Privacy Policy

FireTally is a personal/family net-worth tracker. Your data stays in your own household record in our database. We do not sell it, look at it routinely, share it with advertisers, or mine it for analytics. We use the minimum technology needed to keep you signed in and to show you the latest market prices from third parties.

• Account credentials.Your email address and a hashed password (or your authentication provider's identifier if you sign in via a third party). The password is never stored in plain text.
• Household and financial data. Everything you enter into the app: account names, balances, snapshots, expected return rates, scenarios, contributions, watchlist symbols and positions, retirement targets, and similar.
• Server logs. Standard request logs (URL, timestamp, IP address) generated by our hosting providers for security and debugging. We do not enrich these.

• Analytics or behavioural tracking of any kind.
• Advertising identifiers, marketing cookies, or third-party trackers.
• Device fingerprints, scroll depth, click maps, session replays, or similar surveillance telemetry.
• Bank credentials of any kind. The app does not have an automated bank-sync feature; all balances are entered by you manually.

• All traffic between your device and the app is encrypted over HTTPS.
• Database rows are scoped to your household using row-level security: another user signed into the same database cannot query your data even if they tried.
• Passwords are stored as one-way hashes by our authentication provider; we cannot read them.
• The app operator has technical access to the database for maintenance, but does not routinely browse user data and would only do so to debug an issue you have reported.

We use a small number of strictly-necessary cookies to keep you signed in. These are set by our authentication provider (Supabase) and are HTTP-only, meaning they cannot be read by scripts running in your browser. We do not use cookies for analytics, advertising, or tracking. Because these cookies are strictly necessary to provide the service you have requested (signing in), they are exempt from consent requirements under UK GDPR / ePrivacy regulations.

We use a handful of infrastructure providers to run the app. Each only sees the data needed to do its job:

• Supabase — database hosting and authentication. Your account data lives here.
• Vercel — web hosting and deployment. Sees HTTP requests but not the contents of your database rows.
• Yahoo Finance— public market data. We query symbols (e.g. "VOO") and receive prices. They do not see your account data, only the symbol being looked up.

Under UK GDPR you have the right to:

• Access a copy of the data we hold about you (the in-app Backup button gives you a ZIP of all your data right now).
• Correct anything that's wrong (edit it in the app).
• Delete your data — contact us to wipe your household record.
• Withdraw consent or restrict processing.

We keep your data while your account exists. If you ask us to delete it, we remove your household and all associated rows (accounts, balances, scenarios, etc.) from the live database within 30 days. Backups containing the data are overwritten on a rolling 90-day cycle.

FireTally is intended for adults managing personal finances. We do not knowingly collect data from anyone under 16.

If we make material changes (for example, adding a new third-party processor or starting to use analytics) we will update the "Last updated" date at the top and, where the change is significant, surface a notice inside the app.

Questions, data requests, or complaints: contact the household owner who invited you to the app, or, if you signed up directly, use the support channel you were given when your account was created.