Legal

Privacy Policy

Last updated: to be set on legal sign-off

1. The headline

My Financial Life is published by Garelochsoft Ltd (“we”/“us”). Your financial data is stored locally on your own device: it’s a desktop app, so your file lives on your Mac or PC. We do not host it, sync it to a server, or keep a copy. There is no account to create to use the app. Where we are the data controller — for this website and for purchase records (section 7) — that responsibility sits with Garelochsoft Ltd.

2. What this website collects

[To be confirmed.] The website is kept deliberately minimal. If any analytics are used, they will be privacy-friendly and cookieless (e.g. Plausible or Fathom), and named here with what they collect. If no analytics are used, this section will say so plainly. Records relating to a purchase (name, email, transaction, licence key) are covered separately in section 7.

3. Bank-feed data flow (when automated feeds are enabled)

Automated bank feeds are a post-launch feature. When enabled, account data passes through a third-party provider (such as Enable Banking, Plaid, or SimpleFIN) under a bring-your-own-credentials model: you hold the provider keys and the connection is yours. The intended position — to be confirmed in legal review — is that My Financial Life is not the data controller for that flow.

4. Third-party services the app can talk to (with your keys)

• Your bank-feed provider — only when you enable automated feeds.
• openexchangerates — foreign-exchange rates, using your own key.
• Tiingo — security prices and price history, using your own key.

These are optional and driven by keys you supply; the app does not phone home otherwise.

5. The My Financial Life → My Retirement Life hand-off

My Retirement Life is the sister app. A future, user-initiated export will let you move your financial data from My Financial Life into My Retirement Life. It is a file you choose to create and move — there is no automatic server-to-server transfer. Whether the two apps share one combined policy or two linked policies will be settled at legal review.

6. Your rights & retention

[To be drafted.] UK GDPR and EU GDPR rights (access, rectification, erasure, portability, objection), retention periods for anything the website or checkout partner does hold, and how to exercise them.

7. Purchases, licence keys & your records

Your in-app financial data never leaves your device — but when you buy the app, that is a transaction, and a transaction creates records. We keep these to a minimum and are straight about them here.

Purchases are handled by a Merchant-of-Record (MoR) payments partner who is the seller of record. They process your payment and collect what a sale legally requires — typically your name, email address, billing country, and the transaction amount and date. Card details are handled entirely by them and never reach us.

We receive and retain a minimal record of each sale — your name, email, the transaction date and amount, and the licence key issued — so we can deliver and re-issue your key, provide support, and meet our legal and tax record-keeping obligations (in the UK, financial records are generally kept for around six years). Your licence key is tied to the email address it was issued to, and we may verify that address before issuing or re-sending a key.

The same applies to any complimentary (“gifted”) keys or trial extensions: we record the email the key is bound to and why it was issued. None of this touches the financial data you keep in the app.

[Payment partner to be named and their privacy terms linked here at launch; final wording subject to legal review.]

8. Contact

Data-protection enquiries to Garelochsoft Ltd: hello@garelochsoft.com. [Registered company address to be added once the entity is formed.]

---

See also the Terms & Licence.