Privacy Policy

The Controller responsible for the lawful, controlled, and informed processing of personal data ("Personal Data") is FINYO. This document has been prepared in compliance with the data protection laws and regulations applicable in the countries where we operate, including local and international regulations such as the European Union's General Data Protection Regulation (GDPR), among others. Acceptance of this Privacy Policy implies express consent for the processing of Personal Data as set forth herein.

Identity of the Controller

• Holder: Rodrigo Abraham Hernández García
• Address: Av Las Cañadas 501, interior 600 Tres Marías, 58254 Morelia, Mich.
• Email: rodrigo@emkode.com
• Website: https://finyo.ai/

Rodrigo Abraham Hernández García, with address for receiving notifications solely regarding privacy and personal data protection matters at Av Las Cañadas 501, interior 600 Tres Marías, 58254 Morelia, Mich., is the controller responsible for the lawful, controlled, and informed processing of personal data ("Personal Data") of its prospects, clients, and users (the "Holder"), in compliance with the provisions of the Federal Law on Protection of Personal Data Held by Private Parties (the "Law"), its regulations, as well as the Privacy Notice Guidelines (the "Guidelines"), current secondary regulations, and applicable national and international standards on the protection of personal data, hereby making available this Privacy Notice (the "Notice"), prior to the collection of Personal Data, in strict adherence to the principles of lawfulness, consent, information, quality, purpose, loyalty, proportionality, and accountability set forth in the Law and its regulations.

Principles applied in the processing of Personal Data:

1. Lawfulness, fairness, and transparency: Informed and explicit consent is requested from the Holder for one or more specific purposes.
2. Data minimization: Only data strictly necessary for the stated purposes is collected.
3. Storage limitation: Data will be stored only for the time necessary to fulfill the processing purposes.
4. Integrity and confidentiality: Strict security measures are applied to ensure data protection.

In order to guarantee privacy, the proper processing of your Personal Data, the right to informational self-determination of individuals, and to enable FINYO to provide its services, FINYO may collect Personal Data through any of the following means: (i) directly from the Holder; (ii) directly when the Holder enters their Personal Data through the website https://finyo.ai/ (the "Website") or through any link, microsite, or accessory directly related thereto, as well as the Platform known as "Finyo" (the "App"); (iii) through social media managed by FINYO; and (iv) when information is obtained through publicly accessible sources permitted by the Law.

1. Basic Personal Information

   Information is collected to provide and improve our services.

   • Identification data: full name, date of birth and/or age, country and state of birth, nationality.
   • Electronic and digital data: phone number (home, office, and/or mobile), email address, fingerprint or digital authentication and/or through other electronic, optical, or any other technology recognized by law that the Controller makes available.
2. Financial data

   To offer personalized financial services, we collect complete transaction history on the platform, account balance and movement information, data on established budgets and their tracking, financial goals and progress toward them, and spending patterns and financial behavior.

3. Technical Data

   We automatically collect unique device identifiers, IP addresses and geolocation data, browser and operating system information, and usage and navigation patterns within the application.

FINYO will never collect data from the Holder that may be considered sensitive under applicable regulations.

Personal data processed by FINYO will be used to carry out the following purposes:

1. Primary Purpose
   • Verify and confirm the Holder's identity as a client, user, or prospective client or user of the services offered through the Website and the App.
   • Provide the products and/or services that the Holder has requested from FINYO through the Website and/or the App.
   • Provide personalized financial services and analysis.
   • Adapt the user experience according to their preferences.
   • Generate reports and statistical analysis.
   • Continuously improve our services and functionalities.
   • Detect and prevent fraud.
   • Create and/or update databases, statistics, reports, or studies related to the services and products that the Holder has requested.
2. Communications
   • Important notifications about your account and transactions.
   • Critical service updates and policy changes.
   • Marketing communications (with opt-in option).
   • Security alerts and verifications.
   • Create profiles related to the consumption, spending, or investment habits of clients and users of the services and/or products offered by the Controller.

1. Security Measures
   • End-to-end encryption for all processed personal data.
   • Daily backups and recovery procedures.
   • Internal access controls with limited privileges based on the role of authorized personnel.
   • Periodic monitoring and supervision of technological infrastructure.
   • Application of security updates and patches on the systems used.
   • Access logging to detect unauthorized activities.
2. Storage
   • Main servers are hosted on Amazon Web Services (AWS), which holds international security and availability certifications.
   • Data is retained for the legally required period or as long as necessary for the purposes described in this Notice.
   • Backups are part of an incident recovery plan to ensure information availability.

