FireLink helps you see all your subscriptions, bills, orders and recurring charges in one place, gathered from email receipts and (where you connect it) your bank account. This policy explains what we collect, why, and your rights. We are based in the EU and follow the GDPR.
FireLink is operated by Lothric Systems (the "data controller"). For any privacy question or request, contact necula.dan.andrei@gmail.com.
| Account | Your email address (used as your passwordless login) and any phone number you add. |
| Email-derived data | When you connect a mailbox, we read it to find receipts, invoices, subscriptions, orders and shipping notices, and store the extracted details (merchant, amount, date) plus a copy of the relevant receipt for your in-app preview. We do not read or store unrelated personal correspondence. |
| Bank data | If you connect a bank (via open banking), we receive read-only account and transaction information to detect recurring charges and confirm active/cancelled status. We never receive your bank password, and we cannot move money. |
| Usage | Basic technical data needed to run the app (e.g. authentication tokens). |
We process this data only to provide the service to you — showing your subscriptions, bills, orders, reminders and spending. Our legal basis under GDPR is your explicit consent, which you give by connecting each mailbox or bank and which you can withdraw at any time by disconnecting it or deleting your account.
We do not sell your data, show ads, or use your email/bank content to train AI models.
We use a small set of trusted providers strictly to operate FireLink:
| Supabase | Hosts our database, authentication and file storage (EU region, Ireland). Your data is encrypted at rest and isolated per-user. |
| Anthropic | Classifies emails by intent. We send the sender and subject line (and minimal context) to determine if an email is a receipt, bill, order or marketing. Governed by a data-processing agreement. |
| Enable Banking | A licensed Account Information Service Provider (regulated by FIN-FSA) that securely connects to your bank when you choose to link one. |
| Resend | Delivers your login-code emails. |
Your data is stored in the European Union. We keep it only while your account is active. When you disconnect a mailbox or bank, the data it brought in is removed. When you delete your account, all your data is deleted.
Connection credentials (e.g. mailbox app passwords, OAuth tokens) are encrypted at rest. Access is restricted per-user with row-level security. Bank access is read-only and runs through a regulated provider.
You can request to access, correct, export, or delete your data, and to object to or restrict processing or withdraw consent at any time. Email necula.dan.andrei@gmail.com and we'll respond within 30 days. You may also complain to your local data protection authority (in Romania, ANSPDCP).
FireLink is not intended for anyone under 16.
We'll update this page and the date above if this policy changes.