1. Introduction

This Privacy Policy outlines how Delaware corporation ("Company," "we," "us," or "our"), with offices at 150 East Palmetto Park Road, Suite 800, Boca Raton, FL 33432, USA, collects, uses, processes, and shares your personal information when you use our website located at finestro.io (the "Website") and the services, content, and features offered through it (collectively, the "Service").

This Privacy Policy is an integral part of our Terms and Conditions. By accessing or using our Service, you confirm that you have read, understood, and agree to the practices described in this policy. If you are under 18 years of age, you confirm that your parent or legal guardian has reviewed and agreed to this policy on your behalf. If you do not agree with this Privacy Policy, you must cease using the Service immediately and request the deletion of any data associated with you.

For the purposes of this policy:

"GDPR" refers to the General Data Protection Regulation (EU) 2016/679.

"EEA" refers to the European Economic Area, which includes all EU member states plus Iceland, Liechtenstein, and Norway. For this policy, the UK is also considered part of the EEA context regarding data protection principles similar to GDPR.

"Personal Data" means any information relating to an identified or identifiable natural person.

"Processing" means any operation performed on Personal Data, such as collection, storage, use, disclosure, or erasure.

2. Data Controller

The controller of your Personal Data processed in connection with the Service is Delaware corporation with offices at 150 East Palmetto Park Road, Suite 800, Boca Raton, FL 33432, USA

3. Information We Collect

We collect information about you through different methods: information you provide directly, information collected automatically through your use of the Service, and information from third-party sources.

3.1. Information You Provide Directly

Registration & Onboarding Data

When you sign up or interact with certain features, you may provide information such as your email address, age, gender, and responses to questions about your financial situation, goals, or mindset.

Communications

If you contact us (e.g., for customer support), we collect the information contained in your communications.

3.2. Information Collected Automatically

Device & Technical Information

We automatically collect data about the device and browser you use, including your IP address, operating system type and version, device model and settings, time zone, language preferences, and unique device identifiers.

Usage Information

We track your interactions with the Service, such as features used, content viewed, frequency and duration of visits, clicks, subscription details, and interactions with advertisements displayed within the Service.

Referral Information

We may collect data about the source that referred you to our Website (e.g., the link or advertisement you clicked).

Transaction Details

When you make a purchase, our third-party payment processors (Stripe, Braintree) collect your payment information (like credit card numbers). We do not store your full payment card details but may receive transaction summaries (date, time, amount, payment method type).

Cookies and Similar Technologies

We use cookies (small text files stored on your device) and similar technologies like tracking pixels (e.g., Meta Pixel, TikTok Pixel). These help us recognize you, remember your preferences, understand how you use the Service, personalize content, and deliver targeted advertising. We use both session cookies (expire when you close your browser) and persistent cookies (remain for a set period). You can manage cookie preferences through your browser settings, although disabling cookies may affect Service functionality.

4. How We Use Your Information

We process your Personal Data for the following purposes:

4.1. To Provide and Maintain the Service: To operate the Website, deliver the Service features, manage user accounts, ensure seamless functionality, and address technical issues or errors. This includes using hosting services (see Section 6).

4.2. To Manage Your Account and Provide Support: To respond to your inquiries, provide technical assistance, and manage your account settings.

4.3. To Communicate With You: To send important service-related notifications (e.g., security alerts, payment confirmations, updates to Terms or this Policy) and, if you opt-in or where legally permissible, marketing communications about our products, features, and special offers. You can opt-out of marketing emails via the unsubscribe link in the email footer. We may use third-party services to manage these communications.

4.4. For Research, Analytics, and Service Improvement: To understand how users interact with the Service, analyze trends, gather demographic information, measure the effectiveness of content and features, test new functionalities, and generally improve the user experience and our product offerings. We utilize analytics tools for this purpose (see Section 6).

4.5. To Personalize Advertising: To work with advertising partners to show you relevant advertisements on our Service or other platforms. This may involve using cookies and sharing certain data (like technical identifiers or usage patterns) with ad networks. You can learn more about controlling personalized ads in the "Opt-Out" information below and in Section 7.

4.6. To Process Payments: To facilitate transactions for paid features via our third-party payment processors (Stripe, Braintree).

4.7. To Enforce Terms and Prevent Fraud: To uphold our Terms and Conditions, detect and prevent fraudulent activity, protect our rights and safety, and ensure the security and integrity of the Service.

4.8. To Comply with Legal Obligations: To process or share your data when required by law, court order, or other legal process, or if requested by law enforcement or public authorities.

5. Legal Basis for Processing (EEA/UK Users)

If you are located in the EEA or the UK, we rely on the following legal bases under GDPR (and applicable UK data protection laws) to process your Personal Data:

Consent

We rely on your consent for certain activities, such as sending direct marketing emails or using non-essential cookies. You can withdraw your consent at any time.

