Finn Logo
Docs

Privacy Policy

Effective Date: January 15, 2025
Last Updated: January 15, 2025

Finnance AI ("Company," "we," "us," or "our") is committed to protecting your privacy and maintaining robust privacy protections for our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered financial communication service, Finn.

1. Information We Collect

1.1 Personal Information

When you register for and use Finn, we collect the following personal information:

Account Information:

  • Email address
  • Phone number
  • Full name
  • Password and authentication credentials

Financial Information:

  • Bank account information (securely connected via bank-level encryption)
  • Transaction data and spending patterns
  • Account balances and financial history
  • Financial goals and preferences
  • Investment data (if applicable)
  • Credit information (if applicable)

Communication Data:

  • Text message conversations with Finn
  • Financial questions and queries
  • Preferences and feedback
  • Chat history and interaction patterns

1.2 Technical Information

We automatically collect certain technical information when you use our service:

Device Information:

  • Device type, operating system, and browser information
  • IP address and location data
  • Unique device identifiers
  • App usage data and crash reports

Usage Data:

  • Pages visited and features used
  • Time spent using the service
  • Click patterns and navigation data
  • Performance metrics

Cookies and Tracking:

  • Session and persistent cookies
  • Local storage data
  • Analytics and performance tracking
  • Security and fraud prevention tokens

2. How We Use Your Information

2.1 Service Provision

We use your information to:

  • Provide personalized AI-powered financial insights and recommendations
  • Enable secure text-based conversations about your finances
  • Connect to your bank accounts and financial institutions
  • Generate spending analysis and financial reports
  • Deliver real-time financial alerts and notifications

2.2 AI and Machine Learning

We use your financial data to:

  • Train and improve our AI models for better financial insights
  • Develop personalized financial recommendations
  • Enhance our natural language processing capabilities
  • Create aggregated, anonymized insights for service improvement
  • Provide automated financial advice and guidance

2.3 Communication

We use your contact information to:

  • Send important account and security notifications
  • Provide customer support and respond to inquiries
  • Send service updates and new feature announcements
  • Share promotional offers (with your consent)
  • Deliver financial alerts and insights

2.4 Security and Compliance

We use your information to:

  • Verify your identity and prevent fraud
  • Monitor for suspicious activity
  • Comply with legal and regulatory requirements
  • Conduct security audits and assessments
  • Maintain service integrity and reliability

3. Information Sharing and Disclosure

3.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our service:

Financial Data Providers:

  • Plaid, Yodlee, or similar financial data aggregation services
  • Banking partners and financial institutions
  • Payment processors and financial technology providers

Technology Partners:

  • Cloud hosting and infrastructure providers
  • AI and machine learning service providers
  • Customer support and communication platforms
  • Analytics and performance monitoring services

3.2 Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal process, court orders, or government requests
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of our users or the public
  • Investigate potential violations of our policies
  • Respond to security incidents or data breaches

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

3.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify you personally for:

  • Industry research and analysis
  • Service improvement and development
  • Marketing and business intelligence
  • Academic research and publications

4. Data Security and Protection

4.1 Security Measures

We implement comprehensive security measures to protect your information:

Encryption:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for sensitive communications
  • Secure key management and rotation

Access Controls:

  • Multi-factor authentication (MFA) for all accounts
  • Role-based access controls for employees
  • Regular access reviews and audits
  • Biometric authentication where supported

Infrastructure Security:

  • SOC 2 Type II compliant infrastructure
  • Regular penetration testing and vulnerability assessments
  • 24/7 security monitoring and incident response
  • Secure data centers with physical security controls

4.2 Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce our agreements
  • Improve our services and develop new features

Financial data is retained according to applicable banking and financial regulations, typically for a minimum of 7 years.

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt-out of certain data processing activities

5.2 Marketing Communications

You can:

  • Unsubscribe from marketing emails using the link in each email
  • Update your communication preferences in your account settings
  • Opt-out of promotional communications while maintaining service notifications

5.3 AI Processing

You can:

  • Request that your data not be used for AI model training
  • Opt-out of personalized AI recommendations
  • Request deletion of AI-generated insights based on your data

5.4 Financial Data

You can:

  • Disconnect bank accounts at any time
  • Request deletion of specific transaction data
  • Control which financial institutions are connected
  • Set spending limits and alert preferences

6. Compliance and Regulations

6.1 Financial Services Compliance

We comply with applicable financial services regulations, including:

  • Gramm-Leach-Bliley Act (GLBA) for financial privacy
  • Fair Credit Reporting Act (FCRA) for credit information
  • Bank Secrecy Act (BSA) for anti-money laundering
  • State financial privacy laws and regulations

6.2 Data Protection Regulations

We comply with applicable data protection laws, including:

  • General Data Protection Regulation (GDPR) for EU users
  • California Consumer Privacy Act (CCPA) for California residents
  • Virginia Consumer Data Protection Act (VCDPA)
  • Other applicable state and federal privacy laws

6.3 Industry Standards

We maintain compliance with industry standards:

  • PCI DSS for payment card data security
  • SOC 2 Type II for service organization controls
  • ISO 27001 for information security management
  • NIST Cybersecurity Framework

7. International Data Transfers

If you are located outside the United States, please note that your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions from relevant authorities
  • Binding Corporate Rules where applicable

8. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Sending an email to your registered email address
  • Posting a notice on our website
  • Providing in-app notifications

Material changes will become effective 30 days after notification. Non-material changes will become effective immediately upon posting.

10. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Officer:
Email: privacy@textfinn.com
Address: [Finn Privacy Department Address]

Data Protection Officer (EU Users):
Email: dpo@textfinn.com

General Privacy Inquiries:
Email: help@textfinn.com

Data Rights Requests:
Email: data-rights@textfinn.com

This Privacy Policy is effective as of January 15, 2025, and was last updated on January 15, 2025.

Was this page helpful?