Privacy policy
Finspace is a small personal product for Vietnamese users. This policy plainly states what data you keep here and how we look after it.
Last updated: 17 May 2026
Data we collect
When you sign up, Better-Auth stores your email and display name to create an account. While you use the app we keep the portfolio data you enter: assets, transactions, financial goals, liabilities, your monthly DCA plan, and your UserSettings record (which includes the AI assistant opt-in flag). The system also keeps technical logs needed by features: AiAuditLog records each AI assistant call so you can review it later, and MonthlyDigest stores the monthly summary paragraph if you have AI turned on.
How we use data
Your data is used only to run the app for you: render the portfolio, compute the defensive/growth allocation, real return (inflation-adjusted), time-weighted return, max drawdown, and backtests over what you entered. If you turn the AI assistant on in Settings, we send a snapshot of your data to the model to generate the monthly summary. Nobody on the operating side reads your data to sell ads, build user profiles, or share with third parties.
AI assistant — opt-in and never used for training
The full privacy posture for the AI feature lives in ADR 0016 (docs/decisions/0016-ai-qa-safety-contract.md). Key points: • OFF by default. The AI feature only runs after you turn it on in Settings. The server checks this flag on every /api/ask call — if it is off the request is rejected immediately (403 AI_DISABLED). • No chat history persisted. Each question is a stateless call. The snapshot is rebuilt from Prisma per request; once the answer returns we write nothing to the DB for chat-history purposes. • No training on your data. The default path goes through Cloudflare AI Gateway to Workers AI — Cloudflare commits to not training on pass-through data. If the operator switches to a paid upstream (Anthropic, OpenAI), they must verify that tier disables training. • Hard structured output. The model returns JSON validated against a Zod schema; no markdown, HTML, or free-form text. A pre-filter (Llama Prompt Guard 2) blocks jailbreak/injection before the main call, and a post-filter (Llama Guard 3) checks the answer before it is shown. • No write capability. The AI tool registry only contains read-only Prisma queries scoped to your userId. The model cannot create, update, or delete any data — this is a structural guarantee, not a promise.
Third parties and market data
Finspace pulls Vietnamese open-end fund NAV prices from public sources (e.g. vohoanghac.com) and gold price from SJC. These are market-wide prices, not tied to your identity — we send no personal information with those requests. Foreign exchange rates come from public APIs under the same rule: read-only, identity-free. When the AI feature is on, LLM calls go through Cloudflare AI Gateway. Cloudflare acts as proxy and observability layer; Cloudflare's privacy policy applies to that transport.
Data storage
Your data lives in Neon Postgres, encrypted at rest by Neon's default infrastructure. Better-Auth manages user sessions and stores account, session, and verification tables in the same database.
Cookies and sessions
Finspace uses HTTP-only cookies issued by Better-Auth to keep your session. No third-party tracking cookies. We do not embed analytics SDKs, advertising pixels, or session-replay services.
Your rights
• View your data. You can already see all your data through the app itself. A data export action in Settings is on the roadmap. • Delete your account. You can request account deletion at any time; a direct delete control will land in Settings in a future release. • Request an export. Until the self-serve export ships, send a manual request and we will return a dump of your data.
Minors
Finspace is not aimed at users under 18. If you are under 18, please do not create an account.
Policy changes
When this policy changes materially, we will surface an in-app notice before the change takes effect. Minor wording adjustments are reflected via the "Last updated" line at the top of this page.
Contact
For privacy questions, account deletion requests, or data export requests: open an issue on the finspace repository, or contact the email listed in the project README. Plain stance: finspace is a small personal product for Vietnamese users. At this scale we do not claim GDPR compliance or a "data controller" role under any international legal framework. We do our best: no analytics, no third-party tracking, and AI is opt-in.