Last updated: 6th of Dec 2025

1. Introduction

Welcome to Visibo. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclosure, and safeguard your information when you use our website www.visibo.io and our financial management services (the "Service").

By accessing or using our Service, you verify that you have read, understood, and agree to the collection and use of your information as described in this policy.

2. Information We Collect

We collect information to provide you with financial insights, categorization, and reporting.

A. Personal Data You Provide to Us

• Identity Data: Name, email address.

• Account Credentials: Passwords for our application (hashed and salted). Note: We do not collect or store your online banking credentials (PINs, passwords).

B. Financial Data (via Open Banking)

To provide our core service, we use a third-party open banking provider, to fetch data from your bank accounts. This includes:

• Account Details: IBAN, account holder name, account type, currency.

• Balances: Current and available balances.

• Transactions: Dates, amounts, descriptions, counterparty names (vendors) and reference numbers.

C. Technical & Usage Data

• Device Information: IP address, browser type, operating system.

• Usage Logs: Pages visited, time spent on the platform, and error logs.
  
  

3. How We Use Your Information

We use the data collected for the following purposes:

1. Service Delivery: To aggregate your bank transactions, categorize them and generate financial reports (P&L, Cash Flow, Balance sheet etc).

2. Automation: To allow our system to learn your vendor preferences and auto-categorize future transactions.

3. Account Management: To manage your registration and authentication.

4. Security: To monitor and prevent fraudulent activity.

5. Compliance: To comply with legal obligations (e.g., tax and accounting laws).
   
   

4. Open Banking & Enable Banking

We utilize Enable Banking Oy ("Enable Banking") as our Technical Service Provider to access your bank account information securely.

• Consent: We only access your financial data when you explicitly grant consent through the Enable Banking interface.

• Connection: When you connect a bank account, you are redirected to Enable Banking and then to your bank's secure portal.

• No Credential Storage: We never see or store your bank login credentials (username, password, PIN, or 2FA codes). These are entered directly into your bank's interface.

• Data Flow: Enable Banking fetches the data via secure APIs (PSD2 compliant) and transmits it to us.

• Enable Banking's Privacy: You can review Enable Banking’s Privacy Policy here: https://enablebanking.com/privacy/.
  
  

5. How We Share Your Information

We do not sell your personal data. We only share information in the following circumstances:

• Service Providers: We may share data with third-party vendors who perform services for us, such as:

  • Hosting: (e.g., AWS, Vercel) to host the application.

  • Database Providers: (e.g., Supabase, AWS) to store transaction history.

  • Analytics: (e.g., Datadog) to understand how users interact with our UI (anonymized where possible).

• Legal Requirements: If required by law, court order, or government regulation.

• Business Transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred.
  
  

6. Data Retention

We retain your personal and financial data only for as long as necessary to fulfill the purposes set out in this policy.

• Active Accounts: We keep transaction history to provide year-over-year reporting.

• Deleted Accounts: If you delete your account, we will delete your personal data within 90 days, unless we are required to retain it for tax or legal purposes.
  
  

7. Security of Your Data

We use administrative, technical, and physical security measures to protect your personal information.

• Data is encrypted in transit (SSL/TLS) and at rest.

• We use strict access controls to limit who can view internal data.

• However, no method of transmission over the Internet is 100% secure.
  
  

8. Your Data Protection Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request copies of your personal data.

• Right to Rectification: Request correction of inaccurate information.

• Right to Erasure: Request deletion of your data ("Right to be forgotten"), subject to legal retention obligations.

• Right to Restrict Processing: Request that we limit how we use your data.

• Right to Data Portability: Request transfer of your data to another organization.

To exercise these rights, please contact us at legal@visibo.io.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date and will be effective as soon as it is accessible.

10. Contact Us

If you have questions or comments about this policy, you may contact us at:

• Company Name: Visibo OÜ

• Email: hello@visibo.io

• Address: Tallinn, Estonia