Privacy Policy

Any grievance pertaining to Information Technology, privacy policy, Data collection and Data Security, and any query related to the Grievance Redressal Policy can be addressed to: [email protected]

This Privacy Policy & Storage Guidelines document explains THINKING HAT TECHNOLOGY (hereinafter called “Fintastics” which expression shall also include affiliated entities, subsidiaries, our authorized representatives or agents and its affiliates) Privacy Policy & Storage Guidelines for data pertaining to Users of Fintastics’s Website or Fintastics App.

Fintastics.ai :

This website www.fintastics.ai (“Website”) is owned and operated by Thinking Hat Technologies (“THT” which expression shall mean and include its affiliates, successors and permitted assigns), operating under the brand name Fintastics. Fintastics provides services to the Users through the Website and other related links and is committed to protecting and respecting the privacy of its Users.

Fintastics: Budget Planner

Fintastics App is owned and operated by ‘Thinking Hat Technology’ operating under the brand name Fintastics. Fintastics provides services to the Users through the App published on the Google Play Store and is committed to protecting and respecting the privacy of its Users.

In the course of using Website or App or availing the products and services, Fintastics may become privy to the personal information of its Users, including information that is of a sensitive/confidential nature. Fintastics is strongly committed to protecting the privacy of all stakeholders and all stakeholder data, and has necessary and reasonable measures in place to protect the confidentiality of all such information. By using the Website or App Users are accepting the practices described here as part of the Privacy Policy and Storage Guidelines.

This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your information by Thinking Hat Technology and/or its subsidiary(ies) and/or affiliate(s) (collectively referred to as the Firm), which operates the website (“Site”), mobile applications (fintastics App or App) and other services including but not limited to delivery of spend analytics based on SMS, Bill Splitting, and related content via the site and application, any mobile or internet connected device or otherwise (collectively the “fintastics App” or “Fintastics App Services”). This Privacy Policy forms part and parcel of the Terms of Use of the fintastics App.

DATA COLLECTION/SUPPLIED BY USERS:

The information about the User as collected by the app falls under (a) information supplied by users and (b) information automatically tracked while using a mobile device having FINTASTICS App Services enabled (collectively referred to as “information” or “Information”).

To avail certain services on the FINTASTICS App, users are required to provide some personally identifiable information for the registration process which may include a) your name, b) email address, c) phone number, d) access to your phone’s SMS inbox records d) debit card, credit card, bank details, e) KYC details f) PAN g) residential address etc., h) financial plans i) insurance policy and any other such information as required. The Information as supplied by the users enables us to improve FINTASTICS App Services and provide the most user-friendly experience. All required information is service dependent and the Firm may use the above said user Information to maintain, protect, and improve the FINTASTICS App Services and for developing new services.

FINTASTICS App takes limited access (usually one-time or as provided by the User) to services like Camera, and Microphone, for specific use cases in the app like uploading of bills, on-boarding or KYC requirements. Such access is only taken with the explicit consent of the User, and the specific use of the data is clearly communicated to the User. Location data taken for on-boarding or KYC is taken for limited period, however the User may explicitly provide Location data for longer periods for specific use cases like Expense Tracking and categorization, which is explicitly communicated to the User.

Any reviews, comments, messages, blogs posted/uploaded/conveyed/communicated by users on the public sections of the Site or an Application Store (like the App Store or Play Store) becomes published content and is not considered personally identifiable information subject to this Privacy Policy.

In case the User chooses to decline to submit personally identifiable information on the FINTASTICS App/Site, FINTASTICS may not be able to provide certain services on the App/Site to the User. FINTASTICS will make reasonable efforts to notify the User of the same at the appropriate time. In any case, FINTASTICS will not be liable and or responsible for the denial of certain services to the User or lack of providing the necessary personal information.

(b)Information tracked with consent and information automatically tracked while using app:

SMS Inbox Information: The FINTASTICS App also collects partial payment data and other information arising out of transactions made from cards, banks or while using other services through SMSes, after obtaining the User’s specific consent to allow the App to access the User’s SMS inbox. The FINTASTICS App accesses business messages that originate from alphanumeric senders. No personal SMSes or OTPs are backed up. Any SMSes reported by users are also used to train our Spam filter algorithm. Users can automatically delete OTPs with a setting to delete OTPs older than 24 hrs in the app.

The collection of such information is only limited to the extent that such data is available in the relevant messages. FINTASTICS may also record the identity of the product or service and the price or fee paid or payable in respect thereof.

Demographic and Related Information: We may reference other sources of demographic and other information in order to provide Users you with more targeted communications and promotions. We use Google Analytics, among others, to track user behaviour on our website.

Google Analytics specifically has been enabled to support display advertising to help us gain an understanding of our users’ Demographics and Interests. The reports are anonymous and cannot be associated with any individual personally identifiable information that you may have shared with us. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings options provided by Google.

