Fidy Privacy and Personal Data Processing Policy
Last updated: July 12, 2026
This Policy explains how Fidy collects, uses, stores, transmits, shares, retains, and deletes personal information. By creating an account or using Fidy, the user acknowledges having been informed. Where required by law, Fidy will separately request prior, express, informed authorization and specific permissions.
1. Data controller
Fidy is an application operated and offered by:
- Legal name: ORLANDO RAFAEL BARBOZA ALCALA
- NIT: 1002250606-3
- Domicile: Barranquilla, Atlántico, Colombia
- Notice address: Calle 104 #53-49
- Email: obarboza@fidyapp.com
- Telephone: 3003632142
- Website: https://fidyapp.com
In this Policy, the controller may be called “Fidy,” “we,” or the “Provider.” The contract is entered into directly with the person identified above; the Fidy name does not itself imply a separate company.
2. Scope and legal framework
This Policy applies to Fidy’s application, website, authentication, support, transaction capture and classification, AI, and communications. Processing is governed primarily by Article 15 of the Colombian Constitution, Law 1581 of 2012, Decree 1074 of 2015, and other applicable rules.
3. Information collected
- Account: name, email, internal identifier, authentication-provider profile photo, language, currency, settings, account status, registration, and last access.
- Finances: income, expenses, amounts, dates, merchants, descriptions, categories, described payment methods, budgets, goals, accounts, labels, and notes.
- Authorized sources: transaction-related emails, notifications, bank SMS messages, Apple Pay/iOS capture, and Google or Microsoft integrations; only text reasonably necessary to identify and categorize transactions. Apple Pay/iOS capture may include amount, merchant, card reference, and date.
- Technical and usage: IP addresses that providers may receive, operating system, app version, technical identifiers, access times, feature and lifecycle events, performance, errors, and security data.
- Support: name, email, content, date, and files or screenshots voluntarily submitted.
- AI: descriptions, merchant, amount, currency, category, minimized excerpts, questions, and context selected for the task.
4. Analytics, errors, and performance
Fidy uses analytics and monitoring providers. Events may be associated with an internal identifier and include lifecycle activity, features used, and transaction creation category and source. Error and performance reports may include the internal identifier, technical context, traces, and limited error context. Fidy applies filters intended to avoid credentials, tokens, and unnecessary financial content, but cannot guarantee all personal data will be removed automatically in every case.
5. Cloud processing and account deletion
Financial records are stored in the Cloud Ledger on Fidy-controlled cloud infrastructure. Cloud AI Processing is a core part of Fidy and cannot be turned off globally, although individual optional AI features may have separate controls.
Capture Improvement Samples are structural and redacted, are retained on by default, and are used to improve transaction capture. Turning this option off stops future retention and deletes your previously retained samples.
Deleting your account permanently deletes your Cloud Ledger financial records and user-linked Capture Improvement Samples. Fidy may retain minimal non-financial security and audit records when legally required.
6. Children’s data
Fidy is not directed to people under 18 and does not knowingly collect their data. If Fidy learns that a person under 18 created an account, it will take reasonable steps to remove the account and associated information, subject to legal duties. Parents or legal representatives may request removal by email.
7. Sensitive and private data
Although financial data is not always legally sensitive, it can reveal a person’s private economic life and will receive enhanced security and confidentiality. Where a feature involves legally sensitive data, Fidy will explain its nature, request explicit authorization where required, explain that authorization is optional, and apply additional protection.
8. Purposes
- Create, authenticate, administer, and protect accounts.
- Record, categorize, synchronize, and display transactions, budgets, goals, statistics, and summaries.
- Process authorized sources and provide AI features.
- Provide support and send security, operational, or contractual-change communications.
- Prevent abuse and unauthorized access; correct errors and improve stability.
- Analyze usage and performance and improve the product.
- Meet legal duties and authority requests; establish, exercise, or defend rights.
- Manage a potential service transfer while notifying users of a new controller.
- Send promotions only with authorization or another legal basis. Fidy does not sell data to advertisers or use it for third-party behavioral advertising without specific authorization.
9. Authorization and optional permissions
Where required by law, Fidy will obtain prior, express, informed authorization through unchecked boxes, in-app controls, system permissions, forms, email, or another demonstrable mechanism. General acceptance does not replace specific permissions. Users may refuse or withdraw permissions; only dependent features will be affected, and manual entry may remain available where offered.
10. Security
Depending on the system and risk, measures may include encryption in transit, access controls, authentication, monitoring, secret management, minimization, dependency updates, and access restrictions. No system guarantees zero risk. Fidy will act diligently and provide incident notifications where legally required.
11. Commercial communications
Promotions will be sent only with authorization or another legal basis and will offer a simple opt-out. Essential security, operational, or contractual-change messages are not necessarily promotional.
12. Third parties
Fidy may integrate third-party services. Their policies govern processing they perform under their own responsibility. Users should review Google, Microsoft, and other providers’ policies before enabling them.
13. Google API data and international processing
Fidy’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Gmail data is accessed through read-only authorization and used only to provide and improve transaction-capture features requested by the user. It is not sold or used for advertising.
Fidy and its cloud, analytics, monitoring, authentication, and AI providers may process personal data outside Colombia. Such transmission or transfer will occur only for the purposes described in this Policy and subject to applicable Colombian requirements, authorizations, contractual safeguards, and legal exceptions.
14. Changes
Fidy may update this Policy for legal, technical, operational, or commercial changes. Material changes may be communicated in the app, by email, push notification, or a prominent website notice; renewed authorization will be requested where legally required.
15. Data-subject rights
Data subjects may know, update, and correct their data; request proof of authorization; ask how it has been used; complain to Colombia’s Superintendence of Industry and Commerce after completing the applicable internal procedure; revoke authorization or request deletion where available; and access their data free of charge.
16. Petitions, consultations, and complaints
Fidy’s privacy function is responsible for these requests. Questions and requests must be sent to obarboza@fidyapp.com with identification, contact details, a clear description, and applicable supporting documents.
Consultations will be answered within ten business days and may be extended by five with notice. Complaints will be handled within fifteen business days from the day after receipt and may be extended by eight with a reasoned notice. Incomplete complaints will receive a correction request within five days; after two months without a response, they will be treated as withdrawn. Mandatory legal changes apply.
17. Contact and effective date
Questions and complaints: ORLANDO RAFAEL BARBOZA ALCALA, NIT 1002250606-3, Calle 104 #53-49, Barranquilla, Atlántico, Colombia; obarboza@fidyapp.com; 3003632142. This Policy takes effect July 12, 2026. Databases will remain in effect while needed for authorized purposes and applicable obligations.