Privacy Policy
Last updated: 26 May 2026 · FinanzKlar GmbH, Vienna, Austria
1. Data Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG 2018) is:
FinanzKlar GmbH
Mariahilfer Straße 123
1060 Vienna, Austria
Email: [email protected]
Phone: +43 1 260 80 123
2. Principles of Data Processing
We process personal data only where necessary to provide our services or where a legal basis under Art. 6 GDPR exists. We do not collect banking credentials and have no access to your accounts.
3. Categories of Data Processed
- Registration data: First name, email address, encrypted password
- Usage data: Self-entered expenses, categories, budget settings
- Technical data: IP address, browser type, OS, access timestamps (server logs)
- Cookie data: Session cookies, preference cookies (only with consent)
4. Legal Bases for Processing
| Purpose | Legal basis |
|---|---|
| Account creation and contract performance | Art. 6(1)(b) GDPR |
| Security, fraud prevention | Art. 6(1)(f) GDPR |
| Email marketing (newsletter) | Art. 6(1)(a) GDPR (consent) |
| Statutory retention obligations | Art. 6(1)(c) GDPR |
| Technically necessary cookies | § 165 TKG 2021 |
5. Cookies
Our website uses cookies. Technically necessary cookies are set without your consent. For all other cookies we obtain your explicit consent via our cookie banner.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| fk_session | Necessary | Maintain login status | Session end |
| fk_cookies | Preference | Store cookie consent | 12 months |
| _ga | Analytics (opt-in) | Google Analytics | 24 months |
You can disable cookies at any time in your browser settings or manage them via Cookie Settings in the footer.
6. Data Storage and Security
All data is stored exclusively on servers in Austria (Vienna). Transmission is via encrypted HTTPS connections (TLS 1.3). Stored data is encrypted with AES-256. Passwords are stored only as bcrypt hashes.
7. Disclosure to Third Parties
We do not share your personal data with third parties unless you have expressly consented, there is a legal obligation, or it is necessary for contract performance. We use the following processors, contractually bound to GDPR compliance:
- Hetzner Online GmbH (server hosting, location Vienna)
- Stripe Inc. (payment processing, EU Standard Contractual Clauses)
8. Retention Period
We store personal data only as long as required for the stated purposes or as required by law (generally 7 years under Austrian tax law). After account cancellation, your data is deleted within 30 days.
9. Your Rights under GDPR
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR — "right to be forgotten")
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR) — export as CSV/JSON
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
To exercise your rights, contact: [email protected]
10. Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority. The Austrian Data Protection Authority (DSB) can be reached at:
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna
www.dsb.gv.at
11. Changes to This Policy
We reserve the right to update this Privacy Policy as needed. The current version is always available on this page. For material changes, we will notify you by email.