By using the platforms of the Firm and/or by providing the above information to FINTASTICS, the user consents to the collection, sharing, disclosure and usage of the information by the Firm in accordance with this Privacy policy, other than for specific information that is collected and used based on user’s explicit consent as outlined in this privacy policy.

FINTASTICS Stakeholders including Employees, Contractors and Suppliers may also provide personal information through various channels including but not limited to documentation, communication, electronic communication, contracts, agreements, and use of FINTASTICS products and Services. This policy is applicable to all such information collected by FINTASTICS.

Access to personal information is strictly restricted and shared in accordance with certain specific internal procedures and safeguards that govern access. Certain features of the App may be available for use without any need to provide details. Other features of the App may require Users to provide details including but not limited to the User’s name, address, mobile number, email address, PAN No., employment & income details.

Fintastics App collects and stores phone numbers to enable account verification and secure user authentication during the sign-up and login process.

FINTASTICS never will sell or rent personal information of its Users and stakeholders to anyone, at any time, for any reason. FINTASTICS may use the User’s personal information in the following ways, viz:

Monitor, improve and administer the Website and improve the quality of services;

Analyse how the Website or App is used, diagnose service or technical problems, maintain security;

Remember information to help the User effectively access the Website or App;

Monitor aggregate metrics such as total number of views, visitors, traffic and demographic patterns;

To confirm the User’s identity in order to determine its eligibility to use the Website or App and avail of the services;

To notify the User about changes to the Website or App;

To enable FINTASTICS to comply with its legal and regulatory obligations;

To help the User apply for certain products and services.

For the purpose of sending administrative notices, service related alerts and other similar communication with a view to optimising the efficiency of the Website or App.

Doing market research, troubleshooting, protection against error, project planning, fraud and other criminal activity.

To reinforce FINTASTICS’s Terms of Use.

For establishing Identification and to fulfill other KYC requirements before beginning the account based transaction

To provide users with the right kind of products and services

To fulfill our internal checks and other risk parameters of Firm.

To safeguard the interest of the Business and to ensure compliance with laws including credit reporting.

To maintain effective communication on the service availed by the Customer including but not limited to the transaction information, updates/changes to the product, assistance for the Customers etc.

For marketing purpose, especially to promote the services of the Firm and to notify about the new product/service offerings for the Customer. We may also use the user’s phone number, email address or other personally identifiable information to send commercial or marketing messages without the user’s consent [with an option to subscribe/unsubscribe (where feasible)]. We may, however, use the user’s email address and phone number without further consent for non-marketing or administrative purposes (such as notifying you of major changes, for customer service purposes, providing information about updates to FINTASTICS App Services, billing, etc.).

We may contact the Users from time to time about updation of personal information to provide such features that we believe may benefit/interest the users.

FINTASTICS also present information related to user spends, patterns and user data tracked by the Firm only in the form of aggregated statistics on data such as user spends by category, date, time, bank balances, etc. within our app/site or to our partners.

No personally identifiable data of an individual user such as name, phone number, email address, spends data, card details etc. would be shared with any other User and/or third party – unless explicitly approved by the concerned individual user in order to avail of certain services unless as required to fulfil FINTASTICS’s legal and regulatory obligations.

FINTASTICS pledges that it shall not sell or rent Users’ or stakeholders’ personal information to anyone. FINTASTICS will protect every bit of the Users’ business or personal information and maintain the confidentiality of the same. With this seal of trust, FINTASTICS makes its services available to the Users for assessment and analysis that include spend analysis, money management, credit and behaviour scoring, market and product analysis.

FINTASTICS may share your personal information with its group companies in relation to offering of products and services to the User, or for the purposes of the engagement with its stakeholders. Otherwise, FINTASTICS guarantees that it is going to keep all information confidential except in the following cases:

FINTASTICS may disclose Users’ information to governmental and other statutory bodies who have appropriate authorisation to access the same for any specific legal purposes.

FINTASTICS may disclose Users’ information if it is under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the Terms of Use (displayed on the Website), or to protect the rights, property or safety of FINTASTICS, its Users or others. This includes exchanging information with other companies / agencies that work for fraud prevention and credit reference.

FINTASTICS may disclose Users’ information to its agents under a strict code of confidentiality, where such sharing is required or permitted as per statutory or regulatory requirements.

FINTASTICS may disclose Users’ information to such third parties to whom it transfers its rights and duties under the customer agreement entered into with the Users, where such sharing is required or permitted as per statutory or regulatory requirements. In such an event, the said third parties’ use of the information will be subject to such confidentiality obligations as contained in this Policy.

FINTASTICS may disclose Users’ information to any member of its related or group companies including its subsidiaries, its ultimate holding Firm and its subsidiaries, as the case may be.

