Legal

Privacy Policy

Effective date: 1 July 2026  ·  Last updated: 1 July 2026

This policy explains how Stack Innovations Limited ("we", "us", "our") collects, uses, stores, and discloses your personal information across our products — FinX (personal finance & investing) and HealthX (health & fitness). It covers both our web apps and our native mobile apps. We are committed to protecting your privacy in accordance with the New Zealand Privacy Act 2020 and, where applicable, the EU General Data Protection Regulation (GDPR). Sections that apply to only one product are labelled FinX or HealthX; everything else applies to both.

Health data notice (HealthX). Some HealthX data — training, nutrition, weight, body measurements, and Apple Health data — is sensitive "special category" information under the GDPR (Art. 9). We process it only to provide HealthX to you, and only with your consent. See Section 5.

Contents

  1. Who we are
  2. Information we collect
  3. How we use your information
  4. AI-powered features and consent
  5. Health & fitness data (HealthX)
  6. Disclosure to third parties
  7. Data storage and security
  8. Retention periods
  9. Your rights
  10. Cookies and tracking
  11. International transfers
  12. Children's privacy
  13. Changes to this policy
  14. Contact us

1 Who We Are

Stack Innovations Limited (NZBN: 9429053630445) is a New Zealand company and the data controller for the personal information described in this policy. We operate FinX (personal finance and investing) and HealthX (health and fitness). Both are products, not separate legal entities. References to "we", "us", and "our" mean Stack Innovations Limited.

Privacy contact: support@stackinnovations.co.nz

2 Information We Collect

Account data (both products)

FinX — financial data

HealthX — health, training & nutrition data

Collected automatically

Additional-feature data (both products)

Information from third parties

3 How We Use Your Information

We use your information only for the purposes for which it was provided or directly related purposes (NZ Privacy Act IPP2):

We do not sell your personal information, and we have no advertisers. We do not use your data for profiling unrelated to the service.

4 AI-Powered Features and Consent

Both products offer optional AI features powered by Anthropic's Claude. Each feature sends only the data it needs:

Consent required: AI processing is opt-in. You must explicitly consent (at registration or in settings) before any AI feature is activated, and you can withdraw consent at any time — this immediately disables AI features but does not affect data already processed.

Per Anthropic's commercial API terms, your inputs are not used to train their models. HealthX "Snap food" photos are sent to Claude to estimate the dish and macros and are not stored on our servers after the request completes.

Important: AI output is informational only. It is not regulated financial advice under the NZ FMC Act 2013 (FinX), nor medical advice (HealthX). Consult a licensed professional before making decisions.

5 Health & Fitness Data (HealthX)

HealthX processes health and fitness information — training logs, nutrition, weight, body measurements, progress photos, and (if you opt in) Apple Health data. Under the GDPR this is special-category data (Art. 9); we process it only to provide HealthX to you, and only with your consent.

Apple Health (HealthKit) — iOS app only

If you turn on "Sync with Apple Health" in the iOS app, HealthX reads the following from Apple Health, with your permission: body weight, daily step count, active and basal energy, resting heart rate, workout records, and last night's sleep. HealthX may write your completed in-app workouts back to Apple Health.

HealthKit-specific disclosures (required by Apple):

6 Disclosure to Third Parties

We disclose your information only as necessary to run the service. Each recipient is engaged under a Data Processing Agreement (DPA) where personal data is shared. "Both" means the sub-processor serves FinX and HealthX.

An up-to-date sub-processor list is available on request: email support@stackinnovations.co.nz. We do not disclose your information to any other third party without your consent, except where required by law.

7 Data Storage and Security

No method of transmission or storage is 100% secure. If you become aware of a security issue, email support@stackinnovations.co.nz immediately.

Breach notification

If we become aware of a notifiable privacy breach affecting your information, we will notify you and the Office of the Privacy Commissioner within 72 hours of becoming aware of it, as required by the NZ Privacy Act 2020 (s112).

8 Retention Periods

When you delete your account, we anonymise or delete your profile and product data and end your active sessions. For FinX, audit records are retained in anonymised form for the periods above. HealthX account deletion is a full, irreversible removal of your rows; any HealthKit data on your phone is not affected.

9 Your Rights

Under the NZ Privacy Act 2020 (and equivalent GDPR rights for EU residents), you have the following rights:

Access (IPP6 / GDPR Art.15)

Both apps show you all of your data directly. You can request a machine-readable export at any time — FinX provides a self-serve export (GET /api/me/export); for HealthX, request one in-app or by email. We respond within 20 working days.

Correction (IPP7 / GDPR Art.16)

You can edit your profile, logs, holdings, recipes, and history directly in the app. If other information is inaccurate, contact us.

Deletion (IPP9 / GDPR Art.17)

You can delete your account in Settings. FinX (DELETE /api/me, password-confirmed) anonymises your profile and deletes your financial data, retaining anonymised audit records per Section 8. HealthX performs a full, irreversible deletion of every row associated with your account. HealthKit data on your phone stays in Apple Health, owned by you.

Withdraw consent

You may withdraw consent to AI processing at any time in settings; this disables AI features immediately.

Complaints

Please contact us first at support@stackinnovations.co.nz. You may also complain to the Office of the Privacy Commissioner (NZ) or your local supervisory authority (EU).

10 Cookies and Tracking

We use a minimal set of cookies:

When you upgrade or manage a subscription, you are redirected to Stripe; Stripe sets its own cookies under its own domain, governed by Stripe's Privacy Policy. We do not use advertising cookies, third-party tracking pixels, or analytics cookies such as Google Analytics.

11 International Transfers

Our application servers run in Sydney, Australia (Fly.io syd region), and our databases are hosted by Neon (managed PostgreSQL). Your information is also processed by sub-processors in the United States (Stripe, Anthropic, Sentry, the FinX market-data vendors, and Google Workspace) and in various global locations for push-notification delivery (Google, Apple, Mozilla). Where personal data is transferred to these sub-processors, we rely on appropriate safeguards (such as Standard Contractual Clauses for EU transfers and binding data-processing agreements) consistent with the NZ Privacy Act 2020 and GDPR.

12 Children's Privacy

HealthX is intended for people aged 16 and over. FinX is intended for people aged 18 and over. We do not knowingly collect personal information from anyone under those ages. If you believe a child has signed up, contact us and we will delete the account.

13 Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email and/or by an in-app banner the next time you sign in, and update the "Last updated" date above. Continued use of FinX or HealthX after the effective date constitutes acceptance of the revised policy.

14 Contact Us

Privacy Officer

Stack Innovations Limited

NZBN: 9429053630445

New Zealand

Email: support@stackinnovations.co.nz

Products: FinX & HealthX  ·  Stack Innovations