🔒 The Short Version
We collect only what's necessary to provide you with a great experience. We never sell your personal data to third parties. You have full control over your information and can request deletion at any time. When you delete your account, we remove your data immediately — no lengthy retention periods. Professional profiles are only accessible to registered and authenticated users as part of our privacy-first approach.
1. Introduction & Scope
Welcome to Finylio. We're a platform that connects individuals with qualified financial and legal professionals while providing real-time market insights. Your trust is the foundation of everything we build.
This Privacy Policy applies to:
- The Finylio mobile application (Android and iOS)
- Our website at finylio.com
- All related services, features, and content we provide
By using Finylio, you acknowledge that you've read and understood this policy. If you disagree with any part, we kindly ask that you discontinue use of our services.
Who We Are
Entity: Finylio
Registered Address: Bandra Kurla Complex, Mumbai, India - 400051
Governing Law: This policy is governed by the laws of India, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
2. Information We Collect
We collect information in three ways: directly from you, automatically through your use of the app, and from third-party services you choose to connect.
2.1 Information You Provide
| Data Type | Examples | Required? |
|---|---|---|
| Account Credentials | Email address, phone number, OAuth tokens | Required |
| Profile Information | Full name, profile photo, date of birth, gender | Optional |
| Preferences | Notification settings, display preferences, interests | Optional |
| User-Generated Content | Posts, comments, uploaded images and videos | User-initiated |
2.2 Information Collected Automatically
When you use Finylio, certain technical information is collected to ensure the app functions correctly and to improve your experience:
- Device Information: Device model, operating system version, unique device identifiers, mobile network information
- Usage Analytics: Features accessed, time spent, interaction patterns, crash reports
- Log Data: IP address, access timestamps, app version, referring URLs
- Location (Approximate): If permitted, we use coarse location to show professionals near you. We never track precise GPS coordinates continuously.
2.3 Information from Sign-In Providers
When you choose to sign in using Google, we receive:
- Your name and email address
- Profile picture (if available)
- A unique identifier from the provider
We do not receive or store your Google password. The authentication is handled securely by Google's OAuth system.
2.4 Market & Financial Data
Finylio displays stock market indices, IPO information, and financial news. This data is sourced from publicly available APIs and exchanges. We track which market data you view to personalize your dashboard, but this information is never shared externally.
3. How We Use Your Data
Every piece of data we collect serves a specific purpose. Here's a transparent breakdown:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account Management | Email, phone, OAuth ID | Contractual necessity |
| Service Delivery | Profile data, preferences | Contractual necessity |
| Personalization | Usage patterns, interests, location | Legitimate interest |
| Professional Matching | Location, category preferences | Contractual necessity |
| Communication | Email, push notification tokens | Consent / Legitimate interest |
| Analytics & Improvement | Anonymized usage data, crash logs | Legitimate interest |
| Security & Fraud Prevention | IP address, device fingerprint, login patterns | Legal obligation / Legitimate interest |
| Legal Compliance | As required by applicable law | Legal obligation |
What We Never Do
- We do not sell your personal information to data brokers or advertisers
- We do not use your financial interests for targeted advertising
- We do not read your private messages or personal posts without consent
- We do not share your contact details with professionals without your explicit action
4. When We Share Information
Your data is not a product we sell. We share information only in these specific circumstances:
4.1 With Your Consent
When you explicitly choose to share — for example, when you publish a post publicly or contact a professional through the app.
4.2 Professional Directory
If you register as a professional on Finylio, your business profile (name, qualifications, practice areas, office locations, and contact methods you choose to display) becomes visible to users searching for services. You control what appears on your public profile.
4.3 Service Providers
We work with trusted partners who help us operate Finylio. These providers are contractually obligated to protect your data and use it only for the services they provide to us:
- Cloud Infrastructure: Amazon Web Services (data hosting in India)
- Analytics: Firebase Analytics, Google Analytics (aggregated insights)
- Error Monitoring: Firebase Crashlytics (app stability)
- Push Notifications: Firebase Cloud Messaging
- Maps & Location: Google Places API
4.4 Legal Requirements
We may disclose information if required by law, subpoena, court order, or government request. In such cases, we will attempt to notify you unless legally prohibited from doing so.
4.5 Business Transfers
If Finylio is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before your data becomes subject to a different privacy policy.
5. Third-Party Services
Finylio integrates with several external services to provide functionality. Each has its own privacy practices:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Sign-In | Authentication | OAuth tokens, email, name, photo |
| Firebase Analytics | App usage insights | Anonymized events, device info |
| Firebase Crashlytics | Crash reporting | Device model, OS, crash traces |
| Firebase Cloud Messaging | Push notifications | Device token, notification content |
| Google Places API | Location search | Search queries, selected places |
| Amazon Web Services | Data hosting, media storage | All app data (encrypted) |
We encourage you to review the privacy policies of these services:
6. Storage & Security
6.1 Where We Store Your Data
Your data is primarily stored on secure servers located in India (Mumbai region) through Amazon Web Services. This ensures compliance with Indian data localization preferences and provides low-latency access for our users.
