← Back to FinioAI

Privacy Policy

Last updated: November 25, 2025

At FinioAI, we are committed to protecting your privacy and ensuring the security of your financial data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our AI-powered treasury management platform.

1. Information We Collect

At FinioAI, we collect various types of information to provide you with intelligent treasury management services and ensure the security and effectiveness of our AI-powered platform.

Personal and Business Information

  • Identity Information: Full name, job title, business email address, phone number, and business address
  • Company Details: Company name, registration number, tax identification, business type, industry classification
  • Professional Information: Your role in the organization, department, authorization level, and reporting structure
  • Authentication Data: Login credentials, security questions, multi-factor authentication settings

Financial Data

  • Bank Account Information: Account numbers, routing numbers, account types, bank names, and account balances
  • Transaction Data: Payment history, transaction amounts, dates, descriptions, counterparties, and transaction categories
  • Cash Flow Information: Inflow and outflow patterns, seasonality data, recurring payments, and cash forecasting data
  • Investment Holdings: Portfolio composition, asset allocation, investment performance, and risk metrics
  • Financial Statements: Balance sheets, income statements, cash flow statements, and key financial ratios
  • Credit Information: Credit scores, payment history, outstanding debts, and credit facility details

Platform Usage Data

  • Activity Logs: Login times, feature usage, dashboard interactions, report generation, and user actions
  • Preferences: Dashboard customization, notification settings, display preferences, and user configurations
  • Performance Metrics: System response times, error rates, feature adoption, and usage patterns
  • Communication Data: Support ticket history, chat logs, email communications, and feedback submissions

Technical Information

  • Device Information: Device type, operating system, browser version, screen resolution, and device identifiers
  • Network Data: IP address, geographic location, internet service provider, and connection type
  • Security Information: Access logs, security events, failed login attempts, and threat detection data
  • Integration Data: Third-party service connections, API usage, and data synchronization logs

2. How We Use Your Information

We use your information to provide comprehensive treasury management services, ensure platform security, and continuously improve our AI-powered insights.

Core Service Delivery

  • • Provide real-time cash flow monitoring and financial dashboard analytics
  • • Generate AI-powered treasury insights and investment recommendations
  • • Create predictive cash flow forecasts and scenario analysis
  • • Perform automated risk assessment and liquidity management
  • • Execute treasury optimization strategies and investment allocation
  • • Provide regulatory compliance monitoring and reporting

AI and Machine Learning

  • • Train and improve our AI models for better financial predictions
  • • Develop personalized investment recommendations based on your risk profile
  • • Create industry benchmarks and peer comparison analytics
  • • Enhance fraud detection and anomaly identification systems
  • • Optimize cash allocation algorithms and investment timing strategies

Security and Compliance

  • • Monitor for suspicious activities and potential security threats
  • • Ensure compliance with financial regulations and reporting requirements
  • • Verify user identity and prevent unauthorized access
  • • Conduct regular security audits and vulnerability assessments
  • • Maintain audit trails for regulatory and legal requirements

Communication and Support

  • • Provide customer support and technical assistance
  • • Send service updates, security alerts, and important notifications
  • • Deliver educational content and best practices guidance
  • • Conduct user training and onboarding programs
  • • Gather feedback for service improvement and feature development

3. Data Security and Protection

Your financial data security is our highest priority. We implement multiple layers of enterprise-grade security measures to protect your sensitive information.

Encryption and Data Protection

  • End-to-End Encryption: All data transmitted between your devices and our servers using TLS 1.3
  • Data at Rest: AES-256 encryption for all stored financial data and personal information
  • Database Security: Encrypted databases with regular security patches and updates
  • Key Management: Hardware Security Modules (HSM) for encryption key protection
  • Data Tokenization: Sensitive financial data replaced with non-sensitive tokens

Access Controls and Authentication

  • Multi-Factor Authentication: Required for all user accounts and administrative access
  • Role-Based Access: Principle of least privilege with granular permission controls
  • Session Management: Automatic session timeouts and secure session handling
  • IP Whitelisting: Restrict access to approved IP addresses and locations
  • Regular Access Reviews: Periodic verification of user permissions and access rights

Infrastructure Security

  • Cloud Security: AWS/Azure enterprise security with SOC 2 Type II compliance
  • Network Segmentation: Isolated network zones with firewall protection
  • DDoS Protection: Advanced threat detection and mitigation systems
  • Backup and Recovery: Encrypted backups with geo-distributed storage
  • Monitoring: 24/7 security monitoring and incident response

Compliance and Auditing

  • Industry Standards: SOC 2 Type II, ISO 27001, and PCI DSS compliance
  • Regular Audits: Third-party security assessments and penetration testing
  • Regulatory Compliance: Adherence to financial data protection regulations
  • Audit Logs: Comprehensive logging of all system access and data modifications
  • Incident Response: Documented procedures for security breach management

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal or financial data. We may share information only in specific, limited circumstances with your consent or as required by law.

