Privacy Policy

Finfy LLC (“Finfy,” “we,” “us,” or “our”) is a Delaware-registered limited liability company operating a software platform that enables approved businesses and service providers to invoice clients and receive payments through Stripe-powered payment processing. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website at finfy.ai and our services (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Services.

2.1 Information You Provide

• Account Registration: Name, email address, and password when you create an account.
• Business Application: Legal business name, trading name, registration number, tax identification number, business address, website URL, owner name and identification documents, service category, description of services, expected transaction volumes, and client countries.
• Profile Information: Display name, business name, biography, website URL, brand color preferences, and logo.
• Payment Information: Invoice details including amounts, currencies, descriptions, and payer information. Finfy does not directly store credit card numbers or bank account details — these are processed and stored by our payment processor, Stripe.
• Communications: Any information you provide when contacting us via email or through the Services.
• Identity Documents: Proof of business registration, government-issued identification, and proof of address submitted during the business application process.

2.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, interactions with the Services, timestamps, and referring URLs.
• Device Information: IP address, browser type and version, operating system, device type, and screen resolution.
• Cookies and Similar Technologies: We use essential cookies to maintain your session and preferences. See Section 8 for more details.

2.3 Information from Third Parties

• Stripe: Account verification status, payout capability status, and transaction outcomes through Stripe Connect. Stripe’s collection and use of data is governed by the Stripe Privacy Policy.
• Authentication Providers: If you sign in using a third-party service, we may receive your name and email address from that provider.

We use personal information for the following purposes:

• Service Delivery: To create and manage your account, process business applications, facilitate invoicing and payment processing, and enable payouts.
• Identity Verification: To verify business legitimacy, comply with know-your-customer (KYC) requirements, and prevent fraud.
• Communications: To send transactional emails (account confirmations, application status updates, payment notifications), and respond to your inquiries.
• Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions and unauthorized access.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including anti-money laundering (AML) and sanctions requirements.
• Service Improvement: To analyze usage patterns, troubleshoot issues, and improve the functionality of the Services.

We do not sell your personal information. We share information only in the following circumstances:

• Stripe: We share necessary information with Stripe, Inc. to process payments, create connected accounts, facilitate payouts, and comply with financial regulations. Stripe acts as both a processor and independent controller for certain data.
• Supabase: Our database and authentication infrastructure is hosted on Supabase, which processes data on our behalf as a data processor.
• Resend: We use Resend to deliver transactional emails. Email addresses and message content are shared for this purpose.
• Vercel: Our website is hosted on Vercel, which processes server requests and may have access to IP addresses and request data.
• Payment Counterparties: When a client pays through an invoice, the service provider’s business name, brand, and invoice details are displayed to the payer. Payer email and name are shared with the service provider for the relevant transaction.
• Legal Requirements: We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect rights, safety, or property.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

We retain your personal information for as long as your account is active or as needed to provide the Services. We also retain information as necessary to:

• Comply with legal obligations (including tax, financial reporting, and AML requirements)
• Resolve disputes and enforce agreements
• Maintain business records as required by applicable law

Transaction records and business application data are retained for a minimum of seven (7) years after account closure, in accordance with financial regulatory requirements. Identity documents are retained for the duration of the business relationship and for the legally required period thereafter.

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit using TLS/SSL
• Encryption of data at rest for sensitive information
• Row-level security (RLS) policies in our database to enforce access controls
• Secure, scoped access to uploaded documents
• Regular security reviews of our infrastructure and code

Payment card data is handled exclusively by Stripe, which is PCI DSS Level 1 certified. Finfy does not process, store, or transmit cardholder data directly.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to certain processing of your personal information.
• Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at Niev@finfy.ai. We will respond within 30 days.

For EEA, UK, and Swiss Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing include: performance of contract (to provide the Services), legitimate interests (security, fraud prevention, service improvement), legal obligations, and consent where applicable. You have the right to lodge a complaint with your local data protection authority.

For California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information. Finfy does not sell personal information.

We use essential cookies to maintain your authentication session and preferences. We do not use third-party advertising cookies or cross-site tracking technologies. Essential cookies are strictly necessary for the Services to function and cannot be disabled.

Finfy is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required under GDPR.

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.

The Services may contain links to third-party websites or services, including Stripe. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date. Your continued use of the Services after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: Niev@finfy.ai
• Phone: +27 78 705 1175
• Entity: Finfy LLC, New York, NY, United States