Privacy Policy

Data Controller

The data controller for your personal data is:

• Fintello
• France
• contact@fintello.app

Data Collected and Legal Basis

We collect the following data with their respective legal bases:

Purposes of Processing

Your data is used exclusively for the following purposes:

• Service provision: account creation, financial management, data synchronization
• AI Assistant: analysis of your financial data to provide personalized advice
• Customer support: responding to your requests and resolving technical issues
• Security: fraud detection, protection against unauthorized access
• Service improvement: anonymized usage analysis to improve the experience
• Communications: sending transactional emails and, with your consent, newsletters

Sharing and Sub-processors

We never sell your personal data. We only share it with the following sub-processors, all bound by data protection agreements:

We may also disclose your data to competent authorities if required by law (judicial requisition, tax obligation).

Transfers Outside the European Union

Some of our sub-processors are located outside the European Union, particularly in the United States. For these transfers, we implement the following safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Additional technical security measures (encryption, pseudonymization)
• Transfer impact assessment on the protection of your data

You can obtain a copy of the safeguards in place by contacting us at privacy@fintello.app

Cookies and Trackers

We use the following cookies:

You can manage your cookie preferences at any time. Essential cookies cannot be disabled as they are necessary for the service to function.

Retention Periods

Your data is retained according to the following periods:

• Account data: for the duration of your registration, then 30 days after deletion
• Financial data: for the duration of your registration, then deletion within 30 days
• AI chat history: 2 years from the last message, or deletion upon request
• Technical logs: 12 rolling months
• Invoices and accounting data: 10 years (legal requirement)

Your Rights

Under the GDPR (Articles 15 to 22), you have the following rights:

• Right of access (Art. 15): obtain a copy of all your personal data
• Right to rectification (Art. 16): correct inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion of your data
• Right to portability (Art. 20): receive your data in a structured format (JSON/CSV)
• Right to object (Art. 21): object to processing based on legitimate interest
• Right to restriction (Art. 18): temporarily freeze processing of your data
• Withdrawal of consent: withdraw your consent at any time for consent-based processing

To exercise these rights, contact us at privacy@fintello.app with a copy of your ID. We will respond within 30 days.

If you believe your rights are not being respected, you can lodge a complaint with your local data protection authority (e.g., CNIL in France: www.cnil.fr, ICO in the UK: ico.org.uk)

Data Security

We implement state-of-the-art technical and organizational security measures:

• TLS 1.3 encryption for all communications and AES-256 encryption at rest
• Secure authentication with signed JWT tokens, sessions with expiration
• Strict data isolation per user via PostgreSQL Row Level Security (RLS)
• Access logging and regular security audits
• Encrypted daily backups with 30-day retention
• Data access limited to authorized employees following the principle of least privilege

Breach Notification

In the event of a data breach likely to result in a risk to your rights and freedoms, we will inform you as soon as possible, and no later than 72 hours after becoming aware of it, in accordance with Article 33 of the GDPR.

Protection of Minors

Fintello is intended for persons aged 18 and over. We do not knowingly collect personal data from minors. If you are a parent and discover that your child has provided us with data, please contact us to have it deleted.

Contact and DPO

For any questions regarding this policy or your personal data:

Data Protection Officer (DPO)

Email: privacy@fintello.app

Address: Fintello, 675 rue de Thérouanne, 62145 Estrée-Blanche, France

We commit to responding to any request within 30 days.

Changes to This Policy

This policy may be updated. In the event of a substantial change, we will inform you by email or in-app notification at least 30 days before the changes take effect.