In the event that FINTASTICS sells or buys any business or assets, it may disclose the Users’ information to the prospective seller or buyer of such business or assets. User, email and visitor information is generally one of the transferred business assets in these types of transactions. FINTASTICS may also transfer or assign such information in the course of corporate divestitures, mergers or dissolution.

FINTASTICS shall ensure that in case of disclosure of whole or part of the User’s information to a service provider or agent, within or outside India, the same shall be bound by obligations of confidentiality at least as strict as FINTASTICS’s obligations under this Privacy Policy and the information shall be accorded the same level of protection as provided by FINTASTICS under the terms of this Privacy Policy. FINTASTICS may store the User’s information in locations outside the direct control of FINTASTICS (for instance, on servers or databases co-located with hosting providers).

FINTASTICS takes the security of its User’s and Stakeholders’ information very seriously. FINTASTICS protects the User’s information at rest and in flight using bank-level data security: atleast 128 bit-encryption and Transport Layer Security (SSL where applicable) This creates an encrypted connection between the User’s browser or App and FINTASTICS’s servers. All information remains encrypted at all times. If the User allows FINTASTICS to see its banking information online rather than in paper form, it is on a read-only basis. FINTASTICS does not have access to change, edit, or modify bank account information in any manner whatsoever. FINTASTICS employees cannot view the User’s banking username and passwords, and the same is securely stored in separate encrypted areas with its financial services providers. All information gathered and provided to FINTASTICS on the Website and FINTASTICS App is encrypted and securely stored within the controlled databases on its secure servers within India. Access to the servers is password-protected and is strictly limited.

If enabled from the app, we take a backup of User’s data on the FINTASTICS App on our Cloud database. This is done for the purpose of enabling users to get their data back in case their phone’s data becomes unusable, if the phone is lost, or the user moves to a new phone device.

We also use this backup to provide useful insights and information related to the spends such as weekly spends in a month, insights related to spend behavior, etc., and to provide information related to user spends, patterns and user data in the form of aggregated and anonymized statistics on data such as user spends by category, date, time, bank balances, etc.

FINTASTICS does not collect or store any biometric data in our systems or servers, and all limited and specific use of biometric data in any FINTASTICS product is as per regulations and extant statutory guidelines only.

FINTASTICS uses commercially reasonable safeguards to preserve the integrity and security of the Users’ information against loss, theft, unauthorized access, disclosure, reproduction, use or amendment.

The information that is collected from the Users may be transferred to, and stored at, a destination inside India. By submitting information on the Website, the Users agree to this transfer, storing and/ or processing. FINTASTICS will take such steps as it considers reasonably necessary to ensure that the Users’ information is treated securely and in accordance with the Policy.

In using the Website or App, the Users accept the inherent security implications of data transmission over the internet. Therefore, the use of the App or Website will be at the own risk of the users.

FINTASTICS assumes no liability for any disclosure of information due to errors in transmission, unauthorized third party access or other acts of third parties, or acts or omissions beyond its reasonable control and the User agrees not to hold FINTASTICS responsible for any breach of security unless such breach has been caused as a direct result of gross negligence or willful default by FINTASTICS.

In the event FINTASTICS becomes aware of any breach of the security of the Users’ information, it will promptly notify the users and take appropriate action to the best of its ability to remedy such a breach.

FINTASTICS collects certain information from the User’s browser using small data files called “cookies.” FINTASTICS uses session ID cookies to confirm that customers are logged in. This type of cookie helps FINTASTICS recognize a customer if he or she visits multiple pages on the Website during the same session, so that separate passwords are not required to access each page. These cookies terminate once the customer closes the browser. By default, FINTASTICS uses a persistent cookie that stores customer login ID (but not password) to make it easier for the customer to login when returning to the Website. FINTASTICS encodes its cookies so that only FINTASTICS can interpret the information stored in them. The User may remove or block this cookie using the User’s browser settings to disable the feature.

FINTASTICS also stores transaction history. FINTASTICS may collect additional information in ways not specifically described herein. For example, FINTASTICS may track information related to interactions with customer service or responses from surveys or other feedback tools. FINTASTICS uses this information to continually improve the service provided to the customers.

FINTASTICS’s Privacy Policy does not cover the use of cookies by its partners and affiliates. FINTASTICS does not have access or control over these cookies. FINTASTICS’s partners and affiliates may use session ID cookies to provide a custom user experience and to track the success of FINTASTICS’s partnership with them.

The web pages of the Website contain electronic images known as “web beacons” (sometimes called single-pixel gifs) and are used along with cookies to compile aggregated statistics to analyse how the Website is used. Web beacons may also be used in some of FINTASTICS’s emails to so as to know which emails and links recipients have opened, allowing it to gauge the effectiveness of its customer communications and marketing campaigns.