6.2 How We Protect Your Data
We implement industry-standard security measures:
- Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption
- Encryption at Rest: Sensitive data is encrypted using AES-256 encryption
- Access Controls: Strict role-based access ensures only authorized personnel can access user data. Authentication is required to access certain features of the app where user or professional personal information is displayed. This ensures that professional data is accessed only by legitimate users and in accordance with the consent provided by professionals.
- Secure Authentication: JWT tokens with expiration, OAuth 2.0 integration
- Regular Audits: We conduct periodic security assessments and vulnerability testing
- Media Protection: Uploaded images and videos are served through signed URLs with time-limited access
6.3 Data Retention
We believe in data minimization. Here's our retention approach:
Immediate Deletion Policy
When you delete your account, we remove your personal data immediately. There's no 30-day or 90-day waiting period. Your posts, profile, preferences, and associated media are permanently deleted from our active systems. Some anonymized, aggregated analytics data may be retained as it cannot be linked back to you.
- Active accounts: Data retained while your account is active
- Inactive accounts: We may reach out after 24 months of inactivity before archiving
- Deleted accounts: Immediate removal from active systems
- Backups: Deleted data may persist in encrypted backups for up to 30 days before being purged
- Legal holds: If required by law, specific data may be retained longer
7. Your Rights & Choices
You have significant control over your personal information. Here's what you can do:
7.1 Access Your Data
You can view most of your personal information directly in the app under your profile settings. For a complete data export, contact us at support@finylio.com.
7.2 Correct Inaccurate Information
Update your profile, contact details, and preferences anytime through the app settings.
7.3 Delete Your Data
You can delete your account from the app settings. As mentioned, deletion is immediate and permanent.
7.4 Withdraw Consent
For optional data collection (like location access), you can revoke permissions through your device settings at any time.
7.5 Opt-Out of Communications
- Push Notifications: Manage in app settings or device settings
- Email: Unsubscribe link at the bottom of our emails
- Marketing: We respect do-not-disturb preferences
7.6 Data Portability
Request a machine-readable copy of your data by emailing support@finylio.com. We'll provide it within 30 days.
How to Exercise Your Rights
For any privacy-related requests, email us at support@finylio.com with the subject line "Privacy Request".
We'll verify your identity and respond within 30 days. Complex requests may take up to 60 days, and we'll keep you informed.
8. For Professional Users
If you register as a professional (lawyer, chartered accountant, financial advisor, etc.) on Finylio, additional terms apply:
8.1 Professional Profile Visibility and Consent
Professionals who create a profile on Finylio explicitly consent to the display of their profile information (such as name, professional category, bio, location, qualifications, and contact details) only to registered and authenticated users of Finylio.
Finylio does not display professional contact information or personal details to unauthenticated (guest) users. Access to professional search and profile details requires user authentication to ensure privacy, consent enforcement, and appropriate use of professional information.
8.2 Visible Profile Information
The following information becomes visible to authenticated Finylio users:
- Your name and professional designation
- Category and areas of specialization
- Qualifications, certifications, and affiliations
- Practice locations and availability
- Consultation fees (if you choose to display them)
- Contact methods you explicitly enable
- Average rating and review count
8.3 Verification Data
To maintain platform integrity, we may request:
- Registration/license numbers (e.g., Bar Council ID, ICAI membership)
- Supporting documents for qualification verification
This information is used for verification purposes and displayed as a "Verified" badge where applicable.
8.4 Professional Content
Posts you create as a professional are attributed to your public profile and may appear in users' feeds. You retain intellectual property rights to your content, but grant Finylio a license to display and distribute it within the platform.
9. Children's Privacy
Finylio is designed for users aged 13 years and older. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at support@finylio.com. We will take steps to delete such information from our systems.
For users between 13-18, we encourage parental guidance when using financial and professional services features.
10. Policy Updates
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or business operations.
How We'll Notify You
- Minor changes: Updated "Last Modified" date at the top of this page
- Significant changes: In-app notification and/or email to registered users
- Material changes affecting your rights: Prominent notice with opt-out options where applicable
We encourage you to review this policy periodically. Your continued use of Finylio after changes are posted constitutes acceptance of the updated policy.
11. Grievance Redressal
In accordance with the Information Technology Act, 2000 and rules thereunder, we have designated a Grievance Officer to address your concerns regarding data privacy and processing.
Grievance Officer
Name: Finylio Privacy Team
Email: support@finylio.com
Address: Bandra Kurla Complex, Mumbai, India - 400051
Response Time: We acknowledge grievances within 48 hours and aim to resolve them within 30 days.
When submitting a grievance, please include:
- Your registered email or phone number
- A detailed description of your concern
- Any supporting information or screenshots
12. Contact Us
We're here to help with any questions about your privacy or this policy.
Questions About Your Privacy?
Our team is ready to help with any questions or concerns about how we handle your data.
support@finylio.com