Privacy Policy

1. Introduction and Data Controller

Prevesto ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our budgeting platform and website at prevesto.com (the "Service").

The data controller responsible for your personal data is:

Our Data Protection Officer (DPO) can be reached at dpo@prevesto.com.

This policy applies to all users of the Service, regardless of which language version they use. Prevesto is available in multiple EU languages; however, in case of any discrepancy, the English version of this policy prevails.

2. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Performance of a contract (Art. 6(1)(b) GDPR): Processing your data is necessary to provide the Service you have signed up for, including managing your account, processing your budgets and transactions, and handling subscription payments.
• Legitimate interest (Art. 6(1)(f) GDPR): We process certain data to improve the Service, ensure security, prevent fraud, and perform analytics. We have conducted balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms.
• Consent (Art. 6(1)(a) GDPR): Where required, we obtain your explicit consent before processing, such as for non-essential cookies, marketing communications, or enabling family sharing features. You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
• Legal obligation (Art. 6(1)(c) GDPR): We may process your data to comply with applicable laws, such as tax regulations, anti-money laundering requirements, or court orders.

3. Data We Collect

3.1 Account Data

• Registration information: email address and password (stored as a cryptographic hash).
• Profile information: display name, preferred language, and currency preferences.
• Authentication data: two-factor authentication (2FA) setup data, session tokens, and login history (timestamps, IP addresses).

3.2 Financial Data

• Budgets: budget names, amounts, periods, and categories you create.
• Transactions: transaction descriptions, amounts, dates, categories, and any notes you add.
• Account balances: account names, types, balances, and reconciliation data.
• Categories: custom category names and hierarchies.

3.3 Bank Connection Data

When you connect a bank account to Prevesto via our open banking integration, the following data is processed:

• Bank account details: account holder name, IBAN, account type, and currency, as provided by your bank through the open banking connection.
• Transaction history: transaction descriptions, amounts, dates, counterparty names, and reference numbers imported from your bank. You choose how far back to import (maximum 90 days).
• Consent metadata: the date you authorized the connection, the bank you connected, and the consent expiry date.
• Connection identifiers: a requisition ID used to maintain the connection with our open banking provider. We do not store your bank login credentials, passwords, or PINs.

Bank connections are facilitated through Enable Banking Oy, a licensed Account Information Service Provider (AISP) under PSD2. See Section 7 for details on Enable Banking as a data processor.

3.4 Payment Data

• Subscription information: plan type (Free or Pro), billing cycle, and subscription status.
• Payment processing: payments are handled by Stripe, Inc. We do not store your full credit card number, CVV, or bank account details. We retain only a Stripe customer ID, the last four digits of your payment method, and transaction records (amount, date, status) for accounting purposes.

3.5 Technical and Usage Data

• Device information: browser type and version, operating system, device type, and screen resolution.
• Usage data: pages visited, features used, actions taken within the Service, and session duration.
• Log data: IP address, access timestamps, referring URLs, and error logs.

3.6 Communication Data

• Support communications: messages you send to us via email or support channels, including metadata (timestamps, subject lines).
• Feedback: any feedback, suggestions, or survey responses you voluntarily provide.

4. How We Use Your Data

• Service delivery: provide, maintain, and operate the budgeting platform, including processing your financial data, managing your account, and delivering core features.
• Payment processing: process subscription payments, manage billing, send invoices, and handle refunds via Stripe.
• Family sharing: when you enable family sharing, share designated financial data (budgets, transactions, balances) with family members you explicitly invite.
• Security: protect accounts through 2FA, detect and prevent fraud, monitor for suspicious activity, and enforce our terms of service.
• Communications: send transactional emails (account verification, password resets, payment receipts), security alerts, and service announcements.
• Service improvement: analyze usage patterns to improve features, fix bugs, optimize performance, and develop new functionality.
• Legal compliance: comply with applicable laws and regulations, respond to legal requests, and enforce our legal rights.

5. How We Protect Your Financial Data

We understand the sensitive nature of financial data and apply enhanced protections:

• Encryption in transit: all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: your financial data is encrypted at rest in our PostgreSQL database using AES-256 encryption.
• Access controls: strict role-based access controls limit which personnel can access production data. Access is granted on a need-to-know basis.
• Database security: our database is hosted on a dedicated VPS in the Netherlands and is not directly accessible from the public internet.
• Regular security assessments: we conduct regular security reviews and vulnerability assessments.
• Password security: passwords are hashed using industry-standard algorithms and are never stored in plaintext.
• Session management: sessions are time-limited, and you can view and revoke active sessions from your account settings.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

6. Payment Processing by Stripe

We use Stripe, Inc. as our payment processor. When you subscribe to a paid plan, your payment information is collected and processed directly by Stripe. Stripe acts as a data processor on our behalf and as an independent data controller for its own purposes.

• Stripe is certified as a PCI Level 1 Service Provider, the highest level of certification in the payment card industry.
• Your full payment card details are handled exclusively by Stripe and never touch our servers.
• We have a Data Processing Agreement (DPA) with Stripe that ensures GDPR-compliant processing.
• Stripe may set its own cookies on the payment page for fraud detection purposes. See Stripe's Privacy Policy for details.

7. Open Banking via Enable Banking

Prevesto offers the ability to connect your bank accounts for automatic transaction import. This feature is powered by Enable Banking Oy, a Finnish company licensed as an Account Information Service Provider (AISP) under the EU Payment Services Directive 2 (PSD2).

7.1 How Bank Connections Work

• When you connect a bank account, you are redirected to your bank's secure login page to authenticate and grant consent.
• Prevesto never sees, stores, or processes your bank login credentials. Authentication occurs directly between you and your bank.
• After consent, Enable Banking retrieves your account information and transaction data on our behalf, which we import into your Prevesto budget.

7.2 Enable Banking as Data Processor

Enable Banking acts as a data processor on our behalf. Their role is limited to:

• Facilitating the secure connection between Prevesto and your bank.
• Retrieving account and transaction data from your bank as authorized by your consent.
• Transmitting this data to Prevesto for import into your budget.

Enable Banking does not use your data for any purpose other than providing the service to Prevesto. We have a Data Processing Agreement (DPA) with Enable Banking that ensures GDPR-compliant processing.

Enable Banking Oy is registered in Finland and supervised by the Finnish Financial Supervisory Authority (FIN-FSA). For more information, see Enable Banking's Privacy Policy.

7.3 Consent and Duration

• Explicit consent: you must explicitly authorize each bank connection. We never access bank data without your consent.
• Consent duration: bank consents are valid for a maximum of 90 to 180 days (depending on your bank), after which you must reauthorize the connection.
• Revocation: you can disconnect a bank connection at any time from your account settings. Upon disconnection, we stop retrieving new data and the connection with Enable Banking is terminated.
• Data refresh: while connected, transaction data is refreshed periodically (up to 4 times per day, as permitted under PSD2). We store imported transactions locally in your Prevesto account.

7.4 Data Retained from Bank Connections

Imported transaction data (descriptions, amounts, dates, counterparty names) is stored as part of your Prevesto financial data and is subject to the same retention policy as manually entered transactions (see Section 11). Connection metadata (bank name, consent date, expiry date) is retained for the duration of the connection plus 30 days.

If you delete your Prevesto account, all imported bank transaction data and connection metadata is deleted in accordance with our standard data retention policy.

8. Family Sharing and Data Implications

Prevesto allows you to share financial data with family members. When you use the family sharing feature:

• Your control: you choose which family members to invite and which data to share. You can revoke access at any time.
• Shared data: invited family members may be able to view and, depending on permissions you set, edit shared budgets, transactions, account balances, and categories.
• Family members' responsibilities: each family member with access to shared data is responsible for keeping that data confidential and not sharing it further without authorization.
• Account independence: each family member maintains their own independent Prevesto account with their own login credentials and personal data.
• Data deletion: if you delete shared data, it will no longer be accessible to family members. If you remove a family member, their access to your shared data is immediately revoked.
• Legal basis: family sharing is processed on the basis of your explicit consent when you activate the feature and invite members.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, maintain your session, remember your preferences, and analyze usage. For detailed information about the specific cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

10. Data Sharing and Third Parties

We do not sell, trade, or rent your personal data to third parties. We may share data in the following circumstances:

10.1 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf, bound by Data Processing Agreements that ensure GDPR compliance:

• Stripe, Inc.: payment processing (see Section 6).
• Enable Banking Oy: open banking / bank account connectivity (see Section 7). Licensed AISP under PSD2, supervised by FIN-FSA. Headquartered in Finland (EU).
• Hosting provider: VPS hosting in the Netherlands for our application and database infrastructure.
• Email delivery: transactional email services for account notifications and security alerts.

