General Terms and Conditions (AGB)

I. Contract formation

A usage agreement for the heyFinance software ("Software") between Drailfides Digital UG (haftungsbeschränkt) ("Provider") and the user is concluded when the user registers an account or otherwise accesses the service. Activation of the account requires successful verification of the user's email address. Until verification is completed, login may be restricted and the Provider may resend verification links or temporarily block access.

II. Subscription and Payment Terms

1. Pricing

heyFinance is offered as a subscription service. Current pricing is displayed at registration and may vary by region (EUR for Germany, NGN for Nigeria).

2. Free Trial

New users receive a 30-day free trial with full access. No payment information is required during the trial.

3. Subscription Activation

After the trial ends, you must actively subscribe to continue using heyFinance. Your subscription will not begin automatically.

4. Billing

Subscriptions are billed monthly or annually in advance. Payment is processed at the start of each billing cycle. Subscriptions purchased on the web are billed via Stripe; subscriptions purchased on iOS through the heyFinance mobile app are billed via Apple In-App Purchaseunder Apple's standard terms.

5. Cancellation

You may cancel a web-based subscription at any time via your account settings. iOS subscriptions purchased through Apple In-App Purchase are managed and cancelled directly via your Apple ID subscription settings on your device. Cancellation takes effect at the end of the current billing period. No refunds are provided for partial billing periods, except where required by applicable law (refund handling for iOS purchases is governed by Apple's policies).

6. Payment Failure

If payment fails, we will notify you via email. Access may be suspended until payment is resolved.

7. Price Changes

We may adjust pricing with 30 days' notice via email.

8. Payment Processors

Web subscriptions are processed by Stripe. We do not store any payment information on our servers; payment data is held by Stripe under its own terms. By subscribing on the web, you agree to Stripe's Terms of Service at https://stripe.com/legal.

iOS subscriptions are processed by Apple via In-App Purchase. We do not receive your payment card details. By subscribing through the App Store, you agree to Apple's Media Services Terms and Conditions at https://www.apple.com/legal/internet-services/itunes/.

III. Availability

We endeavor to make the software available to users without interruption. However, continuous availability cannot be guaranteed. Maintenance, security or capacity issues, or events beyond our control (e.g., power failures, internet outages) may result in temporary downtime or restrictions.

IV. Liability

Our liability is limited to intent and gross negligence by us, our legal representatives or vicarious agents. We remain liable for injury to life, body or health caused intentionally or negligently. Liability under the German Product Liability Act remains unaffected.

For breaches of essential contractual obligations (cardinal obligations), liability for slight negligence is limited to the foreseeable damage typical of the contract. Liability for loss of data is limited to the amount that would have been incurred if proper and regular backups had been made. Further liability is excluded.

During the 30-day free trial period, liability for material and legal defects is excluded to the extent permitted by law. This does not affect liability for intent, gross negligence, or injury to life, body or health.

V. Advisory Disclaimer

The Software provides tools for budgeting, categorization, and financial management. It does not provide financial, investment, tax, or legal advice. Decisions made on the basis of data or insights from the Software remain the sole responsibility of the user. The Provider is not a licensed financial adviser under German or EU law.

VI. AI Features (Insights & Auto-Categorization)

The Software offers optional AI-powered features, controlled at the organization level by an authorized account owner. The features are opt-in and are governed by two independent toggles that may be enabled or disabled at any time within the Software:

• AI Insights— analyzes your financial activity to generate periodic summaries (such as monthly or quarterly reports), trends, and goal-based recommendations. Uses only aggregated, non-identifying financial metrics.
• AI on transaction-level data— sends a limited subset of each transaction (such as its description, which may contain personal information like a counterparty name in a transfer) to the AI service provider. Currently powers AI Auto-Categorization, which suggests categories for your transactions. See the "data transmitted" subsection below for the exact fields transmitted.

The two toggles are independent: enabling one does not enable the other.

AI Insights — aggregated metrics only

To provide AI Insights, the Provider transmits aggregated, non-identifying financial metrics to its AI service provider. These values may include income and expense totals over a given period, category-level spending summaries, cash-flow and savings-rate calculations, counts of transactions per category, goal progress and affordability assessments, and period-over-period percentage changes. The Provider does not transmit individual transaction lines, vendor names, free-text descriptions, bank account numbers, or your personal contact identifiers (e.g., name, email) for AI Insights.

AI Auto-Categorization — data transmitted

When the transaction-level AI toggle is enabled, the Provider transmits the following information to its AI service provider for each uncategorized transaction in order to generate a category suggestion: the transaction description (which may include a merchant or vendor name and free-text memo as provided by your bank or CSV import), the transaction amount, the transaction type, the country associated with your organization, and the list of category names that exist in your account. The Provider does not transmit your name, email address, account numbers, IBAN, banking credentials, or other directly identifying information together with these requests. You acknowledge that transaction descriptions may contain personal information depending on what your bank or imported data includes.

Third-party AI provider

The Provider uses OpenAI, L.L.C.as its AI subprocessor for both features. OpenAI processes the data only on the Provider's documented instructions, does not use API inputs or outputs to train its models, and retains API content for a limited period (currently up to 30 days) for abuse and misuse monitoring, after which it is deleted. OpenAI's servers are located in the United States. Where this involves a transfer of personal data outside the EEA, the transfer is governed by the EU Standard Contractual Clauses and additional safeguards.

Legal basis & consent

Processing for AI Insights and for transaction-level AI features is based on the user's explicit consent under Art. 6(1)(a) GDPR, given when an authorized account owner enables the corresponding toggle for the organization. The two toggles constitute separate consents. Either consent may be withdrawn at any time by disabling the corresponding toggle; prior processing remains lawful.