Contract Performance

We process data necessary to fulfill our contractual obligations to you when providing the Service under our Terms and Conditions (e.g., managing your account, processing payments, providing core features).

Legitimate Interest

We process data based on our legitimate interests, provided these are not overridden by your rights and interests. This includes:

• Improving the Service through analytics and research.
• Marketing our Service and personalizing ads (where not requiring explicit consent).
• Detecting and preventing fraud, enforcing our terms.
• Ensuring network and information security.

Legal Obligation

We process data when necessary to comply with our legal duties (e.g., responding to lawful requests from authorities).

6. How We Share Your Information

We do not sell your Personal Data. We may share your information with the following categories of third parties only for the purposes described in this policy.

Service Providers

We engage third-party companies and individuals to perform services on our behalf, acting under our instruction. These may include providers for:

Cloud hosting and infrastructure (e.g., Amazon Web Services)

Data analytics (e.g., Google Analytics, Amplitude])

Payment processing (Stripe, Braintree)

For email marketing campaigns and updates, we partner with services such as Sendgrid, which securely processes email addresses and contact details.

Advertising networks and platforms (e.g., Google Ads, Facebook Ads, TikTok Ads)

We take steps to ensure these providers protect your data appropriately. The specific providers we use may change over time; major categories are listed here, and details may be found in linked third-party privacy policies.

Legal Authorities and Safety

We may disclose your information to law enforcement, government authorities, or courts if required by law, or if we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or others, or to investigate fraud or enforce our Terms.

Business Transfers

In the event of a merger, acquisition, divestiture, bankruptcy, dissolution, reorganization, sale of some or all of our assets, or similar transaction, your Personal Data may be transferred as part of that transaction.

Affiliated Companies

We may share information within our corporate group (e.g., parent companies, subsidiaries) for operational purposes consistent with this policy.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your Personal Data:

Right to Access. Request a copy of the Personal Data we hold about you.

Right to Rectification. Request correction of inaccurate or incomplete Personal Data.

Right to Erasure (Deletion). Request deletion of your Personal Data, subject to certain legal exceptions (e.g., legal retention obligations).

Right to Restrict Processing. Request that we limit the processing of your Personal Data in certain circumstances.

Right to Object. Object to processing based on our legitimate interests or for direct marketing purposes.

Right to Data Portability. Request to receive your Personal Data in a structured, commonly used, machine-readable format, and potentially transmit it to another controller (where technically feasible).

Right to Withdraw Consent. If processing is based on consent, you can withdraw it at any time (this does not affect past processing).

Right to Lodge a Complaint. You have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing infringes data protection laws. (For Cyprus, contact details are provided below).

To exercise any of these rights (other than lodging a complaint), please contact us at [email protected]. We will respond to your request in accordance with applicable laws. We may need to verify your identity before processing your request.

8. Age Requirements

The Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. If you become aware that a child under 18 has provided us with Personal Data without parental consent, please contact us immediately at [email protected], and we will take steps to delete such information.

9. International Data Transfers

Your Personal Data may be transferred to, stored, and processed in countries other than your country of residence, including the United States of America, where our servers or those of our service providers are located. These countries may have data protection laws that differ from those in your jurisdiction.

When transferring Personal Data originating from the EEA or UK to countries outside these regions that have not been deemed adequate by the European Commission, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or rely on other valid transfer mechanisms under applicable law to ensure your data is protected.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. If we make material changes, we will notify you through the Service, by email, or other appropriate means, and provide you an opportunity to review the updated policy before it becomes effective. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

11. California Consumer Rights (CCPA & Shine the Light)

This section applies solely to residents of California, USA.

CCPA: California consumers have specific rights regarding their personal information under the California Consumer Privacy Act (CCPA). These rights are broadly similar to those listed in Section 7 (Access, Deletion, etc.) and can be exercised by contacting us at [email protected]. We do not "sell" personal information as conventionally understood or as defined under CCPA requiring an opt-out mechanism.

Shine the Light: California law permits residents to request, once per year, information about whether we have shared certain categories of personal information with third parties for their direct marketing purposes. To make such a request, please email [email protected] with "Request for California Shine the Light Information" in the subject line, and include your name and California residency confirmation in the body. Not all information sharing is covered by this law, and our response will address only covered sharing.

12. Data Retention

We retain your Personal Data for as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy, including providing the Service, maintaining your account (if applicable), complying with our legal obligations (e.g., tax, accounting), resolving disputes, and enforcing our agreements. When data is no longer needed for these purposes, we will securely delete or anonymize it.

13. "Do Not Track" Signals

Our Service does not currently respond to "Do Not Track" (DNT) signals transmitted by web browsers. We process information as described in this policy regardless of DNT signals. Third-party services we use may have their own policies regarding DNT signals; please refer to their respective privacy policies.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Delaware corporation with offices at 150 East Palmetto Park Road, Suite 800, Boca Raton, FL 33432, USA

Email: [email protected]