Legal

Privacy Policy

Last updated: 1 March 2025 · Effective: 1 March 2025

This Privacy Policy explains how Finctells Inc. ("Finctells", "we", "our", or "us") collects, uses, shares, and protects your personal data when you use our platform and services. Please read it carefully.

Table of contents

  1. 1. Data we collect
  2. 2. How we use your data
  3. 3. Data sharing
  4. 4. Data security
  5. 5. Cookies
  6. 6. Your rights
  7. 7. Data retention
  8. 8. International data transfers
  9. 9. Children's privacy
  10. 10. Changes to this policy
  11. 11. Contact us

1. Data we collect

We collect information you provide directly to us and information we collect automatically when you use our services.

Information you provide: • Account registration data: name, email address, company name, job title, and password. • Billing and payment information: credit card or bank account details processed securely through our payment processor (Stripe). • Financial data: any financial data you upload, import, or connect to the Finctells platform for analysis and reporting. • Communications: messages you send to our support team, survey responses, and feedback.

Information collected automatically: • Usage data: pages visited, features used, actions taken within the platform, session duration, and referring URLs. • Device and browser data: IP address, browser type and version, operating system, device identifiers. • Log data: server logs including request timestamps, error logs, and performance data. • Cookies and tracking technologies: as described in our Cookie Policy.

2. How we use your data

We use the information we collect to:

Provide and improve our services: process your financial data, generate analytics, forecasts, and reports, and continuously improve platform features. • Account management: create and manage your account, authenticate logins, and enforce access controls. • Billing: process payments, send invoices, and manage subscriptions. • Customer support: respond to your requests, troubleshoot issues, and provide onboarding assistance. • Security: detect and prevent fraud, unauthorised access, and abuse. • Communications: send transactional emails (receipts, alerts), product updates, and (with your consent) marketing communications. • Legal compliance: comply with applicable laws, regulations, and legal process. • Analytics: understand how customers use Finctells to guide product development and business decisions.

3. Data sharing

We do not sell your personal data. We share your data only in the following circumstances:

Service providers: we engage trusted third-party vendors (cloud hosting, payment processing, email delivery, analytics) who process data solely on our behalf under strict confidentiality agreements. • Business transfers: if Finctells is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you in advance. • Legal requirements: we may disclose data if required by law, court order, or to protect the rights, property, or safety of Finctells, our users, or the public. • With your consent: we may share data for other purposes with your explicit consent.

We do not share your financial data with third parties for advertising or marketing purposes.

4. Data security

We implement industry-standard security measures to protect your data:

Encryption at rest: all data is encrypted using AES-256. • Encryption in transit: all communications are encrypted using TLS 1.3. • Access controls: role-based access controls (RBAC) ensure employees access only the data necessary for their function. • Audit logging: all data access and modifications are recorded in immutable audit logs. • SOC 2 Type II: our security controls are independently audited and certified annually. • Penetration testing: we conduct regular third-party security assessments. • Data residency: customer data is stored in AWS ap-southeast-1 (Singapore) by default, with options for EU and US regions on Enterprise plans.

No method of transmission or storage is 100% secure. We encourage you to use strong passwords and enable multi-factor authentication on your account.

5. Cookies

We use cookies and similar tracking technologies to operate and improve our services. For full details, please see our Cookie Policy.

Essential cookies are necessary for the platform to function and cannot be disabled. Analytics and preference cookies help us understand usage and remember your settings. You can manage non-essential cookies through your browser settings or our cookie consent tool.

6. Your rights

Depending on your location, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you. • Correction: request correction of inaccurate or incomplete data. • Deletion: request deletion of your personal data, subject to legal retention requirements. • Portability: receive your data in a structured, machine-readable format. • Restriction: request that we restrict processing of your data in certain circumstances. • Objection: object to processing based on legitimate interests or for direct marketing. • Withdraw consent: withdraw any previously given consent at any time.

GDPR (EU/EEA users): You have all rights listed above under the General Data Protection Regulation. Our legal bases for processing are contract performance, legitimate interests, legal obligation, and consent.

PDPA (Thailand users): You have rights under the Personal Data Protection Act B.E. 2562, including the right to access, correct, delete, and port your data.

CCPA (California users): You have the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@finctells.io. We will respond within 30 days.

7. Data retention

We retain your data for as long as your account is active or as needed to provide our services. Upon account termination:

• Account data is deleted within 90 days. • Financial data is deleted within 30 days unless you request immediate deletion. • Audit logs are retained for 7 years as required by applicable accounting regulations. • Anonymised, aggregated data may be retained indefinitely for product analytics purposes.

8. International data transfers

Finctells is headquartered in Thailand and serves customers globally. If you are located in the EU/EEA, your data may be transferred to and processed in countries outside the EEA, including Thailand and Singapore.

We ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.

9. Children's privacy

Finctells is designed for business use by adults. We do not knowingly collect personal data from anyone under 18 years of age. If you believe a minor has provided us with personal data, please contact us at privacy@finctells.io and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice on the platform at least 30 days before the change takes effect. Your continued use of Finctells after the effective date constitutes acceptance of the updated policy.

11. Contact us

For privacy-related questions, requests, or complaints, please contact:

Finctells Inc. — Data Privacy Team Email: privacy@finctells.io Address: 88 Silom Road, Suriyawong, Bang Rak, Bangkok 10500, Thailand

For EU/EEA users, our EU representative can be reached at: eu-rep@finctells.io

You also have the right to lodge a complaint with your local data protection authority.