[ Privacy Policy ]

Last updated: 07/10/2026

This Privacy Policy describes what data Fortogo collects, how it is used and protected, and what rights you have. We deliberately collect a minimum of data, show no ads and never sell your data. The personal-data controller is the owner of the Fortogo project, a resident of Ukraine. Processing is carried out in accordance with the Law of Ukraine "On Personal Data Protection" and, for users in the EU, with the general principles of the GDPR.

1. What data we collect

We process only the data needed for the web app to work:

  • Account data: email address; optionally a display name and profile photo (if you sign in with Google); the sign-in provider type.
  • Password: for email registration, the password is stored in a secure (hashed) form by Firebase Authentication – we have no access to it in plain text.
  • Your financial content: investments (title, type, currency, amounts, dates, yield, taxes, payouts, color), financial goals (title, target amount, currency, description, color) and related settings.
  • Settings: base currency, rate source, enabled currencies, card color, the selected current goal, and interface theme and language.
  • Technical data on your device: local interface settings and a transient rate cache in the browser's storage (localStorage), as well as Firebase Authentication session tokens to keep you signed in.

2. Site analytics

For anonymous visit statistics we use Cloudflare Web Analytics – a service that works without cookies and does not collect personal data. It does not track you across sites and does not build profiles.

The analytics show only aggregated metrics (page views, device/browser type, approximate region) that help improve the site. You cannot be personally identified from this data.

3. How and why we use data

We use data only to run and improve the web app – and never for advertising or profiling. Specifically:

  • providing the investment- and goal-tracking features and their calculations;
  • saving your settings and maintaining an authenticated session;
  • sending email notifications – only if you enable them (see the email section);
  • anonymous statistics to improve the site;
  • technical support and security.

4. Legal basis for processing

We process your data on the following grounds:

  • performance of a contract (providing the web app you requested) – for account data and your content;
  • your consent – for enabling email notifications;
  • legitimate interest – for security and anonymous site analytics.

5. Email notifications

Fortogo may send optional email reminders about the maturity of term investments. This feature is disabled by default and is enabled only if you choose to.

If you enable it, we additionally store your email language and time zone in order to send messages at a convenient time. Delivery is handled by the service Resend; only your email address and the message content are passed to it.

You can disable notifications at any time in your profile settings.

6. Where data is stored

Account data is stored in Firebase Authentication, and your content and settings in the Cloud Firestore database. The site is hosted on Firebase Hosting, and server functions run on Cloud Functions (all Google services).

Google processes data on its global infrastructure, so it may be stored on servers outside Ukraine.

Access to your data is restricted by Firestore security rules: only your authenticated account can read and change it. The project's author does not view, analyze or use your financial data.

7. Sharing data with third parties

We do not sell or share your personal data for advertising. Data may be processed only by providers necessary for the web app to work:

  • Google (Firebase) – authentication, data storage, hosting, server functions;
  • Cloudflare – anonymous web analytics (no cookies or personal data);
  • Resend – email delivery (only if you enabled notifications);
  • Monobank / PrivatBank / NBU – exchange-rate sources; no personal data of yours is sent to these services – we only receive public rates from them.

8. Cookies and local storage

Fortogo does not use cookies for advertising or tracking. Our web analytics (Cloudflare) works without cookies.

To run the interface we use the browser's local storage (localStorage): saving language and theme, list filter/sort settings, and a transient rate cache. This data stays on your device.

Firebase Authentication stores technical session tokens so you stay signed in – this is essential (functional) data.

You can clear local storage in your browser settings; signing out also clears account-related data on the device.

9. Data retention and deletion

We keep your data for as long as your account exists.

You can delete your account at any time in your profile settings – this deletes all of your data from the database and access to it.

Interface data in localStorage is removed on sign-out or when you clear your browser. Providers' technical logs (e.g. Google) may be retained for some time under their own policies.

10. Security

The connection to the web app is secured with HTTPS. Data in Cloud Firestore is encrypted at rest on Google's side.

Access to your data is segregated by Firestore security rules (account owner only).

Despite the measures taken, no method of transmitting or storing data is absolutely secure. Fortogo is a personal project; keep this in mind when deciding what data to enter.

11. Your rights

In accordance with the law, you have the right to:

  • access your data and obtain a copy of it;
  • correct inaccurate data;
  • delete your data (the "right to be forgotten");
  • withdraw consent to processing (e.g. disable email notifications);
  • restrict processing or object to it;
  • data portability.

12. Exercising your rights

You can exercise most rights yourself within the web app: edit your data and delete your account in your profile settings.

For other questions about your data, write to us – contact details are in the "Contact" section. You also have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (the personal-data protection authority).

13. Children

Fortogo is not intended for persons under 18 and does not knowingly collect children's data. If you believe a child has provided us with their data, contact us to have it deleted.

14. International data transfers

Since we use Google (Firebase) and Cloudflare services, your data may be processed on servers outside Ukraine. These providers apply their own data-protection mechanisms for international transfers.

15. Changes to the Policy

We may update this Policy from time to time. We will notify you of significant changes via the web app interface or by email. The last-updated date is shown at the top of the page.

16. Contact

For questions about this Privacy Policy or the processing of your data, write to: sukach.eugene@gmail.com