Privacy Policy
NimbleCFO, an app by Generation Money. Last updated: 22 June 2026.
This policy explains what personal data NimbleCFO ("we", "us") collects, why, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018). NimbleCFO provides general financial guidance for UK freelancers and the self-employed — it is not regulated financial advice.
Who we are
Generation Money is the data controller for NimbleCFO. Contact: privacy@nimblecfo.app.
What we collect
- Account data: email address and a securely hashed password (or, if you use Google/Apple sign-in, the email those services share).
- Profile & financial information you provide: display name, onboarding answers, goals, tasks, projects, and any figures or notes you enter (e.g. income, tax set-asides, savings).
- Chat content: messages you send to the in-app AI assistant.
- Files you upload: e.g. an avatar or documents you choose to attach.
- Device push token: if you enable notifications, so we can send reminders.
- Usage events: basic in-app activity to operate and improve the service.
How we use it
- To provide the app: authentication, saving your goals/tasks/chats, and generating tailored guidance.
- To power AI features by sending your relevant chat content to our AI provider (see below).
- To send reminders/notifications you have enabled.
- To maintain security and improve the product.
Our lawful bases are performance of a contract (running the app you signed up for) and legitimate interests (security and improvement). You can withdraw notification consent at any time in Settings.
Who we share it with
- Anthropic — processes your chat content to generate AI responses. Anthropic does not train its models on this data via the API. See Anthropic's privacy terms.
- Supabase — our hosting, database and authentication provider, stores your data securely on our behalf (UK/EU region).
- Google / Apple — only if you choose their sign-in, and for push delivery.
We do not sell your personal data.
Where your data is stored
Data is stored on managed cloud infrastructure (Supabase), in the UK/EU region. Some processors (e.g. our AI provider) may process data outside the UK/EEA; where they do, appropriate safeguards such as standard contractual clauses apply.
How long we keep it
We keep your data while your account is active. You can delete your account at any time, after which we delete your personal data within 30 days except where we must retain it by law.
Your rights
Under UK GDPR you have the right to access, correct, delete, restrict, or port your data, and to object to certain processing. To exercise these, email privacy@nimblecfo.app. You may also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.
Children
NimbleCFO is not directed at children under 16 and we do not knowingly collect their data.
Security
Passwords are hashed, traffic is encrypted in transit, and access to data is restricted. No system is perfectly secure, but we take reasonable measures to protect your information.
Changes
We may update this policy; we will revise the date above and, for material changes, notify you in-app.