10.2 Family Members

When you activate family sharing, designated financial data is shared with family members you have invited (see Section 8).

10.3 Legal Requirements

We may disclose your data when required by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Prevesto, our users, or the public.

10.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of the transaction. We will notify you via email or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Specific retention periods are as follows:

After the applicable retention period expires, data is securely deleted or anonymized. You may request earlier deletion of your data by contacting us (subject to legal retention obligations).

12. International Data Transfers

Your personal data is primarily stored and processed on servers located in the Netherlands within the European Economic Area (EEA).

In certain cases, data may be transferred to countries outside the EEA when using third-party service providers (such as Stripe, which operates from the United States). When such transfers occur, we ensure appropriate safeguards are in place, including:

• Adequacy decisions: transfers to countries that the European Commission has determined provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs): EU-approved contractual clauses that obligate the recipient to protect data to EU standards.
• EU-U.S. Data Privacy Framework: where applicable, transfers to U.S. companies certified under the EU-U.S. Data Privacy Framework.

You may request a copy of the safeguards we use for international transfers by contacting our DPO.

13. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. In compliance with the GDPR, which allows EU member states to set the age of digital consent between 13 and 16, we apply the Dutch standard of 16 years.

If we become aware that we have collected personal data from a child under 16 without valid parental consent, we will take immediate steps to delete that data. If you believe that a child under 16 has provided us with personal data, please contact us at privacy@prevesto.com.

14. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Right of access (Art. 15): you have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data and receive a copy.
• Right to rectification (Art. 16): you have the right to have inaccurate personal data corrected and incomplete data completed.
• Right to erasure / "right to be forgotten" (Art. 17): you have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent. This right is subject to legal retention obligations.
• Right to restriction of processing (Art. 18): you have the right to request that we restrict the processing of your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
• Right to data portability (Art. 20): you have the right to receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) and to transmit it to another controller. You can export your financial data directly from your account settings.
• Right to object (Art. 21): you have the right to object to the processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing prior to withdrawal.
• Right not to be subject to automated decision-making (Art. 22): see Section 16 below.

To exercise any of these rights, contact us at privacy@prevesto.com or dpo@prevesto.com. We will respond to your request within 30 days. If we need more time (up to an additional 60 days), we will inform you of the delay and the reasons.

We may ask you to verify your identity before processing your request to ensure the security of your data.

15. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Prevesto is:

You may also lodge a complaint with the supervisory authority in your EU/EEA member state of habitual residence, place of work, or place of the alleged infringement.

16. Automated Decision-Making and Profiling

Prevesto does not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you, as defined under Article 22 of the GDPR.

The Service may provide automated budget insights, spending summaries, and category suggestions based on your data. These features are informational only and do not constitute automated decision-making. You are always in full control of your financial data and decisions.

17. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the supervisory authority: we will report the breach to the Autoriteit Persoonsgegevens within 72 hours of becoming aware of it, as required by Article 33 of the GDPR.
• Notify affected individuals: if the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay via email and/or a prominent notice within the Service, as required by Article 34 of the GDPR.
• Notification content: our notification will describe the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed to address and mitigate the breach.
• Documentation: we maintain a record of all data breaches, including their effects and remedial actions taken, regardless of whether notification to the supervisory authority is required.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. When we make changes:

• Material changes: we will notify you via email to the address associated with your account and display a prominent notice in the Service at least 30 days before the changes take effect.
• Minor changes: we will update the "Last updated" date at the top of this page.
• Continued use: your continued use of the Service after the effective date of the updated policy constitutes acceptance of the changes.

We encourage you to review this policy periodically. Previous versions of this policy are available upon request.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us through the following channels:

We aim to respond to all privacy-related inquiries within 5 business days.