If the User wishes to introduce FINTASTICS or FINTASTICS App to any other person/entity, the User will be asked to provide such person/entity’s name and email address or any other contact details. FINTASTICS will automatically send such person/entity an email or invite in any other form inviting the other entity to visit the Website or App or other FINTASTICS Product offering as applicable. FINTASTICS stores this information for the purpose of sending this invite and keeping a record of the number of persons/entities so referred by the Users. FINTASTICS may send additional emails or information to the said person/entity in connection with services offered by FINTASTICS. Such person/entity may contact FINTASTICS at [email protected] to request that this information be removed from FINTASTICS’s database.

The Website includes links to other websites whose privacy practices may differ from those of FINTASTICS. The inclusion of a link does not imply any endorsement by FINTASTICS of the third party website, the website’s provider, or the information on the third party website. If the Users submit personal information to any of those websites, such information is governed by the privacy policies of such third party websites and FINTASTICS disclaims all responsibility or liability with respect to these policies or the websites. The Users are encouraged to carefully read the privacy policy of any website that they visit.

The Website includes Social Media Features, such as the Facebook “Like” button and Widgets, Instagram, Linkedin, X [formerly twitter] Share button or interactive mini-programs that run on the Website. These features may collect the Users’ IP address, which page the Users are visiting on the Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Website. The Users’ interactions with these features are governed by the privacy policy of the Firm providing it.

When Users use the Website or FINTASTICS App, we make efforts in good faith to provide Users, as and when requested by Users, with access to their respective personal information, and shall further ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate business purposes.

We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required.

In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after Users delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.

To opt out of email correspondence from FINTASTICS or make a change to (or delete) the User information stored in FINTASTICS’s records, Users may write to us and FINTASTICS will respond to the User’s request within 30 days.

User information will be retained for as long as the User account is active or as needed to provide services to the User, and FINTASTICS may retain User information for a longer period unless specifically requested by the user to delete the information as detailed below. This also enables returning users to take advantage of backup of data and restore features where applicable.

If the User wishes to cancel its account or requests that FINTASTICS no longer uses its information to provide services, the User may contact FINTASTICS at [email protected]. FINTASTICS will retain and use User information as necessary to comply with its legal obligations, resolve disputes, and enforce its agreements or for other business purposes.

Specific requirements as per Prevention of Money Laundering Amendment Act, 2002 (Prevention of Money laundering Act, 2002 – Obligations of NBFCs in terms of Rules notified thereunder dated November 13, 2009, the NBFC should maintain for at least ten years the following:

Transaction between the NBFC and the client, all necessary records of transactions, so as to provide, evidence for prosecution of persons involved in criminal activity.

Records pertaining to the identification of the customers and their address obtained while opening the account and during the course of business relationship.

All complex, unusual large transactions and all unusual patterns of transactions including STR, which have no apparent economic or visible lawful purpose. Such records and related documents should be made available to help auditors to scrutinize the transactions and also to Reserve Bank/other relevant authorities.

Adherence to obligations under Rule 3 of the Prevention of Money Laundering (Maintenance of Records)Rules, 2005 – amended from time to time.

In the event FINTASTICS, the same will be updated on the app. In case of any material changes to the Policy, the Users will be notified by email (sent to the email address specified in the User’s account) or by means of a notice on this app prior to the change becoming effective. The Users are encouraged to periodically review this page for the latest information on its privacy practices.

This Policy shall be governed by and construed in accordance with the laws of the Republic of India and subject to the provisions of arbitration set out herein, the courts at Chennai shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Policy.

If any dispute arises between FINTASTICS and the User in connection with or arising out of the validity, interpretation, implementation or alleged breach of any provision of the Policy, such dispute shall be referred to and finally resolved by arbitration in accordance with the Arbitration and Conciliation Act, 1996 and Rules framed therein, for the time being in force, which rules are deemed to be incorporated by reference in this clause.

There shall be one (1) arbitrator and the seat of the arbitration shall be Chennai, India. The language of the arbitration proceedings and of all written decisions and correspondence relating to the arbitration shall be English.

The Ministry of Electronics and Information Technology (MeitY) operates as the nodal agency for information technology in India.

FINTASTICS makes no representation that the content contained on the Website is appropriate or to be used or accessed outside of the Republic of India. If the Users use or access the Website from outside the Republic of India, they do so at their own risk and are responsible for compliance with the laws of such jurisdiction.

FINTASTICS has made every effort to ensure that this Policy adheres with the applicable laws from time to time. The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy.

The rights and remedies available under this Policy may be exercised as often as necessary and are cumulative and not exclusive of rights or remedies provided by law. It may be waived only in writing. Delay in exercising or non-exercise of any such right or remedy does not constitute a waiver of that right or remedy, or any other right or remedy.

In the event of User having any grievance relating to the App, the User may contact our Grievance Department at: [email protected]