CollieCollie
BETA

Privacy Policy

Last updated: June 2026

Who is responsible for your data

The data controller for Collie is João Santos, operating Collie as an independent project.

Address: [REGISTERED ADDRESS — UPDATE AFTER COMPANY REGISTRATION]
Email: hello@colliefinance.com

A Data Protection Officer (DPO) has not been appointed, as one is not required under Article 37 GDPR for processing activities of this scale and nature.

What data we collect and why

We collect only what is strictly necessary to provide the service. Below is each category of data, the purpose, and the legal basis under GDPR Article 6.

Email address

Purpose: Authentication — to send you a one-time login code and maintain your session. We do not send marketing emails.

Legal basis: Performance of a contract (Article 6(1)(b)) — providing access to the service requires verifying your identity.

Required to use the service? Yes — without an email address you cannot create an account or access the service.

Financial data

Purpose: Core service — income, expenses, assets, loans, sinking funds, and portfolio positions that you enter are stored and used to power the app's calculations and views.

Legal basis: Performance of a contract (Article 6(1)(b)) — the service exists to store and process this data on your behalf.

Required to use the service? No — you choose what financial data to enter. The app works with whatever you provide.

Session cookies

Purpose: Authentication — HTTP-only cookies set by Supabase keep you signed in between sessions.

Legal basis: Legitimate interests (Article 6(1)(f)) — strictly necessary cookies do not require consent under ePrivacy Directive recital 25.

Required to use the service? Yes — disabling these cookies will prevent you from staying signed in.

Anonymous usage data

Purpose: Product improvement — pages visited, country (from server headers), and device type (mobile/desktop) are logged anonymously to understand how the product is used.

Legal basis: Legitimate interest (Article 6(1)(f)) — understanding usage patterns to improve the service. No personal data is stored and no cookies are used for this purpose.

Required to use the service? No — this data is collected automatically but cannot be linked to any individual user.

We do not use advertising trackers or track your behaviour across sessions or devices.

We do not make automated decisions about you, including profiling, that produce legal or similarly significant effects.

How your data is stored

Cloud database: All financial data is stored in Supabase, a cloud database provider with servers in the EU (Ireland, eu-west-1). Row-level security ensures your data can only be accessed by your authenticated account — not by other users or Collie staff.

Authentication: Sign-in sessions are managed by Supabase Auth using HTTP-only cookies. No session data is stored in the browser beyond what is strictly required.

No data is stored locally on your device beyond essential browser session state.

Third-party processors

We share data with the following processors, each bound by a Data Processing Agreement (DPA):

SupabasePrivacy policy

Role: Database and authentication

Location: EU (Ireland)

Transfer safeguard: No transfer outside EEA

ResendPrivacy policy

Role: Transactional email (login codes only)

Location: United States

Transfer safeguard: Standard Contractual Clauses (SCCs) under Article 46(2)(c) GDPR

VercelPrivacy policy

Role: Application hosting and edge delivery

Location: EU edge nodes (primary)

Transfer safeguard: Standard Contractual Clauses (SCCs) where US infrastructure is involved

We have no other third-party integrations. No advertising networks, no analytics platforms, no social trackers.

How long we keep your data

Your data is retained for as long as your account is active. The criteria we use to determine retention:

  • Account data (email): Retained until you delete your account.
  • Financial data: Retained until you delete your account or remove individual entries within the app.
  • Session cookies: Expire after a fixed period of inactivity or when you sign out.
  • Deleted accounts: All personal data is permanently deleted from our systems within 24 hours of account deletion. This deletion is irreversible.

We do not retain data beyond these periods. There are no legal hold obligations that require us to retain your financial planning data after account deletion.

Your rights under GDPR

If you are located in the European Economic Area, you have the following rights. You can exercise most of them directly in the app:

  • Right of access (Article 15) — export all your data at any time from Settings → Data → Export CSV or JSON Backup.
  • Right to data portability (Article 20) — exported files are in open formats (CSV, JSON) you can use with any tool.
  • Right to rectification (Article 16) — all your data is editable directly in the app.
  • Right to erasure (Article 17) — delete your account and all associated data from Settings → Account → Delete Account. Deletion is permanent and completed within 24 hours.
  • Right to restriction of processing (Article 18) — contact us at hello@colliefinance.com and we will restrict processing while your request is assessed.
  • Right to object (Article 21) — where we rely on legitimate interests as a lawful basis, you have the right to object. Contact us and we will assess whether our interests override yours.

We will respond to all rights requests within 30 days. There is no charge for exercising your rights.

Right to complain to a supervisory authority

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the relevant data protection authority. In Portugal, this is:

Comissão Nacional de Proteção de Dados (CNPD)
https://www.cnpd.pt

You may also lodge a complaint with the supervisory authority in your country of residence or place of work within the EU.

Cookies

Collie uses only essential cookies required for authentication (set by Supabase). These are strictly necessary to keep you signed in between sessions and cannot be disabled while using the app.

We do not use advertising cookies, tracking pixels, analytics cookies, or any non-essential cookies. No cookie consent banner is shown because none is required.

Children

Collie is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

Changes to this policy

We may update this policy as the service evolves. Material changes — including any that affect your rights or the legal basis for processing — will be communicated via the app before they take effect. The date at the top of this page reflects the most recent update.

Contact

Questions about this privacy policy or your personal data? Contact us at hello@colliefinance.com. We aim to respond within 5 business days.