Date Last Revised: April 26, 2021
- are available through the Services (as defined below);
- we control, or own; or
We regularly re-evaluate our privacy and security policies and adapt them as necessary to deal with new changes in legislation and security standards. The term “Personal Information” means any information relating to an identified or identifiable natural person and includes, but is not limited to, such information as your name, address, phone number, fax number, email address, government identification number, location data, certain online identifiers (e.g., IP address, cookie) and financial data that consists of Financial Account Login Credentials and Financial Account Data (as defined below), but excludes business contact information.
We are committed to maintain the confidentiality, integrity, and security of any Personal Information about our Users. Finfini employs advanced data protection and security techniques to safeguard Users against identity theft and/or other related illicit access, use or disclosure of Users’ Personal Information. We will use commercially reasonable methods to secure your Personal Information in our files and systems.
- Your Privacy and Personal Information is not for Sale
Finfini is concerned about controlling unsolicited commercial e-mail, or “spam”. Finfini will not sell, lease or rent its e-mail subscriber lists to third parties who might use that information to spam our Users, nor will we transfer any other Personal Information to third parties unless you have consented to such transfer (e.g., by subscribing for a third-party service that utilizes our Services). While we continue to review and implement new technology, we cannot guarantee that there is any technology that will totally prevent the transmission of unsolicited e-mail. Using junk e-mail tools and being cautious about the sharing of your e-mail address(es) in our public forums or blogs will reduce the amount of unsolicited e-mail you receive. Simply put, we do not and will not sell, lease, or rent your Personal Information to anyone, for any reason, at any time.
- The Services
- Collection of Information
Although you can access some of our Services without registration, there are other Services for which you must either submit, or agree to the collection of, your Personal Information in order to enjoy their full functionality. We collect information in order to provide or improve the Services offered to all of our Users. The information is collected primarily in three ways:
- Information you give us.
You may give us information directly through the Services. For example, some of the Services require you to register an account with us. In this case, we will ask for Personal Information, like your name, email address, telephone number, zip code, or credit card (“Registration Information”).
In order for a Developer to use our Services, as part of the Registration Information we will also ask for additional information like Developer’s corporate name, address, and contact information.
If an End User wishes to access his/her financial account through the Services, then the End User will also be required to provide any security or access information used to authorize the End User when accessing End User’s financial account in End User’s Financial Institution, including but not limited to username, access number, password, security questions, and answers, token/SMS codes, multifactor information, biometric information, and device information (“Financial Account Login Credentials”).
By submitting this information End User will be able to benefit from the full functionality of the Services (e.g., automated data import from Financial Institutions). We may, from time to time, request other Personal Information to provide you with other benefits of the Services. Finfini reserves no rights whatsoever to collect and use extra information without your consent.
- Information that we collect from Financial Institutions.
Where you use the Services (either directly or through a Developer’s application) to access your financial account(s) with Financial Institution(s), we will retrieve and collect the information about your financial account (“Financial Account Data”) with that Financial Institution for the purpose of providing the Services to you, including but not limited to the following information:
- financial account holder details (including, but not limited to, name, address, email, phone number);
- financial account details (including, but not limited to, account number, type, currency, balance); and
- transactions details (including, but not limited to, transaction amount, date, description, currency).
- Information we get from your use of the Services. We may collect information about the Services that you use and how you use them. This includes the information collected from the use of: cookies, web beacons, and other anonymous online identifiers. In addition to any Personal Information or other information that you choose to submit to us, we and our third-party service providers may use a variety of technologies that automatically (or passively) collect certain information whenever you visit or interact with the Services.
This information may include without limitation the browser that you are using, the URL that referred you to the Services, all of the areas within the Services that you visit, and the time of day when you access and use the Services. We may use the collected information in an anonymized aggregate way (i.e., it is not personally identifiable in this state) for a variety of purposes, including but not limited to enhancing or otherwise improving and promoting the Services. In addition, we collect your IP address or other unique identifier for your computer, mobile or other device used to access the Services.
- Cookies – a cookie is a data file placed on a device when it is used to access the Services. Cookies and Flash cookies may be used for many purposes, including without limitation remembering you and your preferences and tracking your visits to our Website.
