Privacy Policy

Your privacy is fundamental to our mission. This comprehensive privacy policy explains how we collect, use, protect, and share your personal information in compliance with GDPR, CCPA, and other privacy regulations.

Last updated: December 2024 | Effective date: January 1, 2025

Our Privacy Principles

We are committed to protecting your privacy through transparent practices, robust security measures, and respect for your privacy rights.

Data Minimization

We collect only the data necessary to provide our services and process it for legitimate business purposes.

Collection limited to essential financial reconciliation data
No collection of unnecessary personal information
Regular data minimization audits
Purpose limitation for all data processing activities

Data Protection by Design

Privacy considerations are integrated into every aspect of our system architecture and development processes.

Privacy-by-design architecture principles
Data protection impact assessments
Privacy-enhancing technologies implementation
Default privacy settings and configurations

Transparency & Control

Clear information about data processing with granular controls for users to manage their privacy preferences.

Comprehensive privacy notices and disclosures
Granular consent management
User-friendly privacy controls
Regular privacy policy updates and notifications

Data Subject Rights

Full support for individual privacy rights including access, rectification, erasure, and data portability.

Right to access personal data
Right to rectification of inaccurate data
Right to erasure (right to be forgotten)
Right to data portability
Right to restrict processing
Right to object to processing

Data We Collect

We collect only the data necessary to provide our financial reconciliation services. All data collection is transparent, lawful, and limited to legitimate business purposes.

Financial Data

Bank account information, transaction data, and financial records

Purpose

Core reconciliation services and financial analysis

Retention Period

7 years (regulatory requirement)

Legal Basis

Contract performance and legitimate interest

Identity Data

Name, email address, phone number, and authentication credentials

Purpose

Account management, authentication, and customer support

Retention Period

Account lifetime + 3 years

Legal Basis

Contract performance and consent

Usage Data

System logs, access patterns, and feature usage analytics

Purpose

Service improvement, security monitoring, and performance optimization

Retention Period

2 years

Legal Basis

Legitimate interest and consent

Technical Data

IP addresses, device information, and browser data

Purpose

Security monitoring, fraud prevention, and service delivery

Retention Period

1 year

Legal Basis

Legitimate interest and legal obligation

Data Sharing & Third Parties

We share data only when necessary and with appropriate safeguards. All data sharing is conducted under strict contractual and legal protections.

Service Providers

Trusted third-party vendors who assist in service delivery

Examples

• AWS (cloud infrastructure)
• Stripe (payment processing)
• QuickBooks (accounting integration)

Safeguards

Data processing agreements, security assessments, and regular audits

Financial Partners

Banks, payment processors, and financial institutions

Examples

• Plaid (banking data)
• Yodlee (financial aggregation)
• Bank APIs

Safeguards

Encrypted connections, minimal data sharing, and regulatory compliance

Legal Requirements

Government authorities and regulatory bodies when legally required

Examples

• Tax authorities
• Financial regulators
• Law enforcement

Safeguards

Legal review, data minimization, and appropriate legal basis

Data Protection Measures

Comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Encryption

AES-256 encryption for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive data
Encrypted database backups

Access Controls

Multi-factor authentication (MFA)
Role-based access controls (RBAC)
Principle of least privilege
Regular access reviews and audits

Monitoring & Detection

24/7 security monitoring
Automated threat detection
Intrusion detection systems
Regular security assessments

Data Governance

Data classification and labeling
Data retention policies
Secure data disposal
Privacy impact assessments

Your Privacy Rights

You have comprehensive rights regarding your personal data. We provide easy-to-use tools and processes to exercise these rights.

Right to Access

Request a copy of all personal data we hold about you

How to Exercise

Submit request through your account or contact our privacy team

Response Time

30 days maximum response time

Right to Rectification

Correct inaccurate or incomplete personal data

How to Exercise

Update information directly in your account or contact support

Response Time

Immediate for account updates, 30 days for complex requests

Right to Erasure

Request deletion of your personal data (right to be forgotten)

How to Exercise

Submit deletion request through your account or privacy team

Response Time

30 days maximum, subject to legal retention requirements

Right to Portability

Receive your data in a structured, machine-readable format

How to Exercise

Request data export through your account settings

Response Time

30 days maximum response time

Right to Restrict Processing

Limit how we process your personal data

How to Exercise

Contact our privacy team with specific restrictions

Response Time

30 days maximum response time

Right to Object

Object to processing based on legitimate interests

How to Exercise

Submit objection through your account or privacy team

Response Time

30 days maximum response time

Privacy Questions or Concerns?

Our dedicated privacy team is available to address any questions about your data, privacy rights, or this policy. We respond to all privacy inquiries within 30 days.

Privacy Officer

privacy@finacly.ai

Data Protection Officer

dpo@finacly.ai