Privacy Policy for Fini

Effective Date: September 16, 2024

Fini ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy outlines the types of information we collect from users, how we use it, and the measures we take to ensure your data's security. By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

• Email: Collected during registration for account creation and authentication.
• Name: Collected if users choose to be listed in the weekly leaderboard in the League mechanism.

2. How We Collect Information

• Email: Requested during user registration.
• Name: Voluntarily provided by users who wish to be listed in the leaderboard.

3. Purpose of Data Collection

• Email: Used to create and manage your account.
• Name: Used to display users in the League if they choose to participate.
• Anonymous Course Progressions: Used to marketing purposes.

4. Third-Party Data Sharing

We do not share your personal data with any third-party services, except for Firebase Authentication, which we use to manage accounts securely. For more on Firebase's privacy practices, please refer to Firebase’s Privacy Policy.

5. User Rights

• Access and Correction: You have the right to access and correct your personal information at any time.
• Account Deletion: You can delete your account and associated data at any time by going to Me > Privacy > Delete My Account. This will permanently remove your data from our system.

6. Data Security

We take data security seriously and implement the following measures:

• Firebase Security:
  • Authentication: Securely manage user login and account data using Firebase Authentication.
  • Database Access Control: Advanced security rules ensure only authorized users can access specific data.
  • Encryption: All data is encrypted in transit and at rest using industry-standard encryption methods.
  • App Verification: Implement Firebase App Check to verify that only genuine versions of our app can access Firebase services.
• iOS and SwiftUI Security:
  • Data Privacy: Only necessary permissions are requested, with transparency on how data is used.
  • Secure Storage: Sensitive data such as tokens and credentials are securely stored using Apple’s Keychain.
  • Secure Connections: Utilize App Transport Security (ATS) to ensure all data transferred is encrypted using HTTPS.
  • Biometric Authentication: Support for biometric security (Face ID, Touch ID) for added protection.
• General Security Measures:
  • Regular Security Audits: Routine security audits are performed to maintain the highest level of protection.

7. International Data Transfer

We do not transfer user data outside of your country. However, our authentication provider, Firebase, may process data internationally. For more information, see Firebase’s Privacy Policy.

8. Age Restrictions

Fini is intended for users aged 13 and older.

9. Policy Updates

We may update this policy from time to time. You will be notified via app alerts when any changes occur.

10. Compliance with International Privacy Laws

• Canadian Privacy Statutes: Fini complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Personal Information Protection Act (Alberta), Personal Information Protection Act (British Columbia), and the Act Respecting the Protection of Personal Information in the Private Sector (Quebec Private Sector Act).
• United States Privacy Laws: We adhere to applicable U.S. privacy regulations, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
• Mexican Privacy Laws: Fini complies with applicable data privacy laws referred to as Mexican Privacy Laws.
• United Kingdom GDPR (UK GDPR): We ensure compliance with the UK GDPR, protecting personal data in the UK.
• India - Digital Personal Data Protection Act (DPDP): Fini acknowledges DPDP, ensuring transparency and security in handling personal information.
• People’s Republic of China (PRC): Our data protection practices comply with PIPL, CSL, and DSL.
• Brazil - LGPD Compliance: Fini ensures compliance with the Lei Geral de Proteção de Dados (LGPD).
• Turkey - KVKK Compliance: Fini complies with the Law on the Protection of Personal Data (KVKK).
• Global Privacy Regulations and GDPR: We ensure compliance with GDPR for users in the European Union and beyond.
• Australia - Australian Privacy Principles (APPs): We align with the APPs under the Privacy Act 1988 (Australia).
• New Federal Act on Data Protection (nFADP) : We align with the New Federal Act on Data Protection (nFADP) (Switzerland).