Privacy Policy

OpenFinance ("we," "us," or "our") is an open-source, self-hosted personal finance and bookkeeping application. This Privacy Policy explains how we collect, use, store, and protect your information when you use the OpenFinance application at openfinance.to or any self-hosted instance of the software.

Because OpenFinance is designed to be self-hosted, the data handling described in this policy applies to the hosted instance at openfinance.to. If you self-host OpenFinance on your own infrastructure, your data remains entirely under your control and never leaves your server unless you configure it to do so.

Account Information

When you create an account, we collect your email address and name. If you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.

Financial Documents

You may upload financial documents such as bank statement PDFs, CSV files, and spreadsheets. These files are processed to extract transaction data and are stored on the server where OpenFinance is hosted.

Transaction Data

We store transaction details extracted from your uploaded documents or connected bank accounts, including dates, amounts, descriptions, and categories.

Bank Account Connections (Plaid)

If you connect a bank account through Plaid, we receive account metadata (institution name, account name, account type) and transaction history. We do not receive or store your bank login credentials. Plaid acts as a secure intermediary between your bank and OpenFinance. For more information, see Plaid's Privacy Policy.

Usage Data

We collect basic session information required for authentication and application functionality, such as login timestamps and session tokens.

• Transaction extraction: Uploaded documents are processed using AI (OpenAI) to extract and categorize transactions automatically.
• Financial insights: Your transaction data is analyzed to provide dashboards, charts, spending breakdowns, and AI-powered financial insights.
• AI chat: When you interact with the AI chat feature, your messages and relevant financial context may be sent to OpenAI for processing. We do not use your data to train AI models.
• Authentication: Account information is used to manage your login sessions and secure your data.
• Application improvement: We may use anonymized, aggregated usage patterns to improve the application. We never sell or share individual financial data.

OpenFinance integrates with the following third-party services:

OpenAI

We use OpenAI's API to process uploaded financial documents and power the AI chat feature. Document contents and chat messages are sent to OpenAI for processing. OpenAI's data usage policies apply to this processing. Per OpenAI's API data usage policy, data sent through the API is not used to train their models. See OpenAI's Privacy Policy.

Plaid

If you choose to connect a bank account, Plaid facilitates the secure connection between your financial institution and OpenFinance. Plaid receives your bank credentials directly and provides OpenFinance with account and transaction data only. See Plaid's Privacy Policy.

Google OAuth

If you choose to sign in with Google, Google provides us with your basic profile information (name, email, profile picture) for authentication purposes. We do not access any other Google services or data on your behalf. See Google's Privacy Policy.

OpenFinance uses a SQLite database to store all application data. On the hosted instance at openfinance.to, your data is stored on our server infrastructure.

For self-hosted instances, all data remains on your own infrastructure. We have no access to data on self-hosted installations.

We implement security measures including encrypted connections (HTTPS), secure session management, and password hashing to protect your data. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

Your data is retained for as long as your account is active. Uploaded documents, extracted transactions, and all associated financial data are stored until you explicitly delete them or delete your account.

When you delete your account, all of your data is permanently removed from the system, including:

• Account information and profile data
• Uploaded financial documents
• Extracted transaction records
• Connected bank account data
• Chat history and AI interactions

For self-hosted instances, data retention is entirely under your control. You can delete the database at any time to remove all data.

You have the following rights regarding your personal data:

• Access: You can view all your data within the application at any time. Your financial data is always accessible through the dashboard and transaction views.
• Deletion: You can delete individual transactions, uploaded documents, or your entire account. Account deletion removes all associated data permanently.
• Portability: You can export your transaction data at any time. For self-hosted instances, you have direct access to the database.
• Correction: You can edit and correct your transaction data and account information at any time through the application.
• Withdraw consent: You can disconnect linked bank accounts or stop using AI features at any time without affecting your core account functionality.

OpenFinance uses cookies strictly for authentication and session management. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

The cookies we use include:

• Session cookie: Maintains your logged-in state. This cookie is essential for the application to function and expires when your session ends or after a period of inactivity.

OpenFinance is designed as a self-hosted application. When you run OpenFinance on your own server:

• All data stays on your infrastructure and never reaches our servers.
• You are responsible for the security and backup of your data.
• Third-party API calls (OpenAI, Plaid) go directly from your server to those services, not through us.
• This privacy policy may not fully apply to self-hosted instances, as you control the data processing and storage.

OpenFinance is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your data.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@openfinance.to

For issues with the open-source software, you can also open an issue on our GitHub repository.