Skip to main content
Fundify
Back to home

Privacy Policy

Last updated: 18 March 2026

This Privacy Policy explains how Fundify (“we”, “us”, or “our”) collects, uses, stores, and protects your personal information when you use the Fundify platform (“Service”). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a one-way hash — we never store your plaintext password)
  • First and last name (optional)
  • Profile image (if provided or imported from Google)

If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive your Google password.

1.2 Club & Financial Data

When you or your club admin use the Service, the following data may be stored:

  • Club name, description, and configuration settings
  • Contribution records (amounts, dates, statuses)
  • Loan records (principal, interest, repayment schedules, balances)
  • Fine records (amounts, reasons, compounding details)
  • Asset and investment records (type, value, purchase/maturity dates)
  • Expense and income records (amounts, categories, descriptions)
  • Profit distribution records
  • Meeting minutes and notes
  • Member roles, join dates, and activity history
  • Documents uploaded to the document vault

1.3 Payment Information

Subscription payments are processed by Stripe. We store your Stripe customer identifier and transaction references, but we do not store your card number, CVV, or full payment credentials. All payment details are handled directly by Stripe in accordance with their security standards.

1.4 Automatically Collected Information

When you use the Service, we automatically collect:

  • IP address
  • Browser type and user agent
  • Session tokens and authentication cookies
  • Pages visited and actions taken (audit log)
  • Timestamps of activity

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — manage your account, clubs, and financial records
  • Process payments — handle subscriptions and billing through Stripe
  • Send transactional emails — account verification, password resets, contribution reminders, and loan notifications
  • Maintain security — authenticate sessions, enforce role-based permissions, and generate audit trails
  • Improve the Service — analyse usage patterns to fix bugs and enhance features
  • Comply with legal obligations — respond to lawful requests from authorities

We will never sell your personal data to third parties or use your financial records for advertising purposes.

3. Data Sharing

We share your information only in the following limited circumstances:

3.1 Within Your Club

Other members of your club can see your name, role, contribution history, loan status, and other financial records relevant to the club, as determined by your club’s permission settings. Club admins and treasurers have broader visibility by default.

3.2 Third-Party Service Providers

We use the following third-party services to operate the platform:

ProviderPurposeData Shared
StripePayment processingName, email, payment amount, currency
ResendTransactional emailsEmail address, email content
GoogleOAuth sign-in (optional)Email, name, profile picture (received from Google)
NeonDatabase hostingAll application data (encrypted in transit and at rest)
VercelApplication hostingIP address, request metadata

These providers process data on our behalf and are contractually obligated to protect your information.

3.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request.

4. Data Security

We implement the following measures to protect your data:

  • Encryption — all data is encrypted in transit (TLS/HTTPS) and at rest
  • Password hashing — passwords are hashed using bcrypt with a high work factor
  • Two-factor authentication — optional TOTP-based 2FA for additional account security
  • Session management — sessions expire after 7 days of inactivity
  • Role-based access control — granular permissions determine who can view and modify data
  • Audit logging — all financial actions are recorded with the user, action, and timestamp

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

5. Data Retention

  • Active accounts: Your data is retained for as long as your account is active and your club has an active subscription.
  • Deleted records: Most financial records (contributions, fines, expenses, assets, etc.) are soft-deleted and retained for 30 days before permanent deletion, allowing recovery if needed.
  • Deleted clubs: When a club is deleted, it enters a 30-day recovery period. After 30 days, all club data is permanently erased.
  • Audit logs: Audit trail data is retained for the lifetime of the club for transparency and compliance purposes.
  • Account closure: If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your account and associated personal data
  • Exportyour club’s financial data via our reporting tools
  • Withdraw consent for optional data processing (such as email reminders)
  • Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at hello@usefundify.com. We will respond within 30 days.

7. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

8. International Transfers

Your data may be processed and stored on servers located outside your country of residence, including in the United States and European Union, through our hosting and service providers. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place through contractual obligations with our providers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The “last updated” date at the top reflects the most recent revision.

10. Contact

If you have questions or concerns about this Privacy Policy or how we handle your data, contact us at: