FibalBack

Privacy Policy

Last updated: February 19, 2026

1. Introduction

Fibal ("we," "our," or "us") operates the Fibal website and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access the Service.

2. Information We Collect

Personal Information

When you create an account, we collect information you provide directly:

  • Name (first and last)
  • Email address
  • Password (stored as a bcrypt hash — we never store plaintext passwords)

Financial Information

To provide the Service, we store financial data you enter manually:

  • Account names, types, and balances
  • Transaction descriptions, amounts, dates, and categories
  • Budget configurations and automation rules

We do not connect to your bank or financial institution. All financial data is entered by you and stored solely within your account.

Automatically Collected Information

When you access the Service, we may automatically collect:

  • IP address (used for rate limiting and security)
  • Browser type and version
  • Pages visited and time spent on pages
  • Device type and operating system

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Process your financial data to generate reports, budgets, and insights
  • Send transactional emails (verification, password reset, one-time passwords)
  • Monitor and prevent fraudulent or unauthorized activity
  • Improve and optimize the Service
  • Comply with legal obligations

4. Cookies and Tracking

Essential Cookies

We use a session cookie to authenticate you after login. This cookie is HTTP-only, secure, and required for the Service to function. It expires after 30 days of inactivity.

Analytics Cookies

With your consent, we use Google Analytics to understand how users interact with the Service. These cookies are only set after you accept our cookie consent banner. You can decline analytics cookies at any time, and we will remove any existing analytics cookies from your browser.

No Third-Party Advertising

We do not use advertising cookies or share your data with advertising networks.

5. Data Storage and Security

Your data is stored in a PostgreSQL database. We implement industry-standard security measures to protect your information:

  • Passwords are hashed using bcrypt
  • Session tokens are hashed using HMAC-SHA256
  • All connections are encrypted via HTTPS/TLS
  • Account lockout after repeated failed login attempts
  • Rate limiting on authentication and API endpoints

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Service providers: We use third-party services (email delivery, hosting) that process data on our behalf under strict confidentiality agreements.
  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Safety: We may disclose information to protect the rights, property, or safety of Fibal, our users, or others.

7. Data Retention

We retain your personal and financial data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law.

Session data is automatically purged after expiration (30 days). One-time passwords expire after 10 minutes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data for certain purposes.

To exercise any of these rights, contact us at the email address below.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

support@fibal.io