Privacy Policy
Last updated: 6 July 2026
Who we are
Nobria is a personal-finance tracking and forecasting service operated by Fabio Nobre ("Nobria", "we"). We are the data controller for the personal data described in this policy. You can reach us at fabionobre.ai@gmail.com.
What we collect
- Account data. Your email address and a password. Passwords are handled by Firebase Authentication and are never visible to us.
- Financial data you enter. Account balances, income, expenses, holdings, liabilities, property values and planning assumptions. You type or import all of it yourself. We never connect to your bank and we never hold bank credentials.
- Feedback. If you use the in-app feedback button we store your message together with the screen you were on, a short device/browser description and your language setting.
- Technical data. Standard server logs (IP address, request time) processed by our hosting providers for security and to keep the service running.
What we deliberately do not do
- No advertising, and no advertising or cross-site trackers.
- No sale or sharing of your data with third parties for their own purposes. Ever.
- No bank logins. Nobria works from data you enter or import.
- The public demo runs entirely in your browser on synthetic data and stores nothing about you.
Why we process your data
- To provide the service (performance of a contract): storing and syncing the data you enter, computing your statements and forecasts.
- To review access requests and prevent abuse (legitimate interests): the account approval queue, abuse protection and security controls.
- To improve the product (legitimate interests): reading the feedback you choose to send.
- To comply with the law where we are required to.
Where your data lives
Your data is stored in Google Firebase (Authentication and Cloud Firestore) and the app is served by Cloudflare. Both act as our processors. Where data is transferred outside the UK or EEA, the transfer is protected by recognised safeguards such as the EU–US Data Privacy Framework and Standard Contractual Clauses, together with the UK Addendum.
Live market prices (exchange rates, security and crypto prices) are fetched from third-party market-data providers. Those requests carry no account information — only the tickers being priced and the network metadata inherent in any web request.
How long we keep it
We keep your data while your account exists. When you delete your account (Settings → General → Your data) all of your stored data is deleted immediately. Residual copies in our operational backups are removed within 35 days.
Your rights
You have the rights given by UK and EU data-protection law: access, rectification, erasure, portability, restriction and objection. Nobria builds the main ones in:
- Export — download everything you have stored as a JSON file, any time, from Settings → General → Your data.
- Rectification — every figure is editable in the app.
- Erasure — delete your account and all data yourself, from the same place.
For anything else, email us. If you are unhappy with how we handle your data you can complain to the UK Information Commissioner's Office at ico.org.uk.
Cookies and local storage
Nobria uses only what is essential to run: the Firebase sign-in session and your display preferences (theme, language, layout) kept in your browser's local storage. There are no analytics or marketing cookies, so there is no cookie banner.
Security
All traffic is encrypted in transit. Your data is isolated per account and server-side security rules block any other user from reading it. New accounts are inert until approved.
Children
Nobria is for adults managing their own finances. It is not intended for anyone under 18.
Changes to this policy
If this policy changes we will post the new version here and update the date at the top. For significant changes we will tell you in the app or by email.