Legal · Privacy

Privacy Policy

Effective 16 May 2026Last updated 16 May 2026

WYN Financial Ltd. (“WYN Financial”, “we”, “us”) operates a read-only personal finance dashboard that aggregates your bank, card, and brokerage accounts onto a single screen. This policy explains what information we process, why we process it, and the controls you have over it.

The short version. We display your own financial data back to you. We never move money or place trades. We do not sell your data, and we do not use it for advertising. Account credentials are never seen or stored by us — they are handled by our regulated data providers.

01 Scope

This policy applies to the WYN Financial dashboard and its supporting services. It does not cover the practices of third parties whose services you choose to connect, including your financial institutions and our data aggregation providers, each of which maintains its own privacy policy.

02 Information we collect

Identity and account data

When you sign in, we authenticate you through GitHub OAuth. We receive your name, email address, GitHub account identifier, and avatar URL. Access to the private workspace is further restricted to an explicit allowlist of approved email addresses.

Financial account data

When you link an institution, we retrieve and store the financial data needed to power your dashboard. Depending on the account type, this includes:

  • Account names, types, masked numbers, and the connecting institution
  • Current and available balances, captured as point-in-time snapshots
  • Transaction history, including amount, date, description, merchant, and category
  • Brokerage holdings, positions, and related portfolio details

Operational data

To keep your data fresh and to support troubleshooting, we retain technical records such as synchronisation timestamps, record counts, connection status, and error codes returned by our providers.

03 How we collect financial data

We do not ask for, see, or store your online banking credentials. Account connections are established and maintained by regulated data aggregation providers:

  • Personal banking connections are handled by Plaid.
  • Brokerage connections are handled by SnapTrade.

You authenticate directly with these providers. They return a scoped, read-only access token that allows us to retrieve the data described above. Your use of these connections is also governed by each provider’s own privacy policy.

04 How we use your information

We process your information solely to provide the service. Specifically, to:

  • Authenticate you and secure access to your workspace
  • Display balances, cash flow, spending, and holdings on your dashboard
  • Calculate analytics such as net worth trends and category breakdowns
  • Keep connected accounts synchronised on a scheduled and on-demand basis
  • Diagnose connection failures and maintain the reliability of the service

We do not sell or rent your personal or financial data, and we do not use it for advertising, profiling for third parties, or any purpose unrelated to operating your dashboard.

05 Storage and protection

Your financial data is stored in a PostgreSQL database under our control. Provider access tokens are encrypted at rest using AES-256-GCM with a unique initialisation vector per record. Data in transit is protected with industry-standard TLS encryption. Each tenant’s data is logically isolated so that one workspace cannot access another. Additional detail is available on our Security page.

06 Sharing and disclosure

We disclose information only in the limited circumstances below:

  • Data providers — Plaid and SnapTrade, strictly to establish and maintain the account connections you authorise
  • Infrastructure providers — hosting and database services that operate the application on our behalf under confidentiality obligations
  • Legal compliance — where disclosure is required by applicable law, regulation, or valid legal process

07 Data retention

We retain your financial data for as long as the corresponding account connection remains active, so that historical trends and balance snapshots stay available to you. When you disconnect an account or close your workspace, the associated data and encrypted tokens are deleted within a reasonable period, except where limited records must be retained to meet legal obligations.

08 Your rights and choices

Subject to applicable law, you may request to access, export, correct, or delete your personal data, and you may disconnect any linked account at any time. To exercise any of these rights, contact us using the details below. We will respond within a reasonable timeframe.

09 Sessions and cookies

We use a single essential session cookie to keep you signed in after authentication. We do not use advertising or third-party tracking cookies, and we do not run analytics that profile your activity across other sites.

10 Public demo mode

The public demo is populated entirely with sample data and requires no account connection and no sign-in. No real financial information is collected, displayed, or stored when you use the demo.

11Children’s privacy

The service is intended for adults and is not directed to anyone under the age of 18. We do not knowingly collect personal information from children.

12 Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated through the service. Continued use after an update constitutes acceptance of the revised policy.

13 Contact us

Questions about this policy or requests regarding your data can be sent to sean.ionwyn@gmail.com. See our Contact page for more ways to reach us.