Privacy Policy

Last updated: December 9, 2024

1. Introduction

Figu ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal financial information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal expense management application and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Account information (name, email address, phone number)
  • Financial data (expense records, income information, budget categories)
  • Transaction details (merchant names, amounts, dates, categories)
  • Bank account information (account numbers, routing numbers) - encrypted and tokenized
  • Payment method information (credit/debit card details) - processed through secure payment processors

2.2 Automatically Collected Information

  • Device information (device type, operating system, unique device identifiers)
  • Usage data (features used, time spent in app, user interactions)
  • Log information (IP address, access times, pages viewed)
  • Location data (with your explicit consent, for location-based expense categorization)

3. How We Use Your Information

We use your information for the following purposes:

  • Provide and maintain our expense management services
  • Process and categorize your financial transactions
  • Generate personalized insights and spending analytics
  • Send you important account notifications and updates
  • Improve our Service through usage analysis and user feedback
  • Detect and prevent fraudulent activities
  • Comply with legal obligations and regulatory requirements
  • Provide customer support and respond to your inquiries

4. Data Security and Protection

4.1 Security Measures

We implement industry-standard security measures to protect your financial data:

  • 256-bit SSL encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance
  • PCI DSS compliance for payment processing
  • Regular employee security training and background checks

4.2 Data Minimization

We collect only the minimum amount of data necessary to provide our services effectively. We regularly review and delete unnecessary data in accordance with our data retention policies.

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service:

  • Financial data aggregation services (with bank-level security)
  • Cloud hosting and storage providers
  • Payment processing companies
  • Customer support platforms
  • Analytics and performance monitoring services

All third-party providers are contractually bound to maintain the confidentiality and security of your information.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

6. Your Rights and Choices

6.1 Access and Control

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Object to certain types of processing

6.2 Data Deletion Requests

You have the right to request deletion of your personal data at any time. We provide multiple ways to submit data deletion requests:

How to Request Data Deletion:

  • Email: Send a request to contact@figu.app with "Data Deletion Request" in the subject line
  • In-App: Use the "Delete My Account" option in your account settings
  • Online Form: Submit a request through our Data Deletion Request Form

Processing Time: We will process your deletion request within 30 days of verification. You will receive confirmation once your data has been deleted.

What Gets Deleted: All personal information, financial data, transaction history, and account information will be permanently removed from our systems, except where retention is required by law.

6.3 Communication Preferences

You can opt out of non-essential communications at any time through your account settings or by contacting us at contact@figu.app.

7. Data Retention

We retain your personal information only as long as necessary to provide our services and comply with legal obligations. Financial transaction data is typically retained for seven years for tax and regulatory compliance purposes. You may request earlier deletion of your data, subject to legal and regulatory requirements.

8. International Data Transfers

Your information may be processed and stored in countries other than your own. We ensure that all international transfers comply with applicable data protection laws and implement appropriate safeguards, including Standard Contractual Clauses and adequacy decisions.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and sending you an email notification. Your continued use of our Service after such changes constitutes acceptance of the updated Privacy Policy.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Figu Privacy Team

Email: contact@figu.app

We are committed to resolving any privacy concerns promptly and will respond to your inquiry within 30 days.

12. Regulatory Compliance

This Privacy Policy is designed to comply with applicable data protection regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy laws. We regularly review and update our practices to ensure ongoing compliance.

13. Third-Party Platform Compliance

When using third-party services (such as Facebook, WhatsApp, or other social media platforms), we comply with their data policies and requirements:

  • We provide data deletion callbacks as required by platform policies
  • User data deletion requests are honored across all integrated platforms
  • We maintain audit logs of data deletion activities for compliance verification
  • Platform-specific data handling requirements are strictly followed