Privacy Policy
Last Updated: April 6, 2025
This Privacy Policy explains how Finola (the “Company”) collects, uses, and safeguards personal information of Members to comply with applicable U.S. laws and regulations.
Types of Information Collected
During sign-up: Email address, password, name (or nickname), mobile phone number, etc.
During payment: Payment-related information (payment method, card issuer, transaction history, etc.)
Automatically generated information: IP address, cookies, access logs, device information, etc.
Additional information for events or promotions: Name, contact details, address, or other marketing-related data (subject to separate consent)
Methods of Collection
Information provided directly by the user during registration, payment, or inquiries
Automated collection via cookies or other technical tools during service usage
Information provided by partners, with the Member’s consent
Member Management: Confirming membership intent, verifying identity, maintaining and managing membership, preventing service misuse
Service Provision: Snack purchasing, blog/content creation, payment processing, customer support
Marketing and Advertising: Providing information about events and promotions, conducting surveys (subject to separate consent)
Statistical Analysis and Service Improvement: Analyzing usage patterns, enhancing service quality, developing new features
In principle, the Company will destroy personal information without delay once the purpose of its collection and use is fulfilled.
However, if certain information must be retained in compliance with applicable laws (e.g., U.S. tax codes, consumer protection laws), the Company will retain such information for the legally mandated period before destruction.
Destruction Procedures: After the purpose of use is achieved, personal information will be destroyed in accordance with internal policies and relevant regulations.
Destruction Methods
Electronic files are permanently deleted using technical methods that prevent recovery.
Paper documents are shredded or incinerated.
The Company does not provide personal information to external entities without the Member’s prior consent.
Exceptions include:
When required by law or a government request (e.g., subpoena)
When providing anonymized data for statistical, academic, or research purposes
Other cases permitted under applicable laws
The Company may delegate certain tasks involving personal information to third-party service providers to improve the Services. The Company will inform Members in advance in such cases.
Specific details such as the delegated tasks, the service provider, and the retention period will be disclosed in this Privacy Policy or a separate notice.
Members may request access, correction, deletion, or suspension of processing of their personal information at any time.
For minors under 14 (if applicable under relevant U.S. state laws), the legal guardian may request the same actions on behalf of the minor.
Members must promptly notify the Company of any changes to their personal information. The Company is not liable for any issues arising from outdated or incorrect information.
The Company does not knowingly collect personal information from children under the age of 13 (or 14, depending on state regulations) without verifiable parental consent.
If the Company must collect information from a child user, it will comply with the Children’s Online Privacy Protection Act (COPPA) and any other relevant laws.
The Company may use cookies to provide personalized services and to analyze usage statistics.
Members can refuse the storage of cookies through browser settings, but some features may be restricted as a result.
The Company may analyze Members’ usage records to provide targeted advertising or personalized content (behavioral advertising).
Members can opt out of behavioral information collection through relevant settings or preferences.
To protect personal information, the Company implements measures such as:
Encryption: Encrypting passwords and sensitive payment information
Security Measures: Using antivirus software, monitoring network traffic, and applying security patches
Access Control: Limiting access to personal information and establishing internal management policies
The Company provides regular training to employees on data protection and strictly limits the number of personnel who handle personal information.
The Company may provide links to external websites or resources. However, it is not responsible for the privacy practices or content of such linked sites.
When Members follow such links, they should review the privacy policies of the respective sites.
If the Company needs to collect additional personal information for specific events or promotions, it will clearly state the purpose, scope, and retention period, and obtain separate consent.
After the event or promotion ends, any additional information collected will be destroyed immediately unless retention is required by law.
The Company designates a Privacy Officer responsible for overseeing personal information protection, handling complaints, and addressing remedies regarding personal data.
Name: [Privacy Officer Name]
Department: [Department Name]
Contact: [Email / Phone Number]
Members can direct any inquiries or complaints regarding personal information to the Privacy Officer, and the Company will respond promptly and in good faith.
Members may seek assistance or file a complaint with the relevant institutions (e.g., the Federal Trade Commission) in cases of personal information infringement.
If the Company stores data on servers outside the U.S. or entrusts personal information processing to an overseas vendor, it will inform Members in advance, including details about the transfer’s destination, date, method, and recipient.
The Company complies with applicable U.S. laws and cross-border data transfer regulations.
The Company takes appropriate technical and organizational measures to protect personal information from loss, theft, leakage, alteration, or unauthorized access. Measures include access control, encryption, and periodic security checks.
If a data breach occurs that compromises personal information, the Company will promptly inform affected Members and take necessary steps to mitigate damage, as well as comply with any legal reporting requirements.
The Company may modify this Privacy Policy to reflect changes in laws, internal policies, or security technology.
In the event of significant changes, the Company will provide prior notice at least seven (7) days (or thirty (30) days for material changes) before the updated policy takes effect via the Services or by email.
The Company may maintain a dedicated department to handle complaints related to personal information.
Contact information for this department, including phone numbers and business hours, will be provided on the Company’s official website or within the app.
Members should keep their personal information accurate and up to date, ensuring it is not disclosed to third parties without authorization.
If a Member’s personal information is compromised or misused by an unauthorized party, they must immediately notify the Company. The Company will take swift action to minimize damage.
This Policy also applies to non-U.S. users to the extent it does not conflict with local laws. Where local laws provide additional protections or requirements, the Company will follow those laws.
Users may exercise their rights under local data protection regulations, and the Company will comply to the extent permitted by U.S. law.
This Privacy Policy takes effect on [Month/Day/Year].
Any previous version of this Privacy Policy is replaced by the current version.
If you have any questions or concerns about this Privacy Policy, please contact us at: info@finola.io