For example, Finfini may assign a cookie to you in order to limit the number of times you see a particular Finfini Partner Offer (as defined in Section 6) or to help better determine which Finfini Partner Offers to serve to you. We encode and encrypt our cookies so that only we can interpret the information stored in them. Cookies can be disabled or controlled by setting a preference within your web browser or on your device.
- Web beacons – web beacons are images (single-pixel gifs) embedded in a web page or email for the purpose of measuring and analyzing website usage and activity. Web beacons or similar technologies help us better manage content on our Services by informing us what content is effective, count Users of the Services, monitor how Users navigate the Services, count how many e-mails that we send are actually opened, or how many particular articles or links are actually viewed. We do not link the information gathered by web beacons to our Users’ Personal Information.
We may contract third party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on our Website.
No Personal Information about our Users will, whether electronically or otherwise, be shared with these third-party service providers, and at no occasion will we contract such third-party service providers to collect Personal Information on our behalf.
- Use of Information
- Use of Personal Information.
We use and disclose your Personal Information only as follows:
- To provide End User information (including Financial Account Data) to Developer through the Services where the Developer has received End User’s consent, through End User’s acceptance of Developer’s terms of service and/or applicable end user license agreement, that such information be shared with that Developer.
- To provide the Services to you and End Users, including providing updates on the Services and responding to your requests.
- To bill and collect money owed to us. This includes sending you e-mails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number.
• To send you and End Users system alert messages.
• To enforce compliance with our Terms of Service and applicable law.
• To provide customer support.
• To protect the rights and safety of our Users and third parties, as well as our own.
• To support and improve the Services we offer.
- To communicate with you about your account for informational, not promotional, reasons.
- To send you informational and promotional content that you may choose (or “opt in”) to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
- We may provide our registered Users with summaries of their accounts and email alerts. From time to time, we may transmit emails promoting Finfini or third-party goods or services. Any subscriber wishing to opt-out of receiving our promotional emails, and to terminate their newsletter subscriptions may do so by following the instructions in the emails. Users should note that opting out in this manner will not end transmission of service-related emails, such as email alerts.
- Users’ Personal Information may be visible to our technicians and IT staff when they are troubleshooting and analyzing data import errors, or other technical errors that may occur during your use of the Services.
- Use of Non-Personal Information.
Finfini may make anonymous aggregate Personal Information and disclose such data only in a non-personally identifiable manner, including but not limited to:
- Advertisers and other third parties for their marketing and promotional purposes, such as the number of Users who apply for a credit card or click on a particular Finfini Partner Offer;
- Organizations approved by Finfini that conduct research into consumer spending; and
- Users of the Services for purposes of comparison of their personal financial situation relative to the broader community.
Such non-personal information cannot identify you individually. Finfini strictly restricts access to your Registration Information, Financial Account Login Credentials, and Financial Account Data, as well as use of any other Personal Information you may provide to us in connection with the Services, in accordance with specific internal procedures and safeguards governing access to such information.
We carefully select the individuals privileged with access to Personal Information in accordance with our security policies and practices, and each such individual is bound by confidentiality obligations.
- Use of Information by Third Parties.
Our third-party vendors and service providers shall not under any given circumstance, whether presently or in the future, use any of your User information for purposes unrelated to the product or service they have been contracted by us to provide, in connection with the Services. We require such third-party vendors and service providers to maintain the confidentiality of all User information we provide to them.
- Children’s Privacy
Protecting the privacy of young children is especially important to us. For that reason, we do not knowingly collect, or maintain Personal Information from persons under thirteen (13) years of age.
If we learn that Personal Information of persons less than thirteen (13) years of age has been collected on, or through the Website and/or Services, we will take the appropriate steps to delete this information.
- Third Party Websites and Advertising
Third party websites, such as lenders, banks, brokerage institutions and credit card issuers, may offer a number of services and products that may complement your use of the Services, and may be advertised by us on our Website or through the Services (collectively, “Finfini Partner Offers”). For example, you may choose to access another website, purchase products from it, or conduct transactions through third party links.
Finfini will have no liability for any loss or damage that you may incur through sharing of your Personal Information with these third-party websites, or your use of any Finfini Partner Offer. You should carefully evaluate the practices of external service providers before deciding to use their services. Any use of third-party websites is at your own risk.
- Blogs and Forums on our Website
Information submitted in our public forum, blog, and bulletin board (collectively refers to, “Forums”) can be collected, read, and used by other Users. Such information can also be used to send you spam or other unsolicited messages. Finfini is not responsible for any damage incurred whatsoever, whether known or unknown, as a result of the use of your Personal Information submitted at any Forum on our Website.
