Finzoro Privacy Policy and Disclaimers

Effective Date: May 1, 2025
Last Updated: May 1, 2025

Finzoro (“Finzoro,” “we,” “us,” or “our”) is a wholly-owned subsidiary of Stacknow, Inc. (“Stacknow”). Your privacy and trust empower us to build the future of AI-powered personal finance. This Policy is intended to comply with all applicable U.S. federal and state privacy and security laws and regulations, and aligns with industry best practices and Finimize’s approach to transparency.

1. Scope & Applicability

This Policy applies to all Finzoro services, including our website, mobile apps, email newsletters (Finzoro Mornings, Insights, Infographics), and any other related online or offline services where this Policy is referenced.

2. Definitions

Personal Data: Any information relating to an identified or identifiable individual.
Sensitive Personal Data: Data requiring extra protection (e.g., financial account credentials, Social Security numbers).
Nonpublic Personal Information: Under GLBA, personal data provided by a consumer to a financial institution, resulting from any transaction, or otherwise obtained.
Sale: Under CCPA/CPRA, sharing personal data for monetary or other valuable consideration.
Sharing: Sharing for cross-context behavioral advertising.
Biometric Information: Physiological or biological characteristics used for recognition (e.g., facial patterns, fingerprints).

3. Legal Basis for Processing

Where required (e.g., for EU/UK users under GDPR), we rely on the following legal bases:

• Consent: For optional marketing communications and cookies beyond strictly necessary.
• Contract Performance: To fulfill our obligations under Terms of Use (e.g., account management, sending newsletters).
• Legal Compliance: To comply with financial regulations (GLBA, state breach-notification laws).
• Legitimate Interests: To improve our services, prevent fraud, and ensure security, balanced against user rights.

4. Information We Collect

a. Information You Provide

• Account & Profile: Name, email, password, demographic data, financial preferences, account linkage details (via Plaid).
• Communications: Newsletter sign-ups, support requests, survey responses.

b. Automatically Collected Data

• Usage & Device Data: Pages visited, features used, session timestamps, IP address, device identifiers, browser/OS details.
• Cookies & Similar Tech: For authentication, personalization, analytics, and marketing.

5. How We Use Your Information

• Service Delivery & Enhancement: Power dashboards; send newsletters and insights.
• Security & Compliance: Prevent fraud; secure accounts; satisfy GLBA Safeguards Rule, FTC guidelines, and state laws.
• Communications: Product updates, policy changes, marketing (opt-out available).
• Research & Analytics: Aggregate trends to refine AI models and improve experience.

6. How We Share Your Information

a. With Stacknow & Affiliates:
Data is jointly controlled and shared within our corporate family under unified privacy protections.

b. Service Providers & Vendors:
We contractually bind analytics, hosting, email, and payment providers with confidentiality and audit rights.

c. Legal & Regulatory:
In response to subpoenas, court orders, or to protect rights, safety, and property.

d. Business Transfers:
In mergers or acquisitions, under comparable privacy safeguards.

7. Data Retention & Deletion

We keep data only as long as needed for original purposes, legal obligations, and agreement enforcement:

• Account Data: Account closure + 7 years
• Analytics Data: Up to 2 years
• Support Records: 3 years

Users can request deletion, which we complete within 45 days, subject to legal requirements.

8. Cookies & Tracking

We use cookies, web beacons, and local storage to:

• Remember preferences
• Analyze performance
• Personalize content and ads

Refer to our Cookie Policy (link) for a detailed table of cookie names, purposes, and expiration.

9. Do-Not-Track & Opt-Out

While we do not honor browser Do-Not-Track signals, users can manage cookie settings via our Privacy Center or browser preferences. Marketing email preferences can be updated in each email footer.

10. Vendor Management & Audit Rights

Under GLBA and FTC Safeguards, we:

• Vet all vendors handling nonpublic personal information.
• Include audit rights in vendor contracts.
• Conduct periodic compliance reviews.

11. Security & Breach Notification

Security Practices: TLS in transit, AES-256 at rest, role-based access, MFA, quarterly penetration tests, continuous monitoring.

Breach Notification: We notify affected users and regulators within 30–45 days, detailing compromised data and mitigation steps.

12. User Rights & Cross-State Requests

Under federal and state laws, users may exercise:

• Access & Portability
• Correction
• Deletion
• Opt-Out of Sale/Sharing (CA)
• Limit Sensitive Data Use (where applicable)

Requests are verified via our Authorized Submitter process; responses within 45 days (extendable once by 45 days).

13. Additional State Notices

• California (CCPA/CPRA): “Do Not Sell or Share My Info” link in footer.
• VA, CO, CT, UT, IN, IA: State-specific request procedures.
• NV: Email opt-out for certain sales.

14. Children’s Privacy & COPPA

Services are for users 18+. We do not knowingly collect from children under 13. Future teen services (13–17) will comply with COPPA, including parental consent.

15. Periodic Review & Amendments

We review annually—or as laws evolve—and communicate material updates by email or in-app notice 30 days prior.

16. Contact & Dispute Resolution

Email: finzoroai@gmail.com

Disputes under this Policy are governed by binding arbitration under the Federal Arbitration Act, venue in New York, NY, unless opted out in 30 days of first use.

17. Disclaimers

a. No Financial Advice: Content is informational only; not professional advice.
b. No Warranty; As-Is: Disclaims all express and implied warranties.
c. Limitation of Liability: Excludes indirect, incidental, or consequential damages.
d. Third-Party Links: No endorsement; not responsible for external content.
e. AI-Generated Insights: May be incomplete; verify independently.
f. No Endorsement of Securities: Past performance is not indicative of future results.
g. Updates: Continued use signifies acceptance of revised disclaimers.