Privacy Policy

1. Introduction

Fintale Technologies Pvt. Ltd. ("Fintale", "we", "us", or "our") is a company incorporated under the laws of India, with its registered office in Vadodara, Gujarat. We operate the website fintale.io and related products and services.

This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website, use our products, interact with us via WhatsApp, or engage with our services. This policy is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

By accessing or using our services, you consent to the collection and use of your information as described in this policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

2. Information We Collect

2.1 Personal Information You Provide

When you interact with us through our website, contact forms, or communication channels, we may collect the following personal information:

• Name — to identify and address you in our communications
• Email address — to respond to inquiries, send service updates, and provide customer support
• Phone number — to contact you regarding services, demos, or support requests
• Company name — to understand your organizational context and tailor our services
• Login credentials — when you create an account on our portal (passwords are stored in encrypted form only)

2.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies and analytics tools:

• Device information — browser type, operating system, device type, and screen resolution
• Usage data — pages visited, time spent on pages, click patterns, and navigation paths
• IP address — used for approximate geographic location and security purposes
• Referral source — how you arrived at our website (search engine, direct link, etc.)

2.3 Google Analytics

We use Google Analytics (Measurement ID: AW-11398776618) to understand how visitors interact with our website. Google Analytics uses cookies to collect anonymized usage data including page views, session duration, bounce rates, and user demographics. This data helps us improve our website experience and marketing effectiveness.

Google Analytics may collect data such as your IP address, browser type, and pages visited. This information is processed in accordance with Google's Privacy Policy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

2.4 WhatsApp Communication

We use WhatsApp as a communication channel for customer support, demo scheduling, and service inquiries. When you contact us via WhatsApp, we may collect your phone number, name (as set on your WhatsApp profile), and the content of your messages. WhatsApp messages are end-to-end encrypted by WhatsApp. Our use of WhatsApp is subject to WhatsApp's Privacy Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery — to provide, operate, and maintain our products and services
• Communication — to respond to your inquiries, send service updates, and provide customer support via email, phone, or WhatsApp
• Account management — to create and manage your login portal account, authenticate users, and maintain security
• Analytics and improvement — to understand usage patterns, improve our website and products, and develop new features
• Marketing — to send relevant product updates and information about our services (with your consent, where required)
• Legal compliance — to comply with applicable laws, regulations, and legal processes
• Security — to detect, prevent, and address fraud, abuse, and technical issues

4. Legal Basis for Processing

Under the DPDP Act 2023 and the IT Act 2000, we process your personal data based on the following lawful grounds:

• Consent — you have given clear consent for us to process your personal data for specific purposes (e.g., submitting a contact form, creating an account)
• Legitimate use — processing is necessary for a legitimate purpose as defined under the DPDP Act, such as providing services you have requested
• Contractual necessity — processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legal obligation — processing is necessary for compliance with applicable Indian laws and regulations

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect analytics data. The types of cookies we use include:

• Essential cookies — required for the website to function properly, including session management and security features
• Analytics cookies — used by Google Analytics to collect anonymized data about how visitors use our website
• Functional cookies — remember your preferences and settings to provide a personalized experience

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your data in the following limited circumstances:

• Service providers — with trusted third-party vendors who assist us in operating our website and services (e.g., Google Analytics, hosting providers), subject to confidentiality agreements
• Legal requirements — when required by law, regulation, legal process, or governmental request under Indian law
• Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the business transaction
• Protection of rights — to protect the rights, property, or safety of Fintale, our users, or the public as required or permitted by law

7. Data Storage and Security

We implement reasonable security practices and procedures as mandated under the IT Act 2000 and the rules thereunder, including:

• Encryption of sensitive data in transit (TLS/SSL) and at rest
• Secure storage of login credentials using industry-standard hashing algorithms
• Role-based access controls (RBAC) to limit data access to authorized personnel only
• Regular security audits and vulnerability assessments
• Secure data backup and disaster recovery procedures

Your data is stored on servers located in India. We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

8. Your Rights Under Indian Law

Under the DPDP Act 2023 and applicable Indian regulations, you have the following rights as a Data Principal:

• Right to access — you have the right to obtain confirmation of whether we process your personal data and to access a summary of such data
• Right to correction and erasure — you have the right to request correction of inaccurate personal data and erasure of data that is no longer necessary for the purpose it was collected
• Right to grievance redressal — you have the right to lodge a complaint with our Grievance Officer or with the Data Protection Board of India
• Right to withdraw consent — where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal
• Right to nominate — you have the right to nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act

To exercise any of these rights, please contact us using the details provided in Section 12 below.

9. Login Portal and Account Data

When you create an account on our login portal, we collect your name, email address, and password. Your password is stored in an encrypted and hashed format and is never stored in plain text. We use your account information to:

• Authenticate your identity and provide access to our products
• Maintain session security and prevent unauthorized access
• Communicate service-related updates and notifications
• Provide customer support and troubleshooting

You are responsible for maintaining the confidentiality of your login credentials. Please notify us immediately if you suspect any unauthorized use of your account.

10. Third-Party Links

Our website may contain links to third-party websites, including WhatsApp, Google, LinkedIn, and other services. We are not responsible for the privacy practices or content of these external websites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically to stay informed about how we protect your data.

Continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Grievance Officer and Contact Information

In accordance with the IT Act 2000 and the DPDP Act 2023, we have appointed a Grievance Officer to address your concerns regarding data privacy and protection:

We will acknowledge your request within 48 hours and endeavour to resolve your grievance within 30 days of receipt, in compliance with applicable Indian law.

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act 2023.