Bester Wert All-in-One Finanzplanungs-Bundle
✓ Finanzplanung✓ Vermögens-Tracker✓ Monatliches Budget✓ Reisebudget-Planer✓ Jahresbudget-Planer✓ Monatlicher Ausgaben-Tracker✓ Jährlicher Steuerplaner✓ Altersvorsorgeplanung
$139 Einmalkauf, kein Abo
Bundle ansehen →
by Segmio
Bundles ansehen
Language
ENEnglishDEDeutschESEspañolFRFrançaisPTPortuguêsITItalianoARالعربيةNLNederlandsZH中文

Legal

Datenschutzerklärung

Unsere Datenschutzerklärung und Datenverarbeitungspraktiken.

Last updated: May 2, 2026

This Privacy Policy (“Policy”) explains how Segmio SRL (“FinancialAha”, “Company”, “we”, “us”, “our”) - a company registered in Romania - collects, uses, and protects personal data when you interact with our website at https://www.financialaha.com (the “Website”) and our digital products (collectively, “Products”). It also describes your rights regarding your personal data and how to exercise them. This Policy is to be read together with our Terms and Conditions.

If you have questions about this Policy or your data, contact us through our contact form.

Quick summary

  • We never sell or rent your personal data.
  • We don’t run ads, ad tracking, or cross-site tracking technologies.
  • Our website analytics are cookieless and anonymous (Plausible, EU-hosted).
  • The financial data you enter into our spreadsheet templates stays in your own Google account. We have no access to it.
  • You can request access, correction, or deletion of your personal data at any time through our contact form.

This summary is not a substitute for the full Policy below.

1. Who we are

FinancialAha is operated by Segmio SRL, a company registered in Romania. We are the controller of the personal data described in this Policy, except for payment-related data, which is processed by Paddle as our Merchant of Record (see Section 5).

You can reach us at any time through our contact form.

2. Personal data we collect

2.1 Information you give us

  • Contact form: name, email address, subject, and message.
  • Affiliate application: name, email address, and website URL.
  • Free template downloads: email address, marketing-consent confirmation, and the template you requested.
  • Customer support correspondence: any information you choose to share when contacting us.

Providing this information is voluntary, but it is necessary for us to deliver the service you requested. If you do not provide it, we will not be able to (for example) reply to your message, send you the template you asked for, or process your affiliate application.

2.2 Information collected automatically

When you access the Website, our hosting provider Cloudflare automatically processes technical information needed to deliver the site and protect it from abuse:

  • Your IP address - used to deliver the site, prevent abuse, and apply rate limits. Cloudflare retains access logs containing IP addresses per its default policies (typically rolling logs). We do not separately store your IP address, except in short-lived rate-limit records that expire 72 hours after a related transaction.
  • Browser type, language, and approximate geo-location derived from the IP
  • Operating system and device type
  • The pages you request and HTTP request metadata

We do not combine this information into a profile about you, and we do not use it to track you across other websites.

Our analytics provider, Plausible, additionally records aggregate metrics such as page views, top referrers, and country-level location. Plausible does not use cookies, does not store IP addresses, and does not identify individual visitors.

2.3 Information we receive from third parties

When you complete a purchase through Paddle, Paddle sends us a notification and we fetch the limited information we need to deliver your Product: your email address, the items you purchased, and a transaction ID. We do not receive your name, full billing address, or payment-card details from Paddle - that information stays with Paddle as our Merchant of Record.

We use this information to deliver your Product, send you a purchase confirmation, and respond to refund or support requests.

We do not buy or otherwise acquire personal data from data brokers.

3. How we use personal data and our lawful bases

We process personal data for the purposes listed below. For users in the European Economic Area, the United Kingdom, and Switzerland, the lawful basis under data-protection law (GDPR, UK GDPR, revFADP) is given for each purpose.

  • Operating, securing, and protecting the Website, including Cloudflare bot management and Cloudflare Turnstile spam prevention. Lawful basis: our legitimate interests in running a working, secure website.

  • Delivering the Products you have purchased and providing related customer support. Lawful basis: performance of a contract with you.

  • Tax invoicing, payment processing, and fraud prevention through Paddle. Lawful basis: compliance with a legal obligation, and Paddle’s legitimate interests as Merchant of Record.

  • Sending you marketing emails about new templates and resources. Lawful basis: your consent. You can withdraw it at any time using the unsubscribe link in any marketing email.

  • Responding to enquiries you submit through our contact form. Lawful basis: our legitimate interests in handling enquiries.

  • Aggregate, anonymous website analytics to understand which content is useful. Lawful basis: our legitimate interests in improving the Website.

  • Complying with legal obligations and defending legal claims. Lawful basis: compliance with a legal obligation; our legitimate interests.

Where we rely on legitimate interests, we have considered whether those interests are overridden by your rights and freedoms, and concluded they are not given the limited scope of processing.

4. Cookies and local storage

FinancialAha does not use advertising cookies, marketing cookies, social-media tracking pixels, or third-party analytics cookies.

The site only uses the following:

Cookies from Cloudflare (always present)

  • __cf_bm - bot management and abuse prevention. Strictly necessary. Lasts about 30 minutes.
  • cf_clearance - only set if a security challenge is shown to you. Strictly necessary. Lasts about 1 year.

Cookies from Paddle (only during checkout)

  • Cart, session, and fraud-prevention cookies, set when you initiate a checkout. Required for the transaction; cleared shortly after.

Local storage we set on your device (not a cookie; stays until you clear it)

  • faha_download_email - remembers the email you used to download a free template, so you do not have to retype it.

Session storage we set on your device (not a cookie; cleared when you close the tab)

  • Small calculator UI flags (e.g. whether you have dismissed a popup) kept only for the current browser session.

These technologies are exempt from consent under EU ePrivacy law because they are strictly necessary for a service you have requested, or because they are functional preferences you initiated.

We use Plausible Analytics for cookieless aggregate analytics. Plausible does not place any cookies on your device.

We use Cloudflare Turnstile as a privacy-respecting alternative to CAPTCHA on our forms. Turnstile is cookieless.

5. Sharing personal data with subprocessors

We share personal data only with service providers we have engaged to help us run FinancialAha, and only to the extent necessary for them to perform their services. Our current subprocessors are:

  • Cloudflare, Inc. (United States, processing at the global Cloudflare edge) - hosting, CDN, serverless functions, bot management, Turnstile, and short-lived security records.
  • Plausible Insights OÜ (Estonia, EU) - privacy-friendly, cookieless website analytics.
  • Paddle.com Market Limited (United Kingdom, processing globally) - Merchant of Record: payment processing, sales-tax compliance, invoicing, fraud prevention, and refunds.
  • Sendinblue SAS (Brevo) (France, EU) - marketing email list and transactional email (purchase confirmations, contact form notifications).
  • Google LLC (Google Workspace) (United States and European Union) - email and document collaboration for customer support.

We have data processing agreements with each subprocessor where required by data-protection law.

We do not sell your personal data, and we do not share it for advertising purposes.

We may also disclose personal data when we believe in good faith that disclosure is necessary to comply with a legal obligation, to protect our rights, or to protect the safety of our users or the public.

If FinancialAha is acquired by or merged with another company, your personal data may be transferred to the acquiring entity. We will notify you of any such change.

6. International data transfers

Some of our subprocessors are located outside the European Economic Area or your country of residence. When personal data is transferred internationally:

  • Cloudflare transfers rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses for data transferred to the United States, and on Cloudflare’s global edge for data in transit.
  • Paddle transfers between the EEA, the UK, and other regions rely on Standard Contractual Clauses, the UK International Data Transfer Agreement, and the EU-U.S. Data Privacy Framework where applicable.
  • Google Workspace transfers to the United States rely on the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.
  • Plausible (Estonia) and Brevo (France) are within the EEA and are not international transfers for EEA users.

You can request a copy of the safeguards in place for any specific transfer through our contact form.

7. Data retention

We keep personal data only as long as necessary for the purposes described above:

  • Marketing email list (free template signups) - until you unsubscribe. Unsubscribe requests are processed immediately and your email is removed from our active mailing list.
  • Contact form messages and affiliate applications - kept in our support inbox while they remain useful for ongoing correspondence. We periodically review and delete records we no longer need.
  • Purchase records - Paddle, as our Merchant of Record, retains transaction records as required by tax and accounting law (in Romania, generally 10 years under Law 82/1991). We retain only order confirmations and the email used for purchase, for the period needed to provide customer support and respond to refund or dispute requests.
  • Server-side rate-limit records (Cloudflare KV) - expire automatically 72 hours after the related transaction.
  • Server logs and security records (Cloudflare) - retained per Cloudflare’s default policies (generally up to 30 days for access logs).
  • Transactional email delivery logs (Brevo) - retained per Brevo’s policies (generally up to 6 months).
  • Aggregate, anonymous analytics (Plausible) - no personal data is stored. Aggregate statistics are retained by Plausible.

We may keep personal data for longer where required by law (for example, tax records that must be kept for up to 10 years under Romanian Law 82/1991) or to defend legal claims.

8. Your rights

You have the following rights in respect of your personal data. The exact scope of each right depends on the law applicable to you (see Section 12):

  • Access: a copy of the personal data we hold about you and information about how we process it.
  • Correction: correction of inaccurate or incomplete data.
  • Deletion (right to be forgotten): deletion of your data when it is no longer needed or where you withdraw consent.
  • Restriction: restriction of processing in certain circumstances (for example, while we verify accuracy).
  • Objection: objection to processing based on our legitimate interests, including direct marketing.
  • Portability: a copy of the data you provided to us in a structured, machine-readable format.
  • Withdrawal of consent: where we rely on your consent, you can withdraw it at any time. Withdrawal does not affect processing carried out before the withdrawal.
  • Right to lodge a complaint: with your local data-protection authority. The authority for our principal place of business is the National Supervisory Authority for Personal Data Processing (ANSPDCP) in Romania, www.dataprotection.ro. You may also complain to the authority in your country of residence.

To exercise any right, contact us through our contact form. We will respond within the time required by applicable law (within 30 days under GDPR, with a possible extension of up to two further months for complex requests, in which case we will let you know).

We may need to verify your identity before acting on a request, and we may charge a reasonable fee or refuse the request if it is manifestly unfounded or excessive (as permitted by law).

You can unsubscribe from marketing emails at any time using the unsubscribe link at the bottom of every marketing email.

9. Security

We implement industry-standard technical and organisational measures designed to protect personal data, including encryption in transit (HTTPS), access controls on our administrative tools, and reliance on reputable subprocessors with their own security certifications. No system is perfectly secure, however, and we cannot guarantee absolute security.

If we become aware of a personal-data breach that is likely to result in a high risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours and notify affected individuals where required by law.

10. Automated decision-making

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing.

11. Children’s privacy

FinancialAha is intended for adults. Our Products are designed to help users plan and track personal or business finances - managing income, expenses, savings, debt, retirement, and tax planning - activities that presume the legal and financial autonomy typical of adult life. We do not market our Products to children, do not run educational programs for minors, and do not knowingly collect personal data from children:

  • If you are in the European Economic Area, the United Kingdom, or Switzerland, our services are intended for users aged 16 and over (the digital age of consent in Romania, where we are established, is 16 under Law 190/2018).
  • If you are in the United States or other jurisdictions where the age threshold for online services is 13, our services are intended for users aged 13 and over.

If you are below the applicable age, do not use our Website or submit information to us. If you believe a child has provided personal data to us, please contact us through our contact form and we will delete it.

12. Regional notices

12.1 European Economic Area, United Kingdom, and Switzerland

This Policy is designed to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Swiss revised Federal Act on Data Protection. The data controller is Segmio SRL. Our supervisory authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), but you may also lodge a complaint with the supervisory authority in your country of residence.

12.2 California (United States)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the rights described in Section 8 (access, deletion, correction). In addition:

  • Categories of personal information collected: identifiers (name, email, IP address), commercial information (purchase history), internet/network activity (server logs), and geolocation (country-level only).
  • Sources: directly from you (forms), automatically (server logs and analytics), and from Paddle in connection with purchases.
  • Sale or sharing: we do not sell or “share” (as defined by CCPA/CPRA) personal information for cross-context behavioural advertising. We have not done so in the past 12 months.
  • Sensitive personal information: we do not collect sensitive personal information as defined by CPRA.
  • Right to opt out: because we do not sell or share personal information, no opt-out mechanism is required. If our practices change, we will update this Policy.
  • Non-discrimination: we will not discriminate against you for exercising any CCPA/CPRA right.

You may exercise your CCPA/CPRA rights through our contact form.

12.3 Brazil

If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) gives you the rights described in Section 8. The legal bases under LGPD are equivalent to those listed in Section 3. You can contact us through our contact form to exercise any LGPD right.

12.4 Canada (including Quebec)

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws (including Quebec’s Law 25) give you rights of access, correction, and withdrawal of consent. Quebec residents may also have the right to data portability. You can contact us through our contact form to exercise these rights.

12.5 Australia

If you are in Australia, the Australian Privacy Principles under the Privacy Act 1988 apply. You may complain to the Office of the Australian Information Commissioner (www.oaic.gov.au) if you are not satisfied with how we handle your data, after first contacting us through our contact form.

12.6 Japan

If you are in Japan, the Act on the Protection of Personal Information (APPI) applies. You can contact us through our contact form to exercise your rights.

The Website may contain links to other websites. We are not responsible for the privacy practices of those sites. When you submit personal information to a third-party site, that site’s privacy policy applies.

14. Updates to this Privacy Policy

We may update this Policy from time to time to reflect changes to our practices, our services, or applicable law. The “Last updated” date at the top of this Policy indicates when it was most recently revised.

For material changes, we will publish a notice on the Website and, where appropriate, notify you by email. Where a change requires your renewed consent (for example, new processing based on consent), we will ask you separately. This Policy is informational and describes how we handle personal data; it is not a contract you accept by continuing to use the Website.

15. Contact

To contact us about this Policy, your personal data, or to exercise any right described above, please use our contact form.