Privacy Policy
Last updated: 5 July 2026 · Effective: 5 July 2026
This policy explains how SelbstFinanz (“the app”, “we”), operated by Prometheus Systems, Melchargaße 41, 1130 Wien, Austria, collects, uses, and protects your information. It applies to the SelbstFinanz web app and iOS app. SelbstFinanz is a bookkeeping tool for the self-employed: invoicing, expenses, VAT, and mileage.
Who is responsible
The data controller is Prometheus Systems. For any privacy question or to exercise your rights, contact privacy@selbstfinanz.at.
Where you enter information about your own customers or clients, you are the controller of that data and we act as your processor, handling it only to provide the service to you.
What we process
- Account & identity. Your email address and authentication credentials (passwords are hashed by our auth provider; we never see them in plain text).
- Business & financial data you enter. Invoices, expenses, trips, mileage, VAT figures, and the issuer / bank details you configure.
- Your clients’ details. Names, addresses, VAT IDs, and email addresses you record for invoicing.
- Documents & photos. Receipt and invoice images or PDFs you upload, or photograph with your device camera, for scanning. These are stored in a private storage bucket and served only through short-lived signed links.
- Connected mailbox (optional). If you connect an email mailbox, we access messages and attachments solely to import receipts you choose to bring in.
- Device & technical data. If you enable push notifications, a device notification token; plus standard server logs and request metadata (e.g. IP address) needed to run and secure the service.
- Face ID / Touch ID. The optional app lock is performed entirely by iOS on your device. We never receive, see, or store your biometric data. The on/off setting for the lock is stored only on your device and is not synced to us.
How we use your data
- To provide the bookkeeping, invoicing, VAT, and mileage features.
- AI-assisted extraction. To read receipts, invoices, and mileage logs and to answer questions about your books, the relevant document images and text are processed by our AI provider, Anthropic. This is used to extract and structure your data, not to train third-party models.
- To send invoices and payment reminders by email, at your request.
- To convert amounts between currencies using published FX rates.
- To secure the service, prevent abuse, and meet legal obligations.
Legal bases (GDPR)
Where the GDPR applies, we rely on: performance of our contract with you (to provide the service); your consent (e.g. connecting a mailbox or enabling notifications); our legitimate interests (securing and improving the service); and compliance with legal obligations (e.g. retention of financial records).
Who we share it with
We do not sell your data, show you advertising, or track you across other apps or websites. We share data only with service providers who process it on our behalf to run the app:
- Supabase — database, file storage, and authentication.
- Vercel — application hosting and delivery.
- Anthropic — AI extraction of receipts / invoices / mileage and the “ask your books” assistant.
- Google Firebase Cloud Messaging — push notifications (only if you enable them).
- Resend / SendGrid — outbound email delivery (invoices, reminders).
- Frankfurter — published exchange rates (no personal data is sent).
Some providers may process data in the United States or other countries; where required, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses. Primary data is hosted in the EU (Frankfurt).
How long we keep it
We keep your data while your account is active and as needed to provide the service. Financial records may be retained for the periods required by applicable tax law. You can ask us to delete your account and data, subject to those legal retention requirements.
Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your data; object to or restrict certain processing; and request a portable copy. You may also withdraw consent and lodge a complaint with your data protection authority (the Austrian Datenschutzbehörde). To exercise any of these, contact privacy@selbstfinanz.at.
Security
Data is encrypted in transit. Documents are held in private storage and accessed only through short-lived signed URLs, and access to your data is restricted to your authenticated account and the workspace members you invite.
Children
SelbstFinanz is a business tool and is not directed to children. We do not knowingly collect data from anyone under 16.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated in the app.
Contact
Prometheus Systems
Melchargaße 41, 1130 Wien, Austria
privacy@selbstfinanz.at