Finli Privacy and Security
Last Updated: October 11, 2019
At Finli, we take your privacy seriously and are committed to maintaining your trust.
Finli does not knowingly collect, either online or offline, personal information from persons under the age of thirteen without the consent of a parent or guardian. If you are under 18, you may use the Service only with the permission of a parent or guardian.
Mobile App Users
In order for you to create a Finli profile and use the Services, we need to collect and process information. Depending on your use of the Services, that may include: Your name, date of birth, email address, physical address, and information pertaining to financial transactions.
This data will not be publicly displayed or revealed to others:
Your username and password details
Your IP address
Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem)
We may give your personal information to third-party services. We do reserve the right to disclose personal information when we believe that doing so is reasonably necessary to comply with the law or law enforcement, to prevent fraud or abuse, or to protect Finli’s legal rights.
If your Finli profile is private to your friend network and viewable by people who have received a link to your Finli profile.
Here are some of the things that will be publicly viewable on your Finli profile:
Your account name
Any information you choose to add to your Finli profile and child profile ( birthdate, photos, activities, bio or favorites)
Outstanding bills and information of those bills (due date, merchant name, contributions collected)
We will use the personal information you provide to:
Identify you when you sign in to your account;
Enable us to provide you with the Services;
Administer your account with us;
Enable us to contact you regarding any question you make through the Services;
Analyze the use of the Services and the people visiting to improve our content and Services;
Use for other purposes that we may disclose to you when we request your information.
We take securing your data and preserving your privacy very seriously. We never post anything to your Facebook®, Twitter®, or other third-party accounts without your permission. We do not and will not sell your data.
Privacy Rights of California Residents
California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (the “Act”) and the California Business and Professions Code. As required by the Act, we will provide you with the categories of Personally Identifiable Information that we collect through the Website and the categories of third parties with whom such Personally Identifiable Information may be shared for direct marketing purposes at your request. California law requires us to inform you, at your request, (1) the categories of Personally Identifiable Information we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. The Act further requires us to allow you to control whom you do not want us to share that information with. To obtain this information, please send a request by email or standard mail to the address set out herein. When contacting us, please indicate your name, address, email address, and what Personally Identifiable Information you do not want us to share with affiliated businesses or marketing partners. The request should be labeled “California Customer Choice Notice.” Please allow 30 days for a response.
Enterprise Portal Users
For the security policies related End Users affiliated or not affiliated with Enterprise Users, please refer to the End User Security Policy.
The following terms shall have the meanings indicated below.
“End User” means any individual who interacts with the Services (the payee that the school invoices).
“Other Information” is any information that does not reveal your specific identity or does not directly relate to an individual, such as App usage data.
“Personal Information” is information that identifies you as an individual or relates to an identifiable person, such as name, postal address, telephone number, email address, credit card number, bank information, and social media account ID. It does not include strings of code such as browser cookie IDs.
“Enterprise User” is any business or entity that subscribes to (or otherwise accesses or uses) our enterprise portal service and any person acting on behalf of that business or entity.
Personal Information Categories
Personal Information we collect or obtain includes:
Contact Data such as name, address, phone number and email address
Personal Data such as name, date of birth and nationality of a real person
Financial Data such as account information, purchase information, and shipping and billing information
Usage information details such as statistics on usage and requests for service (e.g., customer requests, statistics, etc.)
How We Collect Information
Account creation - Personal Information and Contact Details are collected upon account creation. For Enterprise Users, Contact Data for the organization as well as Personal Data for the representatives of the enterprise.
Prior to and during a transaction - Financial Data is collected prior to a transaction being initiated as is required to both initiate and complete the transaction as well as to perform any required diligence required by law or outlined in our Service Agreement. This is always required prior to initiating the first transaction and Financial Data can be modified at any point. Financial Data is collected as part of any ensuing transaction.
As part of our marketing efforts - Contact and Personal Data may be collected as part of our marketing efforts consistent with the consumer’s choices where applicable. This may include through digital or physical contact forms, through social media, or through the End User or Enterprise User adding information about contributors or customers within the Service.
