Privacy Policy

Welcome to Finn ("Finn," "we," "our," or "us"). Finn is an AI-powered mobile coding platform that enables developers to interact with their development environment through text-based prompts on their mobile devices.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, desktop application, web dashboard, and related services (collectively, the "Services"). Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

We use the information we collect for the following purposes:

• Provide and Improve Services: To operate, maintain, and improve our Services, including processing your text prompts and executing coding tasks.
• AI Processing: To send your prompts and relevant code context to AI services to generate code, answer questions, and execute development tasks on your behalf.
• Conversation History: To store and display your conversation history, allowing you to review past interactions and continue previous sessions.
• Real-Time Synchronization: To sync your sessions across mobile, desktop, and web platforms in real-time via our relay infrastructure.
• Authentication and Security: To verify your identity, maintain account security, and protect against unauthorized access.
• Analytics: To understand usage patterns through aggregated metrics, improve our Services, and develop new features.
• Billing and Subscriptions: To manage your subscription, enforce usage limits based on your plan, and process payments.
• Communications: To send you service-related notifications and updates about your account or the Services.
• Legal Compliance: To comply with legal obligations and enforce our terms of service.

Finn uses artificial intelligence to provide its core functionality. Here's what you should know:

• Third-Party AI Services: We support multiple AI providers including Anthropic's Claude and Google's Gemini. When you submit a prompt, it is sent to the selected AI provider's servers for processing.
• Code Context: To provide helpful AI assistance, we send context about your code (from approved folders) along with your prompts. This may include file contents, project structure, and recent changes. You control which folders are accessible through the folder approval system.
• Tool Executions: The AI may use various tools to read files, write code, and execute commands. We log tool usage including inputs and outputs to provide transparency and enable debugging.
• No Model Training: We do not use your prompts, code, or personal data to train AI models. Your data is used solely to provide the Services to you.
• AI Limitations: AI-generated outputs may contain errors or inaccuracies. You are responsible for reviewing and testing any code generated by the Services.

We may share your information in the following circumstances:

• AI Service Providers: Your prompts and code context are sent to AI providers (Anthropic, Google) to generate responses. These providers process your data according to their own privacy policies.
• Service Providers: We share information with third-party service providers who perform services on our behalf, including:
  • Clerk (authentication)
  • Stripe (payment processing)
  • Cloud hosting providers
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Protection of Rights: We may share information to protect our rights, privacy, safety, or property, or that of our users or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.
• With Your Consent: We may share information for other purposes with your explicit consent.

We do not sell your personal information to third parties.

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Specifically:

• Account Data: Retained while your account is active and for a reasonable period thereafter for legal and business purposes.
• Conversation History: Prompts, AI responses, and code diffs are retained to provide conversation history features. You can delete individual conversations at any time.
• Usage Metrics: Hourly metrics are retained for 24 hours; daily metrics are retained for 30 days; aggregated analytics may be retained indefinitely.
• Commit History: Git commit records are retained indefinitely as part of your project history.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Secure authentication using industry-standard protocols (JWT, OAuth)
• Secure WebSocket connections for real-time communication
• Rate limiting and connection limits to prevent abuse
• Access controls limiting employee access to personal data

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete personal information.
• Deletion: Request that we delete your personal information, subject to certain exceptions. You can also delete individual conversations through the app.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Opt-Out: Opt out of marketing communications at any time.
• Withdraw Consent: Where we rely on consent, you may withdraw it at any time.

To exercise these rights, please contact us at privacy@tryfinn.ai.

Finn's desktop daemon requires access to specific folders on your computer to provide AI coding assistance. Important details about this access:

• Explicit Approval Required: You must explicitly approve each folder before Finn can access it. We cannot access any folders without your permission.
• Local Execution: The desktop daemon runs locally on your machine. AI-generated code is executed locally, and file modifications happen on your computer.
• Folder Limits: The number of folders you can approve depends on your subscription tier.
• Revocable Access: You can revoke folder access at any time through the desktop daemon's settings.
• Data Sent to Cloud: While execution happens locally, we send the following to our servers: folder names, file paths, code diffs, commit information, and conversation content. This enables cross-device sync and conversation history.

Our Services are not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from your child, please contact us at privacy@tryfinn.ai and we will delete such information.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information internationally, we implement appropriate safeguards to protect your information, including:

• Standard contractual clauses approved by relevant authorities
• Compliance with applicable data protection frameworks
• Ensuring third-party recipients provide adequate protection

Our Services integrate with and rely on third-party services:

• Anthropic Claude: AI processing. Privacy Policy
• Google Gemini: AI processing (optional). Privacy Policy
• Clerk: Authentication. Privacy Policy
• Stripe: Payment processing. Privacy Policy
• Expo: Mobile app infrastructure. Privacy Policy

We encourage you to review the privacy policies of these third-party services.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request that we delete personal information we have collected from you.
• Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at privacy@tryfinn.ai.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on: (a) your consent, (b) performance of a contract, (c) our legitimate interests, or (d) compliance with legal obligations.
• Data Subject Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email or through the Services
• Provide a summary of key changes

Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your request within a reasonable timeframe and in accordance with applicable law.