No automated decisions; no advice

AI outputs (insights and category suggestions) are informational only and do not constitute financial, investment, tax, or legal advice. The Software does not make automated decisions producing legal or similarly significant effects within the meaning of Art. 22 GDPR. Suggested categories can be reviewed and changed by the user at any time.

User responsibility for accuracy

AI features rely on the accuracy of your inputs (including bank-sync data, CSV uploads, and category assignments). Incorrect, incomplete, or mis-categorized data may lead to inaccurate insights or category suggestions. The user remains responsible for reviewing and validating data and AI outputs before relying on them.

Opt-out and deletion

The Software can be used without either AI feature. Inputs sent to the AI provider are not stored separately on the Provider's systems beyond the original transaction or aggregated record they were derived from. Deleting your financial data or account removes the source data; OpenAI's short-term abuse-monitoring copies are deleted on its retention cycle as described above.

VII. Bank Account Sync (Qwist)

heyFinance offers an optional bank account sync feature that allows you to connect an external bank account and automatically import transactions. This feature is powered by Qwist GmbH, a licensed payment institution regulated under PSD2.

How it works

When you choose to connect a bank account, you are redirected to Qwist's secure widget to authenticate with your bank. Qwist retrieves your transaction history and account data on our behalf and transmits it to heyFinance for import. We do not receive or store your banking login credentials.

Data shared with Qwist

To initiate the connection, we share your email address with Qwist as a user identifier. Qwist, as a licensed payment institution and independent data controller, processes your bank account data (account details, balances, and transactions) under its own terms and privacy policy. We encourage you to review Qwist's policies before connecting your bank account.

Legal basis

Processing by heyFinance of the transaction data received from Qwist is based on your explicit consent (Art. 6(1)(a) GDPR), given when you initiate the bank sync. You may revoke access at any time via your account settings; prior processing remains lawful.

Revoking access

You can disconnect a synced bank account at any time from within heyFinance. Upon disconnection, we revoke Qwist's access token for your account. Previously imported transactions remain in your heyFinance account unless you delete them manually.

Availability and end of access

Bank account sync is offered as part of paid plans (and may also be available during the free trial period). If you do not subscribe to a plan that includes bank sync after your trial ends, or if you downgrade to a plan that does not include this feature, your access to bank sync will be discontinued. The Provider will instruct Qwist to revoke the access token associated with your account and to delete the associated bank connection data held on Qwist's side. Because the Provider is not itself a licensed payment institution, this revocation and deletion is initiated via a support request to Qwist and is not automatic; the Provider aims to complete this within 30 days of your loss of access to the feature. Previously imported transactions remain in your heyFinance account unless you delete them manually.

VIII. Data processing

To create and maintain a user profile, we process, among other things, the name, email address, and financial entries provided by the user. Payment processing is handled by Stripe (web) or Apple (iOS in-app purchases); we do not store any payment information on our servers. Details can be found in our Privacy Policy.

IX. Retention

Personal data is deleted once it is no longer required. If statutory retention obligations exist (e.g., 6–10 years for tax records), data is restricted accordingly.

X. Purpose of processing

User data is processed exclusively to provide the functionality of heyFinance, i.e., to fulfill the usage contract (Art. 6(1)(b) GDPR). Processing takes place via trusted infrastructure providers (Vercel, Render, Supabase, Resend). Where data is transferred outside the EEA, appropriate safeguards such as EU Standard Contractual Clauses (SCCs) apply.

XI. Data protection

We undertake to protect user privacy and process personal data in accordance with European data protection laws. Access to production data is strictly limited to the provider for essential support and security purposes.

XII. User rights

Users have the rights of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR), objection (Art. 21 GDPR), and withdrawal of consent at any time (Art. 7(3) GDPR). Complaints may be submitted to the competent supervisory authority, the Berliner Beauftragte für Datenschutz und Informationsfreiheit.

XIII. Consent

By accepting these Terms and Conditions, the user consents to the regulated processing of their personal data. Consent can be revoked at any time without affecting the lawfulness of prior processing.

XIV. User obligations

Users may not share accounts with others. Passwords must be kept confidential and not reused across other services. Suspected compromise must be reported immediately to the provider.

Users must provide a valid and accessible email address at registration. The email address must be verified before access to the Software is granted. Users are responsible for ensuring they can receive verification emails (e.g., by checking spam folders or requesting a new link). Accounts that remain unverified for an extended period may be deleted.

XV. Misuse and termination

We reserve the right to investigate suspected misuse or material breaches of these Terms and to block or terminate user accounts without notice in the event of serious violations.

XVI. Intellectual property

All intellectual property rights to heyFinance, including its software, design, and branding, remain with Drailfides Digital UG. Users are not granted any rights beyond those necessary to use the service.

XVII. Governing law and jurisdiction

The law of the Federal Republic of Germany applies exclusively, excluding the UN Convention on Contracts for the International Sale of Goods. The place of jurisdiction for all disputes is Berlin, Germany.

XVIII. Final provisions

These Terms and Conditions apply exclusively. Deviating, conflicting or supplementary terms of the user do not apply unless expressly agreed. Should individual provisions be or become invalid, this shall not affect the validity of the remainder. The parties will replace an invalid provision with one that comes closest to its intended economic purpose.

We may amend these Terms where necessary to reflect changes in law or technical framework. Users will be notified of changes by email to the last known address. The amendment becomes part of the contract unless the user objects within six weeks of receipt.