Patrimony
Back to home

Privacy Policy

Last updated: 2026-07-13

Who is responsible for your data

Patrimony is operated by Gabriele Denaro, an individual based in Italy, acting as data controller under the EU General Data Protection Regulation (GDPR). Patrimony is not currently operated through a registered company.

For any privacy question or to exercise your rights, contact gabriele.denaro@outlook.com.

What we collect

Account data: your email address and, if you sign in with Google, the name and profile picture Google shares with us. If you use email/password sign-in, your password is stored as a salted hash by our authentication provider (Supabase) — we never see or store it in plain text.

Financial data you enter: account names, types and currencies, monthly balance entries, personal notes, and benchmark preferences. This is the core data the app exists to store, and it never leaves the systems described below.

Subscription data: if you subscribe to Premium, we store your subscription status, plan, and renewal date. Card numbers and payment details are handled entirely by Stripe — Patrimony never sees or stores them.

Communications: if you enable reminders, we store a browser push subscription endpoint and/or use your email address to send monthly reminders or service alerts.

Preferences: a small cookie remembers your display language (English/Italian) and your login session. These are functional cookies required for the app to work, not tracking or advertising cookies.

We do not use analytics, advertising trackers, or any form of behavioral profiling.

Why we process your data

To provide the service you signed up for — this is the performance of a contract between you and us (GDPR Art. 6.1.b).

To process Premium subscription payments and comply with related tax and accounting obligations.

To send you service communications you have opted into (reminders, important account notices).

We never sell your data, and we never use your financial information for advertising or share it with third parties for marketing purposes.

Who else processes your data

Supabase — hosts our database and handles authentication. Supabase acts as our data processor.

Stripe — processes Premium subscription payments. Stripe acts as an independent data controller for payment data under its own privacy policy.

Resend — delivers transactional emails (reminders, account notices) on our behalf.

Your browser's push notification service (e.g. Google, Apple, or Mozilla, depending on which browser you use) — delivers push reminders if you enable them.

Where any of these providers process data outside the European Economic Area, they do so under appropriate safeguards such as Standard Contractual Clauses.

How long we keep your data

We keep your data for as long as your account is active. You can delete all your financial data yourself at any time from Settings → Danger Zone. To delete your account entirely, contact us at the email above.

Your rights

Under GDPR, you have the right to access, correct, delete, or export your data, to object to or restrict certain processing, and to withdraw consent at any time (e.g. by disconnecting Google sign-in). To exercise any of these rights, contact gabriele.denaro@outlook.com. You also have the right to lodge a complaint with your local data protection authority.

Security

Your financial data is protected by database-level Row Level Security, meaning only you can read or write your own records, even at the database layer. All traffic to Patrimony is encrypted in transit (HTTPS).

Children

Patrimony is not directed at, and should not be used by, anyone under 18 years of age.

Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the last revision. Material changes will be communicated by email where appropriate.