During interaction with our Services - For example, if you initiate a transaction through the Services, such as a purchase, we may collect information about you, such as your name, email, phone number, address, credit card information, as well as any other information you provide in order to process the transaction. This information may be shared with third parties for the same purposes. We encrypt Financial and Personal Data using industry-standard technology. We may also collect other Personal Information at the request of the Enterprise User you are transacting with or through. We may also store information that your computer or mobile device provides to us in connection with your use of the Services, such as IP address, operating system, device ID, and device type.
We may collect information about third parties, including your emergency contacts, and only use this information for the reason it was provided.
We and third-party service providers on our behalf may collect information about your location when you use or access the Services. The degree of precision of the location data varies depending on the source of such information. Those sources include data from your device through settings you activate or your IP address. We may collect and use this location-related data in order to provide you with services you have purchased or requested, deliver content or marketing content that is relevant to you based upon your location, protect against abuse or misuse of services or of your account, or improve our site and services.
You may disable the collection and use of your location data through your browser, phone settings, operating system, or device-level settings. Consent concerning location data may be withdrawn at any time by changing these settings.
Pulled from other sources - We may receive information about you from other sources, such as public databases, strategic and joint marketing partners, social media pages and platforms, people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties.
How Personal Information May Be Used
We may use your Personal Information for legitimate business purposes including:
Providing Services and related support such as to create, and administer accounts, to communicate administrative information, and to validate, fulfill, and record transactions. We will engage in these activities to manage our contractual relationship with you, with your consent, and/or to comply with a legal obligation.
Providing you with marketing and promotional materials and opportunities, and facilitate social sharing such as to send you marketing communications and offer other materials that we believe may be of interest to you, such as to send you newsletters or other direct communications, to share information with other marketers (and their service providers) to permit them to send you marketing communications, consistent with your choices, to allow you to participate in sweepstakes, contests, or similar promotions, and to facilitate social sharing functionality if you choose to do so. We will engage in this activity with your consent, to manage our contractual relationship with you, or where we have a legitimate interest.
The ability to report in order to better understand you and our other users, so that we can tune and personalize our offering. For trending and statistics, and to improve our products and services. We will engage in this activity because we have a legitimate interest in improving our service offering to you.
Accomplishing our legitimate business purposes such as for audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements, for fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft and for responding to legal duties, such as requests from public and government authorities. We will engage in these activities to comply with a legal obligation or because we have a legitimate interest.
To the extent that we process your Personal Information based on your consent, you may withdraw your consent at any time.
How Personal Information May Be Disclosed.
We may disclose your Personal Information to:
Strategic partners and third-party service providers who provide services such as website hosting, data analysis, payment processing services, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, auditing and other similar services.
Enterprise Users if you are an End User and are using our Services to interact with that Enterprise User. Please contact the Enterprise User you interact with directly for more information on that Enterprise User’s privacy practices.
Third parties to permit them (or their own customers) to send you marketing communications, consistent with your choices as well as third party sponsors of sweepstakes, contests and similar promotions, consistent with your choices.
You, through message boards, chat, profile pages and blogs and other services to which you are able to post information and materials, including as described in the sections below titled “Testimonials, Ratings and Reviews” and “Public Forum.”
Your friends associated with your social media account, to other website users and as well as to your social media account provider, in connection with your social sharing activity.
Business partners in the context of a corporate transaction. If Finli, Inc. is involved in a sale or business transaction (e.g., merger or acquisition), Finli, Inc. will retain a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring or target entity and its advisors.
Please note that we may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, then we may use it for all the purposes for which we use and disclose Personal Information. In some instances, we may combine Other Information with Personal Information. If we combine any Other Information with Personal Information, we will treat the combined information as Personal Information.
Notice to California Customers and Opt-Out Information
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternatively, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. If you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes offline, please follow the instructions in Section 8 below.