1. With Third Parties
   • Payment processing service providers.
   • Technology partners for service analysis and improvement.
   • Competent authorities when legally required.
   • Authentication and verification service providers.
2. Restrictions

   We commit to:

   • Not selling personal data to third parties.
   • Maintaining strict confidentiality agreements.
   • Limiting data access based on the principle of necessity.
   • Regularly auditing data use by third parties.

The Holder may express their refusal to the processing of their Personal Data for secondary purposes by sending an email to hello@finyo.ai, which must contain their contact information and any other information that allows a response to said request, refraining from providing additional information of which they are not the holder or for which they do not have authorization to transfer, as well as to exercise any of the rights of access, rectification, cancellation, and opposition under the terms contained in this Notice.

1. This Notice has been made known to you by FINYO.
2. You have read, understood, and agreed to the terms set forth in this Notice, and you expressly grant your written consent regarding the processing of your Personal Data.
3. The Holder expressly grants written consent for FINYO to process their Personal Data for the purposes referred to in the previous section, specifically regarding the stated purpose related to the transfer of their Personal Data.

The Holder may at any time exercise their rights of Access, Rectification, Cancellation, and Opposition (ARCO) regarding the processing of their Personal Data. To do so, they must send a request to the email address hello@finyo.ai, clearly indicating the right they wish to exercise and attaching the necessary information for follow-up.

FINYO assumes that the information provided by the Holder belongs to the latter. If this is not the case, the Holder must immediately inform FINYO by sending an email to help@finyo.ai, which must contain their contact information and any other information that allows a response to said report, refraining from providing additional information of which they are not the holder or for which they do not have authorization to transfer.

The Website and the App use remote or local electronic, optical, or other technological communication mechanisms that allow the automatic and simultaneous collection of Personal Data when the Holder interacts with them, including Cookies and Web Beacons to simplify navigation.

Cookies are text files that are automatically downloaded and stored on the user's mobile device when browsing a specific Internet page, which allow the Internet server to remember certain data about the user, including their purchase preferences for viewing pages on that server, username, and password.

Web Beacons are images inserted in an Internet page or email that can be used to monitor visitor behavior, such as storing information about the user's IP address, duration of interaction on said page, and the type of browser used, among others.

We inform you that we use Cookies and Web Beacons to obtain personal information from you, such as: (i) the type of browser and operating system you use; (ii) to analyze site usage to improve our services; (iii) the links you follow and time spent on the Website; (iv) your IP address; (v) the location from which you visit the Website and navigation statistics. These Cookies and other technologies can be disabled. You can search for information about known browsers and find out how to adjust Cookie preferences on each browser's website.

The Website and the App may contain links, hyperlinks, or hypertext "links", banners, buttons, and/or Internet search tools that, when used by Holders, redirect to other portals or Internet sites that may be owned by third parties. Additionally, the integration with third-party platforms such as WhatsApp and artificial intelligence services may include functionalities, content, or additional links over which we have no direct control. Therefore, we do not control said sites, messaging platforms, AI services, or third-party tools, and we assume no responsibility for:

• The privacy notices they display, or the lack thereof.
• The data usage policies of WhatsApp or messaging platforms.
• The results, recommendations, or analysis generated by artificial intelligence systems.
• The content, accuracy, or implications of data provided or processed by third parties.

The Personal Data that Holders may provide through such portals, Internet sites, messaging platforms, or AI services other than the Website and the App are their sole responsibility, and they should verify:

• The privacy notice of each website they access.
• The terms of service of WhatsApp and other platforms.
• The terms of use of artificial intelligence services.

Some links, banners, WhatsApp integrations, AI tools, and/or buttons that request Personal Data within the Website and the App are the responsibility of third parties unrelated to the Controller, who are sometimes service providers, and are therefore governed by their own terms and privacy policies. The user acknowledges and accepts that interaction with these third-party platforms and services is under their sole responsibility.

Consequently, the use of such third-party platforms or services is under the sole responsibility of the Holder.

The Controller reserves the right to periodically update or modify the Privacy Notice in accordance with changes in information practices, in response to legislative developments, as well as resulting from internal policies. Such modifications will be made available to the public through the Website and the App, in the Privacy Policy section. The Holder is recommended or required to consult the Privacy Notice at least every six months to stay updated on its conditions and terms.