The Forums may be hosted by Finfini, or by one of our third-party service providers on Finfinis’s behalf. Finfini encourages all Users to embrace pseudonymous identities when you are in our Forums, or any other public areas of the Website.
- Your Participation in Programs
Finfini may from time to time invite you to participate in various programs that may require registration (collectively, “Programs”) aimed at improving the Services, or developing new services. By participating in a Program, you agree to the specific terms and conditions that govern that Program, as well as to Finfinis’s Terms of Service that are applicable to you.
- Banks Integration Program
Only authorized staff from our development team in charge of handling the integration process and testing how the data import works, has access to your Financial Account Login Credentials, Financial Account Data, Personal Information, and all other data accessed, gathered, processed and stored in connection with Banks Integration Program.
As soon as the integration process has been successfully finalized, all the data accessed, gathered, processed, and stored in connection with your participation in the Banks Integration Program will be permanently destroyed and removed from our servers in accordance with our Data Deletion Policy (see further Section 14 below).
You can also cancel your participation in the Banks Integration Program at any time by deleting your account, which will result in immediate deletion and removal from our servers of all the data accessed, gathered, processed and stored, in connection with your participation in the Banks Integration Program and in accordance with our Data Deletion Policy.
- Contests, Giveaways, and Surveys
Finfini may, from time to time, offer surveys, contests, giveaways, and other promotions that may require registration (collectively, “Promotions”).
By participating in a Promotion, you agree to be bound by the rules that govern that Promotion, which may contain specific requirements, including allowing the sponsor of the Promotion to use your name, voice and/or likeness in advertising or marketing associated with the Promotion.
- Disclosures and Transfers
Our Third-Party Providers may include:
- Software developers
- Hardware vendors
- System integrators
- Payment processors
- Hosting Providers
Notwithstanding, your Personal Information may be available to the government, or its agencies, or the local authorities of such country under a lawful order, irrespective of the safeguards we have put in place for the protection of your Personal Information. See further: Important Exceptions and Section 12 “Situations that may Compel us to Disclose your Personal Information” below.
- We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact, or bring legal action against someone who may be causing injury to, or interference with (either intentionally or unintentionally) our rights or property, other Website Users, other Users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities.
We may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law.
- We may also disclose your Personal Information in connection with an acquisition, a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted
- Situations that may Compel Us to Disclose your Personal Information
Finfini, notwithstanding the foregoing, herewith reserves the right (and you authorize Finfini) to share or disclose your Personal Information when Finfini determines, in its sole discretion, that the disclosure of such information is necessary or appropriate:
- to enforce our rights against you or in connection with a breach by you of Finfini’s Terms of Service;
- to help curb prohibited or illegal activities that affect or hurt the interests of Finfini;
- when demanded by any applicable law, existing regulation, subpoena or other legal process; or
- to provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
- Transfer of Ownership
- Data Deletion Policy
You have the right to request that your Personal Information be deleted from our primary production servers. You own your data. Anytime you want your data removed from our systems, you can request us to delete your account from our production servers by contacting us at [email protected]
As a result, your data will be excised permanently from our production servers and further access to your account will be impossible. Additionally, any connection(s) we’ve established to your financial account(s) in Financial Institution(s) will be disconnected. However, for purposes of ensuring continued ability to serve you in case of malfunction or damage to our production servers, we retain backups of portions of your data derived from your Financial Account Data on our backup servers.
Your anonymous aggregate data may be stored on these servers indefinitely. We reserve the right to use any anonymous aggregate data derived from, or incorporating your Personal Information, but we will use all reasonable endeavours to ensure that such anonymous aggregate data will not include any of your Personal Information.
You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of Registration Information. If your Personal Information changes, or if you no longer desire our Services, you may amend, supplement, or delete the information by making the change at any time via the Services or by contacting us at [email protected] However, in some instances we cannot delete all the information we hold about you. Please see further Section 17 “Data Retention” below.
- Data Security
- Online Confidentiality
Finfini accounts require certain credentials to log in. You must keep your credentials secure and never disclose them to any third party. You are responsible for maintaining the confidentiality of your credentials. We require you to use strong passwords between 8-16 characters long that are difficult for others to guess. We recommend that you change your password periodically.