How to access, correct, delete or exercise other rights regarding your Personal Information
Where applicable law allows for such a request, if you would like to request to access, correct, object to the use, restrict or delete Personal Information that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact Finli at with the subject line “Data Subject Request.” We will respond to your request consistent with applicable law.
For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable. Moreover, where you are an End User, we may need to forward your request and refer you to your Enterprise User who may be better placed to address your request.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion). We may retain residual information, such as records to document that your request has been fulfilled.
If you are under 18 years of age and a user of the Services, you may also be entitled to ask us to remove content or information that you have posted to the Service by submitting a request to email@example.com. Please note that your request does not ensure complete or comprehensive removal of the content or information if doing so infringes on the rights of another user.
If you are a customer of one of our Enterprise Users and would no longer like to be contacted by one of our Enterprise Users, or would like to request the exercise of a right as set out above in relation to Personal Information held by an Enterprise Users, please contact the Enterprise User directly.
Your choices regarding our use and disclosure of information
Information you provide may be used by us for marketing purposes such as one-off promotional emailing, mobile text messages, direct mail, and sales contacts. We give you many choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from receiving marketing-related electronic communication from us If you have provided your information to us, and opt-out, we will put in place processes to honor your request. This may entail keeping some information for the purpose of remembering that you have opted-out.
You may also opt-out from our sharing of your Personal Information with unaffiliated third parties for their (or their customers’) direct marketing purposes: If you would prefer that we do not share your Personal Information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by emailing from the email that you have signed up or used in receiving the Services. We will try to comply with your request(s) as soon as reasonably practicable.
Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages.
Our mobile applications may also send push notifications to your mobile device. If you have previously consented to receive push notifications and no longer wish to receive them, you can also turn push notifications off at the device level. The applications may also request access to your device’s calendar application, storage, Bluetooth, camera, and microphone. If you have previously allowed access to your device’s calendar and no longer wish to allow access, you may edit the application settings at the device level.
Tracking and Advertising
Social Media Features and Widgets
Testimonials, Ratings and Reviews
If you submit testimonials, ratings or reviews to the Services, any Personal Information you include may be displayed in the Service. If you want your testimonial removed, please contact us at firstname.lastname@example.org.
We also partner with third-party service providers to collect and display ratings and review content on our web site.
Third-Party Payment Processor
Links To Other Websites
Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including any Personal Information you disclose to other organizations through or in connection with our Services, including our social media pages.
We will retain your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you and provide our Services to you (for example, for as long as you have an account with us or keep using our Services);
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Security of Your Information
The security of Personal Information is a high priority at Finli. We seek to use reasonable technical, administrative and physical safeguards to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have any questions about the security of your interaction with us please refer to our Security Policy
Our Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using our Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
We ask that you not send us, and you not disclose any sensitive Personal Information (e.g. information related to racial or ethnic origin, political opinions, religion or other beliefs, biometrics or genetic characteristics, trade union membership or criminal background) on or through our Services or otherwise to us, except where explicitly requested or consented to.
ATTN: Legal Department
453 S. Spring Street
Los Angeles, CA 90013
Security at Finli
At Finli, we take the security of our customers seriously and our approach to security is meant to protect both enterprises and individual’s information safe.
All information maintained on our servers has encryption provided by our mobile platform. End-User passwords are not stored by us and storage and authentication are also provided by Firebase. More on Firebase’s security and privacy can be found here: https://firebase.google.com/support/privacy
Customers linking their bank account information do so through Plaid’s encrypted service. More on Plaid’s security and privacy can be found here: https://plaid.com/security/
The most sensitive information maintained by Finli, which includes customer’s Plaid access token, enterprise funding and billing account numbers, has a second layer of encryption maintained by Finli. When an ACH transaction takes place, the user’s bank account information, which includes the account number and routing number, are also encrypted by us.
All transmitted data is performed using https transfer protocol.
Given the highly sensitive nature of our work, Finli employees act in accordance with the security policies designed to keep customer data safe.
Any questions or comments regarding our security are welcome and can be sent to email@example.com.