail.com