Last Updated: April 23, 2026

k25x is a personal finance app built to keep your data close to you. This page explains, in plain language, what we store, where we store it, and what you can do about it. If something here is unclear, email us (see the bottom of this page).

What data we collect

• Account info. If you sign in with Firebase Auth, we receive your email and (optionally) display name and photo URL from your provider.
• Financial data you enter. Accounts, transactions, budgets, goals, notes, and any documents you attach. You type it, we store it.
• Preferences. Theme, base currency, FIRE assumptions, feature toggles.
• Consent choices. What cookie categories you agreed to, with a timestamp.
• Connected-account metadata. If you link a bank via Plaid or Lean, we store the access tokens needed to refresh data. We never see your bank login.

Where it's stored

• Mostly in your browser. The majority of your data lives in your device's localStorage under keys prefixed fintrack-. Clearing your browser storage erases it.
• Optionally in Firestore. If you enable Cloud Sync in Settings, a copy is pushed to your own Firebase user document so you can access it on another device. Sync is off by default.
• On Google's servers when you use AI features. Prompts you send to the AI advisor are processed by Google Gemini. We do not store them separately.

Who we share it with

Nobody, with narrow exceptions:

• Plaid / Lean — only if you explicitly link a bank account. They fetch data on your behalf.
• Firebase (Google Cloud) — for authentication and optional Firestore sync.
• Google AI — for AI advisor prompts you initiate.

We do not sell data, run ad networks, or hand data to third-party brokers. If that ever changes, we'll update this page and notify you.

Your rights

• Export. Download everything as JSON from Settings → Data Rights.
• Delete. Delete all local data with one click in Settings. If you had cloud sync on, disable it first, or delete your Firestore doc via the Firebase console.
• Access. Your data is already visible in the app; export gives you a portable copy.
• Correct. Edit any record directly in the app.
• Withdraw consent. Change cookie categories any time from Settings or by clearing storage.

If you are in the EEA, UK, or California, these rights are backed by GDPR / UK GDPR / CCPA. The mechanisms above are how we fulfill them.

Retention

We keep your data for as long as you keep it. We have no background job that deletes your records on a schedule. If you delete your account, local data is wiped immediately; if you had cloud sync on, you should disable it first or clean up your Firestore document separately.

Cookies and similar storage

We don't use tracking cookies. We do use your browser's localStorage and IndexedDB for the app itself. The consent banner lets you opt in or out of:

• Necessary — always on. Auth state, your financial data, your preferences.
• Functional — remembers non-essential UI state (e.g. dismissed tips).
• Analytics — anonymous usage metrics, if we enable them. Off unless you opt in.

Security

We use Firebase Auth for sign-in and HTTPS for all network traffic. You can turn on device biometric unlock in Settings, which adds a local WebAuthn check before the app opens. Because data lives in your browser, the biggest risk is someone with access to your device; lock your device and enable biometrics.

Children

k25x is for adults. You must confirm you are 18 or older on first launch. We do not knowingly collect data from anyone under 18.

International transfers

If you use cloud sync or AI features, your data may be processed on Google Cloud infrastructure in the United States or other regions. By opting in, you accept that transfer.

Changes to this policy

If we make a material change (new category of data, new third party), we'll update the date above and surface a notice in the app. Minor clarifications will just update silently.

Contact

Questions, requests, or complaints: privacy@k25x.ai. If you are in the EU, you can also complain to your local data protection authority.