In short: we collect your email, a hashed password, and your learning activity so the app works. We do not sell your data, show ads, or use third-party tracking. You can delete your account at any time from inside the app. Email info@finlexng.com with any question.
1. Who we are
This Privacy Policy explains how FinLex ("FinLex", "we", "us", "our") collects, uses, and protects information when you use our mobile applications (iOS and Android) and our website at finlexng.com (together, the "Service").
FinLex is operated from Abuja, Federal Capital Territory, Nigeria. By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
2. Information we collect
2.1 Information you give us
- Account information. When you create a FinLex account, we collect your email address and a hashed (one-way encrypted) password. You may optionally provide a display name.
- Sign in with Apple / Sign in with Google. If you choose to sign in using Apple or Google, that provider confirms your identity to us and shares a limited set of information — typically your name and email address (or, with Sign in with Apple, a private relay email if you choose to hide your address). We use this only to create and secure your account. We never receive your Apple or Google password, and we do not post anything to those accounts.
- Learning activity. As you use the Service, we record your progress through courses, lessons, and word cards — including which items you have completed, which words you have bookmarked or marked for review, your streak and accuracy, and your quiz answers.
- Support communications. If you contact us by email, we keep a record of that correspondence to help with your inquiry and improve our support.
- Subscription and purchase data (where applicable). If you subscribe to FinLex Pro, the purchase is processed by the Apple App Store, and we use RevenueCat to verify and manage your subscription status. We receive a transaction reference, the product you purchased, and your entitlement status (active, in free trial, or expired) — linked to your FinLex account so we can unlock Pro content for you. We do not receive or store your full payment card details; those are handled entirely by Apple.
2.2 Information collected automatically
- Device and usage data. Device model, operating system version, app version, app language, and timestamps of significant actions (for example, session start and lesson completion). We use this to operate the Service and improve reliability.
- Crash and diagnostic data. If the app crashes or encounters an error, our infrastructure collects diagnostic information (such as the screen you were on, the OS version, and a stack trace) so we can fix it. This data is not linked to your name or contact details.
- Cookies and similar technologies (website only). The website uses essential cookies to keep you signed in. We do not use third-party advertising cookies.
2.3 Information we do not collect
FinLex does not access or collect:
- Your precise location
- Your contacts, photos, microphone, or camera
- Your browsing history outside FinLex
- Financial information such as bank account or card numbers
- Advertising identifiers (IDFA, AAID) for tracking
- Health, biometric, or other special-category personal data
3. How we use your information
We use the information we collect to:
- Provide and run the Service — sync your progress across devices, save your bookmarks, track your streak. Legal basis: performance of our contract with you.
- Authenticate you and secure your account. Legal basis: contract and our legitimate interest in protecting users.
- Send essential service emails — account confirmation, password reset, and notifications about important changes to the Service or this policy. Legal basis: contract and legal obligation.
- Improve FinLex by analysing aggregated, de-identified usage patterns. Legal basis: our legitimate interest in improving the product.
- Respond to your support requests. Legal basis: contract.
- Detect, prevent, and respond to fraud, abuse, or security threats. Legal basis: legitimate interest and legal obligation.
- Comply with applicable law. Legal basis: legal obligation.
We do not sell or rent your personal information. We do not use it for advertising. We do not build profiles on you for any third party.
4. How we share information
We share your information only in the limited circumstances below.
4.1 Service providers (data processors)
We use the following trusted third parties to operate the Service. They process information strictly on our behalf and are contractually required to protect it:
- Supabase — database and authentication. Your account credentials and learning data are stored on Supabase infrastructure.
- Sign in with Apple and Google Sign-In — optional authentication providers. If you use them to sign in, they verify your identity and share a limited set of profile information (name and email) with us, governed by their own privacy policies.
- RevenueCat — subscription management. RevenueCat validates your App Store purchase and tells us whether your FinLex Pro entitlement is active, in trial, or expired. It processes a purchase identifier and your app account identifier on our behalf.
- Resend — transactional email delivery (account confirmation, password reset). Resend processes your email address solely to deliver these messages on our behalf.