Authorized Data Sharing

  • With Your Consent: When you explicitly authorize data sharing for specific integrations
  • Service Providers: Trusted third parties who assist in platform operations under strict agreements
  • Financial Institutions: Banks and investment platforms for executing transactions you authorize
  • Regulatory Bodies: When required by law or regulatory compliance obligations
  • Legal Requirements: Court orders, subpoenas, or law enforcement requests

Service Provider Categories

  • Cloud Infrastructure: AWS/Azure for secure data hosting and processing
  • Financial Data Providers: Bank connectivity and transaction data aggregation
  • Security Services: Fraud detection, threat monitoring, and incident response
  • Analytics Partners: Data processing for AI model training and improvement
  • Compliance Vendors: Regulatory reporting and audit support services

Data Protection Agreements

  • • All service providers sign comprehensive Data Processing Agreements (DPAs)
  • • Strict confidentiality clauses and non-disclosure agreements
  • • Regular security assessments and compliance audits of partners
  • • Contractual requirements for data deletion and breach notification
  • • Liability and indemnification clauses for data protection violations

5. Data Retention and Deletion

We retain your data only as long as necessary to provide our services, comply with legal obligations, and maintain business records for legitimate purposes.

Retention Periods

  • Active Account Data: Retained while your account is active and for 7 years after account closure
  • Financial Transactions: 7 years for tax and regulatory compliance requirements
  • Audit Logs: 3 years for security monitoring and compliance purposes
  • Communication Records: 3 years for customer support and legal protection
  • Marketing Data: Until you unsubscribe or request deletion

Data Deletion Process

  • • Secure deletion using cryptographic erasure and data wiping standards
  • • Removal from all backup systems and archived storage
  • • Notification to third parties to delete shared data
  • • Certificate of destruction for highly sensitive data
  • • Compliance with legal hold and litigation requirements

6. Your Rights and Choices

You have comprehensive rights regarding your personal and financial data. We provide tools and processes to exercise these rights effectively.

Data Access Rights

  • • Request a complete copy of all personal data we hold about you
  • • Access information about how your data is being processed
  • • Review data sharing arrangements and third-party transfers
  • • Obtain details about data retention periods and deletion schedules
  • • Request information about automated decision-making and AI processing

Data Control Rights

  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of personal data (subject to legal requirements)
  • Restriction: Limit how we process your data in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Portability: Receive your data in a machine-readable format

Consent Management

  • • Withdraw consent for data processing at any time
  • • Opt out of marketing communications and promotional content
  • • Control data sharing with third-party service providers
  • • Manage notification preferences and communication channels
  • • Set privacy preferences for AI model training and analytics

7. International Data Transfers

As a global platform, we may transfer your data internationally while ensuring appropriate safeguards and maintaining the same level of protection.

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs) for EU data transfers
  • • Adequacy decisions for transfers to countries with adequate protection
  • • Binding Corporate Rules for intra-group transfers
  • • Certification schemes and approved codes of conduct
  • • Additional security measures for sensitive financial data

Data Localization

  • • Primary data processing in your home country or region when possible
  • • Compliance with local data residency requirements
  • • Regional data centers for improved performance and compliance
  • • Cross-border transfer notifications and consent management

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience, provide security, and analyze platform usage.

Cookie Categories

  • Essential Cookies: Required for platform functionality and security
  • Performance Cookies: Help us understand how you use our platform
  • Functional Cookies: Remember your preferences and settings
  • Security Cookies: Detect and prevent fraudulent activity

Cookie Management

  • • Browser settings to block or delete cookies
  • • Platform preference center for granular control
  • • Opt-out mechanisms for non-essential tracking
  • • Regular cookie audit and cleanup processes

9. Contact Information

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us using the information below.

Contact Details

General Inquiries:
Data Protection Officer:
Security Team:
Mailing Address:
Tovis Fintech Pvt Ltd
Delhi, India

Response Times

  • • General inquiries: Within 48 hours
  • • Data access requests: Within 30 days
  • • Security incidents: Within 24 hours
  • • Privacy complaints: Within 5 business days
← Return to FinioAI