This page is maintained by the Coinkin team to answer common security and privacy questions about the app. It describes controls that are enabled today — not a certification, audit, or independent verification.
Coinkin runs on the Lovable Cloud platform, which provides hosting, database, and authentication infrastructure. Platform capabilities (managed Postgres, row-level security, authenticated APIs, TLS termination) are operated by the platform. App behaviour, data model, access policies, and how your information is used inside Coinkin are the responsibility of the Coinkin team. Keeping your account credentials private is your responsibility as a customer.
Accounts are protected by email + password sign-in. Sessions are scoped per user and you can sign out at any time. Family data is only visible to members you have explicitly invited to your family workspace.
The app is hosted on Lovable Cloud, which uses managed Postgres with row-level security enforced on every table that holds family data. Requests are served over HTTPS/TLS in transit. Cron and webhook endpoints require a server-side shared secret to be invoked.
Coinkin stores the data you give it: your email and display name, the accounts and transactions you import or enter, categories, budgets, snapshots, recurring rules, and AI assistant queries you submit. This data is used to render your ledger, run forecasts and insights, and — when you opt in — generate AI summaries. It is not sold.
To deliver the product, Coinkin uses a small number of subprocessors: Lovable Cloud for hosting, database, and authentication; the Lovable AI gateway for AI categorization and assistant features; and Resend for transactional email such as digests and invite notifications. Each provider only receives the data necessary for its function.
Your data stays in Coinkin for as long as your account is active so you can keep working with your historical ledger. If you would like your account or family workspace deleted, contact us and we will remove it from our active database.
Found a security issue, or have a privacy question? Email the maintainers and we will respond. Please do not include sensitive credentials or personal data in the first message.
This page describes app-visible controls and current practices as configured by the Coinkin team. It is not a certification, audit report, or legal commitment, and does not claim compliance with any specific regulatory framework. Practices and providers may change as the product evolves; meaningful changes will be reflected here.