- Apple App Store — distribution of the app and all in-app purchases. Apple's privacy practices are governed by its own policy.
- Netlify — website hosting.
4.2 Legal compliance
We may disclose information if required to do so by law, court order, or a legitimate request from a public authority. We will limit any disclosure to what is required and will notify you where we are permitted to do so.
4.3 Protection of rights
We may disclose information to enforce our Terms of Use or to protect the rights, property, or safety of FinLex, our users, or others.
4.4 Business transfers
If FinLex is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you in advance and you will have the opportunity to delete your account before any transfer takes effect.
4.5 What we never do
We do not share your personal information with advertisers, data brokers, or analytics providers that build cross-app profiles of you.
5. Where your data is stored
Your information is stored on infrastructure operated by Supabase, in regions selected for performance and compliance. Depending on your location, this may involve transfers outside your country, including to the United States or the European Union. Where such transfers occur, we rely on appropriate legal safeguards — including Standard Contractual Clauses or equivalent mechanisms — as required by applicable data protection law.
6. How long we keep your data
- Active accounts. We retain your information for as long as your account is active.
- Deleted accounts. When you delete your account from inside the app, we remove your personal information from our active systems within 30 days. Routine backups are purged on rolling cycles, typically within 90 days.
- Support correspondence. Retained for up to 24 months after the last interaction.
- Legal retention. Where we are required by law to retain certain information (for example, for tax or fraud-prevention purposes), we keep only what is necessary and for no longer than required.
7. Your rights and choices
Depending on where you live, you have the following rights:
- Access. Request a copy of the personal information we hold about you.
- Correction. Ask us to correct information that is inaccurate or incomplete.
- Deletion. Request that we delete your account and associated personal information. You can do this directly from inside the app.
- Portability. Request a machine-readable copy of your information.
- Object or restrict processing. Object to certain processing or ask us to restrict it.
- Withdraw consent. Where processing is based on your consent, you may withdraw it at any time.
- Opt out of "sale" or "sharing" (CCPA). We do not sell or share personal information for cross-context behavioural advertising.
- Lodge a complaint. EU and UK residents may complain to their local data protection authority. Nigerian residents may contact the Nigeria Data Protection Commission (NDPC).
To exercise any right that is not directly accessible in the app, email info@finlexng.com. We will respond within 30 days.
8. Children's privacy
FinLex is designed for adult learners working in or studying finance and is not directed at children. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with personal information, please contact us at info@finlexng.com and we will delete it promptly.
9. Security
We use industry-standard measures to protect your information, including:
- HTTPS / TLS encryption for all data in transit
- One-way password hashing — we never store your plaintext password
- Row-level security in our database, so each user can only access their own data
- Regular review of access controls and dependencies
No system is perfectly secure. If you become aware of a security issue with FinLex, please report it to info@finlexng.com.
10. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the address you provided) and through a prominent notice in the app before the change takes effect. The "Last updated" date at the top of this page indicates when the policy was last revised.
11. Contact us
FinLex
Email: info@finlexng.com
Phone: +234 803 551 3406
Website: finlexng.com
Based in: Abuja, Federal Capital Territory, Nigeria
For questions about this Privacy Policy, your data, or to exercise any of your rights, please contact us using the details above.
12. Educational disclaimer
FinLex is an educational product. The courses, vocabulary, examples, and other content available through the Service are intended to help you learn finance concepts and terminology.
FinLex does not provide investment advice, financial advice, legal advice, tax advice, accounting advice, or any other form of professional advice. Nothing in the Service is a recommendation to buy, sell, hold, or trade any security, currency, commodity, derivative, or other financial instrument. Examples used in the courses are illustrative only and should not be relied on for actual investment, business, or legal decisions.
Finance and investment activities involve risk, including the potential loss of capital. Past performance is not indicative of future results. You should consult appropriately licensed professionals — including a registered investment adviser, lawyer, or accountant — before acting on any material learned through FinLex.
FinLex, its operators, and its content contributors disclaim all liability for any loss or damage arising from reliance on the educational content provided through the Service, to the fullest extent permitted by applicable law.