Privacy Policy

Last Updated: June 5, 2025

Effective Date: June 5, 2025

Introduction

Finaro ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered financial intelligence platform (the "Service").

🚨 Important Financial Service Disclaimers

NOT FINANCIAL ADVICE: Finaro provides financial information, insights, and analysis for educational purposes only. We do not provide personalized investment advice, recommendations, or financial planning services.

NO FIDUCIARY RELATIONSHIP: We are not acting as your financial advisor, investment advisor, or in any fiduciary capacity. Always consult with qualified financial professionals before making financial decisions.

REGULATORY STATUS: Finaro is not registered as an investment advisor with the SEC (United States) or any Canadian provincial securities regulator. Our AI-generated insights are informational only.

CROSS-BORDER CONSIDERATIONS: If you are accessing our services from Canada or the United States, local financial regulations may apply. You are responsible for ensuring compliance with your local laws.

Information We Collect

1. Financial Data

  • Bank account information (account numbers, balances, transaction history)
  • Transaction details (amounts, descriptions, dates, merchant information)
  • Account credentials for financial institutions (encrypted and secure)
  • Credit card and payment method information

2. Personal Information

  • Name, email address, and contact information
  • Account preferences and settings
  • Organization and team member information
  • Communication preferences

3. Usage Data

  • Chat conversations with our AI assistant
  • Questions asked and insights requested
  • Platform usage patterns and analytics
  • Device information and IP addresses

4. Technical Data

  • Browser type, operating system, and device information
  • Log files and error reports
  • Performance metrics and system diagnostics

How We Use Your Information

1. Core Service Delivery

  • Provide AI-powered financial insights and analysis
  • Categorize and organize your financial transactions
  • Generate spending summaries and trend analysis
  • Facilitate team collaboration on financial data

2. AI and Machine Learning

  • Train and improve our AI models for better categorization
  • Provide personalized insights based on your financial patterns
  • Detect anomalies and unusual spending patterns
  • Generate intelligent responses to your financial queries

3. Platform Improvement

  • Analyze usage patterns to improve our services
  • Develop new features and functionality
  • Optimize platform performance and security
  • Conduct research and analytics (aggregated and anonymized)

4. Communication and Support

  • Send service-related notifications and updates
  • Provide customer support and technical assistance
  • Send security alerts and important account information
  • Deliver optional marketing communications (with consent)

🤖 AI and Data Processing Transparency

AI Model Usage: We use large language models (LLMs) through OpenRouter to analyze your financial data and provide insights. Your transaction data may be processed by third-party AI providers, but we maintain strict data protection agreements.

Automated Decision-Making: Our AI automatically categorizes transactions and generates insights. You can always review, correct, and override AI decisions.

Learning and Improvement: Our AI learns from aggregated, anonymized user interactions to improve accuracy, but individual financial decisions remain private.

Human Oversight: While our AI provides automated insights, all outputs are clearly marked as AI-generated and should not replace professional financial advice.

Information Sharing and Disclosure

We Do NOT Sell Your Data

We never sell, rent, or trade your personal or financial information to third parties for marketing purposes.

Limited Sharing Scenarios

  • Service Providers: We share data with trusted third-party service providers (cloud hosting, AI processing, analytics) under strict data protection agreements
  • Team Members: Within your organization, data is shared according to the access permissions you set
  • Legal Requirements: We may disclose information if required by law, legal process, or to protect rights and safety
  • Business Transfers: In the event of a merger or acquisition, user data may be transferred with appropriate notifications

Third-Party Services

  • SimpleFin: For secure bank connectivity and transaction retrieval
  • Supabase: For secure database and authentication services
  • OpenRouter: For AI processing and natural language understanding
  • Analytics Providers: For platform usage analytics (anonymized data only)

Data Security

Security Measures

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access controls
  • Bank-Level Security: We follow financial industry security standards and best practices
  • Regular Audits: Regular security assessments and vulnerability testing
  • SOC 2 Compliance: Working toward SOC 2 Type II certification

Credential Protection

  • Banking credentials are encrypted and never stored in plain text
  • We use read-only access to your financial accounts
  • We cannot move money or initiate transactions
  • Credentials are processed through secure, certified financial data providers

Data Breach Protocol

In the unlikely event of a data breach, we will notify affected users within 72 hours and take immediate steps to secure the platform and investigate the incident.

🌍 Cross-Border Data Transfers

Data Location: Your financial data is stored on secure servers primarily located in the United States, with potential processing in Canada.

Transfer Safeguards: We implement appropriate safeguards for international data transfers, including encryption, access controls, and contractual protections.

Canadian Users: For Canadian users, we comply with PIPEDA (Personal Information Protection and Electronic Documents Act) requirements.

US Users: For US users, we comply with applicable state privacy laws including CCPA, CPRA, and other relevant regulations.

Data Residency Options: Enterprise customers may request specific data residency arrangements.

Your Rights and Choices

Data Control Rights

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data

Communication Preferences

  • Opt-out of marketing communications (service communications may continue)
  • Customize notification preferences
  • Control sharing settings within your organization

Account Management

  • Disconnect bank accounts at any time
  • Download your transaction data
  • Permanently delete your account and associated data

To exercise these rights, contact us at [email protected] or through your account settings.

Data Retention

  • Active Accounts: We retain your data while your account is active and as needed to provide services
  • Account Deletion: When you delete your account, we remove your personal data within 30 days
  • Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes
  • Anonymized Data: We may retain anonymized, aggregated data for analytics and improvement purposes
  • Backup Systems: Data in backup systems is permanently deleted within 90 days of account deletion

Children's Privacy

Finaro is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Regional Privacy Rights

Canadian Residents (PIPEDA)

  • Right to know what personal information we collect and how it's used
  • Right to access and correct your personal information
  • Right to withdraw consent for data processing
  • Right to file complaints with the Privacy Commissioner of Canada

California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we don't sell data)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information

Other US States

We comply with applicable state privacy laws in Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email notification.

Contact Us

Privacy Officer: [email protected]

General Support: [email protected]

Security Issues: [email protected]

Legal Inquiries: [email protected]

Response Time: We respond to privacy-related inquiries within 30 days. For urgent security matters, contact [email protected] for faster response.

⚖️ Legal Disclaimer

This Privacy Policy is part of our Terms of Service. By using Finaro, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you are accessing our services from outside the United States or Canada, you are responsible for compliance with local privacy and financial regulations.