Your online security is also your responsibility; you must secure your credentials, including your password, against unauthorized access and use. When you suspect that your credentials have been stolen or been made known to others, you must change them immediately and contact us promptly at [email protected].
- Notice of Security Breach
Nobody is 100% safe from hackers. If a security breach causes an unauthorized intrusion into our systems that materially affects you or, in the case of Developer, Developer’s End Users, then Finfini will notify you of the security breach without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it, by describing the nature of the security breach, the data that has been, or Finfini reasonably believes to have been, compromised and the immediate actions taken by Finfini with respect thereto.
Finfini will later report the measures we’ve taken to mitigate potential adverse effects and prevent continuing or similar security breaches in the future.
- Safeguarding your Information
Our Services ensure secure communications with encryption. From the time you submit your credentials, these communications between your computer and our Services are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
To maintain your security of online sessions, and to protect Finfini accounts and systems from unauthorized access, Finfini uses a combination of firewall barriers, encryption techniques, and authentication procedures, among others. Our system will always prompt you to enter your credentials for your privacy and security.
The information that is collected, for example your Registration Information, is transmitted securely to our servers. Our servers may be located in different countries, and the local authorities of these countries may request access to the data located on these servers. For more information, please see further Section 11 “Disclosures and Transfers”.
Access to our systems requires multiple levels of authentication, including biometric recognition procedures. Security personnel monitor the systems 7 days a week, 24 hours a day. Finfini databases are both physically and logically protected from general employee access. We enforce physical controls to our building. We make sure that your Services credentials are encrypted such that they can never be recovered, even by us.
No employee by Finfini, whether knowingly or unknowingly, should put any sensitive content on any insecure machine. Finfini has been verified for its use of SSL encryption technologies, and audited for its privacy practices. Finfini tests its systems, the Website, and Services infrastructure for any failure points that might allow hacking. However, it is important to understand that these precautions apply only to our Website, systems, and Services. We exercise no control over how your information is stored, maintained, or displayed by third parties or on third party websites.
- Data Pseudonymisation
In addition to the technical and organizational security measures employed by Finfini to ensure security, confidentiality, and integrity of your Personal Information, Finfini also uses data pseudonymisation technique when processing and storing your Personal Information in our systems, by replacing the data fields which are the most identifying in a data record with pseudonyms.
Personal Information which has undergone pseudonymisation can no longer be attributed to a specific individual without the use of additional information, and such additional information is kept by Finfini separately, and is subject to technical and organizational security measures to ensure that such pseudonymised Personal Information is not attributed to an identified or identifiable natural person.
- Access and Accuracy
You have the right to access the Personal Information we hold about you, in order to verify the Personal Information we have collected in respect to you, and to have a general account of our uses, handling and processing of that information.
Upon receipt of your written request (which can be submitted by contacting us at [email protected]), we will provide you with a copy of your Personal Information stored in our systems without undue delay and at the latest within one (1) month, although in certain limited circumstances we may not be able to make all relevant information available to you such as where that information also pertains to another User.
In such circumstances we will provide reasons for denial to comply with your request, or any part thereof. We will endeavour to deal with all requests for access, modification, or deletion of Personal Information in a timely manner.
We use our commercially reasonable efforts to keep your information accurate and up-to-date. This notwithstanding, we do not guarantee that information imported through the Services (including without limitation Financial Account Data) will at all times be accurate, complete, error-free and/or up-to-date. However, we will do our best to fix any detected errors or inconsistencies.
You will have the ability to update your Financial Account Login Credentials via the Services, or destroy all your Financial Account Data and Financial Account Login Credentials by deleting the connection established to your financial account in Financial Institution. Your Financial Account Data cannot be updated by Finfini since it’s imported from your Financial Institution.
- Data Retention
Finfini will delete your Personal Information from its primary production servers when you delete your account with Finfini, or expressly withdraw your consent to our holding and further processing of your Personal Information.
You have the right to withdraw your consent to our holding, and further processing of your Personal Information at any time by emailing us at [email protected]
If we are processing or controlling your Personal Information, you may have a right to lodge a complaint about our data protection, or privacy practices, with your local privacy and data protection regulatory body. For more information, please consult the applicable privacy and data protection regulatory body for the jurisdiction in which you reside.
- Contact Us