Privacy Policy

1. Introduction

Fin Pods AI Inc ("Fin Pods AI", "we", "us", "our") is committed to protecting the privacy and security of the data entrusted to us. This Privacy Policy explains how we collect, use, process, and safeguard information in connection with our services. This policy is designed to help our Clients (Registered Investment Advisors and other financial professionals) understand our data practices and to assist them in meeting their own compliance obligations.

2. Definitions

• Client: The advisory firm or financial professional who subscribes to our services.
• End-Client: An individual client of the advisory firm whose information is processed through our service.
• Personal Information: Information that identifies, relates to, or could reasonably be linked with a particular individual or household. This primarily refers to the information contained within the documents uploaded by End-Clients.
• Services: The secure file sharing, data extraction, and workflow automation tools provided by Fin Pods AI.

3. Information We Process

We act as a Data Processor on behalf of our Clients, who are the Data Controllers.

• Information Provided by our Clients (Advisory Firms): We collect limited information necessary to manage our business relationship, including advisor names, email addresses, business contact information, and payment information.
• Information Provided by End-Clients: Through a secure portal branded for the Client, End-Clients may upload documents containing sensitive Personal Information, such as names, addresses, Social Security Numbers (SSNs), account numbers, financial holdings, and income data.

4. How We Use Information

The information processed through our Services is used exclusively to provide, maintain, and improve the Services for our Clients as directed by them. This includes:

• To securely receive and process documents uploaded by End-Clients.
• To perform automated tasks such as intelligent file renaming and structured data extraction.
• To securely deliver the processed files and/or extracted data to the Client's designated document store or make it available within our platform, per the Client's chosen configuration.
• To provide customer support and troubleshoot technical issues, subject to the access controls defined in Section 6.
• To help us improve the service, we may collect and analyze aggregated, non-personally identifiable data regarding the use of our Services. This includes information such as feature usage, user workflow patterns, and system performance metrics. This data is used for internal purposes only and does not contain any Personal Information from End-Client documents.

We will never sell, rent, or lease Personal Information. We will never use End-Client Personal Information for marketing or advertising purposes.

5. Data Retention and Deletion

Our data retention policy is determined by our Client's configuration choice:

• Transfer & Delete: When configured to transfer files to a Client's third-party storage (e.g., OneDrive, Box), we do not retain any copy of the files or the extracted data on our servers after the transfer is successfully completed.
• Zero-Trust Storage: When configured for Zero-Trust storage, files are retained in an encrypted state on our servers. These files are encrypted with a key known only to the Client. We cannot decrypt or access this data. Data is retained for the duration of the Client's subscription and will be securely deleted upon termination of the service agreement.

6. Access to Information

Our architecture is designed to prevent Fin Pods AI personnel from accessing Personal Information.

• All data is encrypted at rest and in transit.
• In the "Zero Trust" model, personnel lack the cryptographic keys to view Client data.
• In rare cases where a Client requests technical support for a failed document parse, we may request temporary, explicit, and logged permission to access a specific document solely for the purpose of remediation. This "break-glass" procedure is an exception controlled entirely by the Client. With your permission during this process, we may create a redacted copy of the provided document, from which all Personal Information has been removed. This redacted, anonymized data may be retained solely to help us improve the service's accuracy and performance. Once the remediation is complete, our access to the original document is revoked.

7. Security Measures

We implement and maintain robust administrative, technical, and physical security measures to protect the confidentiality, integrity, and availability of all data processed. These measures include:

• Bank Grade Encryption: AES-256 encryption for data at rest and TLS 1.2+ for data in transit.
• Cloud Security: Services are hosted on Amazon Web Services (AWS), leveraging their world-class security infrastructure.
• Access Controls: We enforce the principle of least privilege for all personnel and systems.
• Authentication: Client access to our platform is protected with Two-Factor Authentication (2FA) and optional Single Sign-On (SSO).

8. Use of Artificial Intelligence (AI)

We use proprietary AI and machine learning models to perform specific tasks integral to our Services, such as document recognition, data extraction, and file organization. End-Client data is used to process their own documents but is not used to train general AI models shared across our customer base without strict redaction controls. Our AI processes are subject to the same strict security and confidentiality controls as all other parts of our service.

9. Disclosure of Information

We will not disclose Personal Information to third parties except in the limited circumstances described below:

• To Comply with Legal Obligations: We may disclose information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena.
• To Enforce Our Rights and Prevent Harm: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
• With Your Consent: We may disclose your Personal Information for any other purpose with your consent.

10. Third-Party Integrations

Should a Client choose to integrate the Services with a third-party application, we may share information on the Client's behalf and at their direction to enable that connection. We are not responsible for the data privacy and security practices of such third-party services, and we encourage Clients to review their privacy policies before enabling an integration.

11. Third-Party Websites and Links

Our Services may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify our Clients of any material changes by email or through our platform.

13. International Data Transfers

Our services are hosted in the United States. If you access the Services from other jurisdictions, please be advised that you are transferring your Personal Information to us in the United States, and by using our Services, you consent to that transfer and our use of your Personal Information in accordance with this Privacy Policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy and applicable data protection laws.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at: