Privacy Policy

Introduction

Finthy (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our financial dashboard platform and related services.

Information We Collect

Personal Information

Account Information: Name, email address, phone number, and password
Identity Verification: Government-issued ID, address verification documents
Profile Information: Country of residence, preferred language, timezone

Financial Information

Bank Account Data: Account numbers, balances, transaction history
Transaction Details: Merchant information, amounts, dates, categories
Financial Goals: Budgets, savings targets, financial preferences
Uploaded Documents: PDF bank statements, receipt images, or other financial documents you upload for AI transaction import

Technical Information

Device Information: IP address, browser type, operating system
Usage Data: How you interact with our platform, features used
Cookies: Session cookies, preference cookies, analytics cookies

How We Use Your Information

Primary Services

Account Management: Creating and maintaining your Finthy account
Financial Analytics: Providing insights, budgeting tools, and spending analysis
Transaction Processing: Categorizing and organizing your financial data
Multi-Currency Support: Converting and displaying balances in different currencies
AI Transaction Import: Using optical character recognition (OCR) and AI to extract transaction data from uploaded PDF files and images

Communication

Service Updates: Important notifications about your account or our services
Support: Responding to your questions and providing customer assistance
Marketing: Sending relevant offers and updates (with your consent)

Security & Compliance

Fraud Prevention: Monitoring for suspicious activities
Legal Compliance: Meeting regulatory requirements in Mexico, Chile, Brazil, USA, and Canada
Service Improvement: Analyzing usage patterns to enhance our platform

We DO NOT sell your personal or financial information to third parties.

Service Providers

Banking Partners: Secure connections to retrieve your financial data through Plaid (USA, Canada) and our Chrome Extension (Mexico)
Payment Processor: Stripe processes all subscription payments securely. Stripe’s privacy policy applies to payment data.
AI Services: Third-party AI providers for document processing and transaction extraction
Technology Partners: Cloud hosting, data analytics, and security services

Banking Partner Data Practices

When you connect your bank accounts through our platform, we use trusted third-party services to securely access your financial data. Each partner operates under strict security and privacy standards.

Plaid (United States & Canada)

For users connecting US or Canadian financial institutions, we use Plaid Inc. to securely access your bank account information.

What data Plaid collects:

Account information (account name, type, and masked account number)
Account balances (current and available balances)
Transaction history (date, amount, merchant name, category)
Account holder information (name associated with the account)

How Plaid uses your data:

Plaid transmits your financial data to Finthy to provide our services
Plaid may use anonymized and aggregated data to improve their services
Plaid does not sell your personal financial data to third parties

Your control over Plaid data:

You can disconnect your accounts at any time through Finthy’s settings
You can manage or revoke Plaid’s access to your accounts at my.plaid.com
For more information, see Plaid’s End User Privacy Policy

Legal Requirements

Government Requests: When required by law or court order
Safety & Security: To protect against fraud or security threats
Business Transfers: In case of merger, acquisition, or sale of assets

AI Document Processing

How It Works

When you upload PDF bank statements or images for transaction import:

Documents are encrypted during upload and processing
AI/OCR technology extracts transaction data (dates, amounts, descriptions)
Extracted data is presented for your review before saving
Original uploaded files are deleted after processing (typically within 24 hours)

What We Don’t Do

We do not use your uploaded documents to train AI models
We do not share your documents with third parties except for processing
We do not retain documents longer than necessary for extraction

Data Security

Encryption

Data in Transit: All data transmitted using TLS 1.3 encryption
Data at Rest: Financial data encrypted using AES-256 encryption
Platform Security: Secure token-based authentication with banking partners

Access Controls

Employee Access: Strict need-to-know basis with regular audits
User Authentication: Multi-factor authentication options available
Session Management: Automatic logout and session security

Security Monitoring

24/7 Monitoring: Continuous security monitoring and threat detection
Regular Audits: Quarterly security assessments and penetration testing
Incident Response: Immediate response to any security incidents

Your Rights and Choices

Account Control

Data Access: View and download your personal and financial data
Data Correction: Update or correct inaccurate information
Account Deletion: Delete your account and associated data

Privacy Controls

Marketing Preferences: Opt-out of marketing communications
Cookie Settings: Control non-essential cookies
Data Sharing: Limit how we share your information

Regional Rights

Depending on your location, you may have additional rights under local privacy laws such as LGPD (Brazil), GDPR (European Union), or CCPA (California) as detailed below.

Your California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Categories of Personal Information We Collect

Identifiers: Name, email address, IP address, account credentials
Financial Information: Bank account details, transaction history, balances
Internet Activity: Browsing history, interactions with our platform
Geolocation Data: Country and general location based on IP address
Professional Information: Employment status if provided for verification

Your CCPA Rights

Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale: Finthy does NOT sell personal information. We do not engage in the sale of personal information as defined by the CCPA.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

How to Exercise Your Rights

Online: Through your account settings at app.finthy.com
Email: [email protected]
Data Subject Request Form: Available in your account under Settings > Privacy

We will respond to your request within 45 days, as required by CCPA.

Verification

To protect your privacy, we will verify your identity before fulfilling your request by matching the information you provide with the information we have on file.

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We will require proof of the agent’s authorization and verify your identity directly.

Data Retention

Active Accounts: Data retained while your account is active
Inactive Accounts: Data retained for 7 years after account closure
Transaction Data: Financial transaction data retained for 10 years for compliance
Marketing Data: Removed immediately upon opt-out request
Uploaded Documents: PDF and image files deleted within 24 hours after processing

Transaction History Access

Your access to historical transaction data depends on your subscription plan:

Free Plan: Access to the last 90 days of transaction history
Paid Plans (Plus, Pro, Business): Full access to complete transaction history

Note: All transaction data is stored regardless of plan, but viewing access may be limited on the Free plan.

International Transfers

Your data may be processed in servers located in different countries. We ensure appropriate safeguards are in place for international data transfers, including:

Adequacy Decisions: Transfers to countries with adequate data protection
Standard Contractual Clauses: Legal protections for international transfers
Encryption: All international transfers are encrypted

Cookies and Tracking

Essential Cookies

Authentication: Keeping you logged in securely
Security: Protecting against fraud and attacks
Functionality: Remembering your preferences and settings

Analytics Cookies

Usage Analytics: Understanding how our platform is used
Performance Monitoring: Identifying and fixing technical issues
Feature Usage: Measuring the effectiveness of new features

Third-Party Services

Google Analytics: Website usage analytics (anonymized)
Customer Support: Chat and support tools
Payment Processing: Secure payment processing services

Changes to This Policy

We may update this Privacy Policy from time to time. We will:

Notify Users: Send email notifications for material changes
Update Date: Reflect the last updated date at the top of this policy
Continued Use: Your continued use indicates acceptance of changes

Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: [email protected]
Address: [To be provided]
Data Protection Officer: [email protected]

For country-specific privacy inquiries:

Mexico: [email protected]
Chile: [email protected]
Brazil: [email protected]

This Privacy Policy is available in English, Spanish, and Portuguese. In case of conflicts between translations, the English version shall prevail.