Privacy Policy

Effective Date: February 12, 2026

1. Introduction

Welcome to Finna ("we," "our," or "us"). Finna is an AI-powered travel companion application that helps you plan trips, discover places, and organize your travel experiences. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our mobile application and web services (collectively, the "Services").

By using Finna, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this policy, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, age, gender, and nationality when you create an account via Firebase Authentication (Google, Apple Sign-In, or email/password).
  • Profile Data: Travel preferences, dietary restrictions, food allergies, travel style, ideal trip descriptions, and other preferences you provide during onboarding or profile updates.
  • Chat History: All messages, questions, and conversations you have with our AI travel assistant, including text inputs, uploaded images, and shared links.
  • Trip Data: Itineraries, destinations, dates, activities, bookings, budgets, and other travel-related information you create or save within the app.

2.2 Automatically Collected Information

  • Device Information: Device type, operating system version, unique device identifiers, mobile network information, and device settings.
  • Location Data: Approximate location derived from IP address, and precise location when you grant permission (used only when actively viewing maps or location-based features).
  • Usage Data: App interactions, features used, screen views, session duration, tap events, and other behavioral analytics collected via our custom analytics infrastructure (api.sleepcasts.org) and Umami Analytics for web.
  • Log Data: IP address, browser type, pages visited, time stamps, crash reports, and API request logs.

2.3 Third-Party Data

  • Authentication Data: Basic profile information (name, email, profile picture) from Google or Apple when you use third-party sign-in.
  • Maps & Location Data: Place information, geocoding data, and points of interest from Google Maps and OpenStreetMap APIs.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • AI-Powered Travel Assistance: Your chat history, profile data, and preferences are processed by Google Gemini 3 Flash AI to generate personalized travel recommendations, itineraries, and answers to your questions.
  • Service Delivery: To provide core functionality, including trip planning, map visualization, place search, budget estimation, and content recommendations.
  • Personalization: To remember your preferences, travel style, dietary needs, and past trips to improve future recommendations.
  • Account Management: To create and maintain your account, authenticate your identity, and provide customer support.
  • Analytics & Improvement: To understand how users interact with Finna, identify bugs, measure feature adoption, and improve app performance and user experience.
  • Affiliate Tracking: To track clicks on partner links (hotels, tours, travel services) for attribution purposes. Click data is anonymized and does not include personal identifiers beyond user ID (if logged in).
  • Push Notifications: To send you trip reminders, travel alerts, and feature updates via Firebase Cloud Messaging (only if you grant permission).
  • Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights and the safety of our users.

4. AI Processing & Data Disclosure

Google Gemini AI: Your chat messages, uploaded images, profile information, and travel preferences are sent to Google's Gemini 3 Flash AI model for processing. This data is transmitted to Google's servers in real-time to generate responses. Google may use this data in accordance with their privacy policy, but Finna does not control Google's data practices beyond our API agreement.

We do not share your personal information with Google beyond what is necessary to operate the AI features. Google's privacy policy can be found at https://policies.google.com/privacy.

5. Third-Party Services

Finna integrates with the following third-party services, each governed by their own privacy policies:

  • Firebase Authentication: Account creation and sign-in (Privacy Policy)
  • Google Maps Platform: Maps, geocoding, place search (Privacy Policy)
  • OpenStreetMap: Map tiles and geographic data (Privacy Policy)
  • Cloudflare R2: File storage for trip images and generated assets (Privacy Policy)
  • Umami Analytics: Privacy-focused web analytics (Privacy Policy)
  • Affiliate Partners: When you click on partner links (Booking.com, Airalo, GetYourGuide, Skyscanner, etc.), you are subject to their privacy policies. We track clicks anonymously for attribution but do not share your profile data.

6. Data Retention

  • Account Data: Retained until you delete your account or request deletion.
  • Chat History: Stored indefinitely to provide personalized recommendations. You can delete individual conversations or your entire account at any time.
  • Analytics Data: Anonymized usage data may be retained for up to 2 years for product improvement purposes.
  • Logs & Crash Reports: Retained for 90 days for debugging and security monitoring.
  • Affiliate Click Data: Retained for up to 1 year for commission tracking and fraud prevention.

7. Your Rights (GDPR & Data Protection)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have the following rights under GDPR (Articles 15-20):

  • Right to Access: Request a copy of all personal data we hold about you via GET /api/user/export-data or by contacting support.
  • Right to Deletion: Request full deletion of your account and all associated data via DELETE /api/user/delete-account in the app settings or by emailing support@getfinna.com.
  • Right to Rectification: Correct inaccurate profile information in your account settings.
  • Right to Data Portability: Export your data in JSON format for transfer to another service.
  • Right to Restrict Processing: Request limitations on how we process your data.
  • Right to Object: Object to processing based on legitimate interests (e.g., analytics).
  • Right to Withdraw Consent: Revoke consent for optional data processing (e.g., location, notifications) at any time in app settings.

To exercise these rights, contact us at support@getfinna.com. We will respond within 30 days as required by law.

8. Children's Privacy

Finna is not intended for users under the age of 16. We do not knowingly collect personal information from anyone under 16 years old. If a user enters an age below 16 during onboarding, account creation is blocked, and no data from that session is stored.

If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately at support@getfinna.com, and we will delete the information promptly.

9. International Data Transfers

Finna operates globally. Your data may be transferred to and processed in countries outside your jurisdiction, including the United States, Germany (Hetzner VPS hosting), and other locations where our service providers operate. These countries may have different data protection laws than your country.

When we transfer data from the EEA to other countries, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission. For data processed by Google (Gemini AI, Firebase, Maps), Google's data transfer mechanisms apply.

10. Cookies & Tracking Technologies

Finna uses the following tracking technologies:

  • Authentication Cookies: Firebase session cookies to keep you logged in.
  • Analytics Cookies: Umami Analytics (web only) uses privacy-focused cookies that do not track personal identity across sites.
  • Local Storage: Browser local storage to save app preferences and cache data for performance.

We do not use third-party advertising cookies or tracking pixels. You can disable cookies in your browser settings, but this may limit app functionality.

11. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) for all data communication
  • Encryption at rest for database and file storage via PostgreSQL and Cloudflare R2
  • Secure authentication via Firebase (bcrypt password hashing, OAuth 2.0)
  • Regular security audits, dependency updates, and vulnerability scanning
  • Access controls and rate limiting on all API endpoints

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make significant changes, we will notify you via email or an in-app notification at least 30 days before the changes take effect.

The "Effective Date" at the top of this policy indicates when it was last updated. Your continued use of Finna after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@getfinna.com

Website: https://getfinna.com

For GDPR-related requests or data protection inquiries, please include "Data Protection Request" in your email subject line.

14. Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection authority. A list of EU data protection authorities can be found at https://edpb.europa.eu.

Back to HomeTerms of Service