Privacy Policy


At Finary, the protection of your personal data is our priority.

Finary's primary goal is, and always has been, to put technology at the service of your assets, to allow you to reclaim your banking and investment data, to understand and control them, in order to optimize your strategy. investment, and give you access to ever more relevant assets.

Finary is required to collect some of your personal data in order to use it for a specific purpose to carry out this mission, and to provide you with the best of services.

And because we do care about the protection of your personal data, and master current personal data security issues, we comply with the latest expectations in terms of respect and protection of personal data, and do not sell, nor will we sell your personal data to third parties.

Your personal data belong to you, Finary adds value to it, but does not take away from it.

When you use the site (hereinafter the “Site”) and/or the Finary application (hereinafter the “Application”), we collect personal data about you.

Finary acts here as a data controller. Finary is a simplified joint-stock company, registered with the Bobigny RCS under number 892 357 724 and whose registered office is located at 95 avenue du Président Wilson 93100 Montreuil (hereinafter “We”).

We collect and protect the personal data of our customers in accordance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (ci -after the “GDPR”) applicable in France since May 25, 2018.

The purpose of this policy is to inform you of why we collect and protect your personal data, and how we protect it.

Capitalized terms that are not defined in this Privacy Policy have the meanings assigned to them in Finary's Terms of Service, accessible here.

This policy should be read in conjunction with our Cookie Policy accessible here.

  1. What type of information do we collect and hold ?

We only collect and use the personal data necessary for our business operations and the purposes listed below, which allows us in particular to provide you with personalized services according to your profile in the simplest possible and most appropriate way.

To do this, we collect the following personal data:

  • Identification data (including your surname, first name, email address, telephone number, your mobile identifier (AAID or IDFA));
  • Data relating to your assets (including your investments in shares, digital assets, real estate, and any other assets);
  • Connection data (including your IP address, logs, encrypted passwords);
  • **Economic and financial data **(including your account balances, your investment balances, your transaction details, your banking details, your bank card data);
  • Data for the purpose of verifying your identity (including a valid copy of an identity document, a selfie and any other related document as per current laws);
  • Data relating to your professional life (in particular your professional situation, socio-professional category, your salary, your financial investment litteracy).

Mandatory data is indicated when you provide us with your data. They are marked with an asterisk (*) and are necessary to provide you with our services.

  1. How do we get the information and why do we have it ?
Purpose of the processing Lawful basis Retention period
Provide you with our services (monitoring of your assets, financial independence simulation (predict), and optimisations) Performance of a contract Your data is kept for the lifetime of your account. In case of an inactive account for 2 years, your personal data will be deleted.

In addition, your data may be archived for evidentiary purposes for a period of 5 years.

Execute your order, carry out operations relating to customer management concerning contracts, orders, invoices, sponsorship programs and monitoring of the relationship with customers Performance of a contract Personal data is kept for the duration of the contractual relationship.

In addition, your data is archived for evidentiary purposes for a period of 5 years.

Regarding the data relating to your bank card, they are kept by our payment service providers until the termination of your subscription.

The data relating to your bank cards may be kept, for the purpose of proof in the event of any dispute over the transaction, in intermediate archives for a period of thirteen (13) months following the date of debit. This period may be extended to fifteen (15) months in order to take into account the possibility of using deferred debit payment cards.

Create a register of customers and prospects Our legitimate interest in developing our business activity For customers: the data is kept for the duration of the commercial relationship.

For prospects: the data is kept for a period of 3 years from your last contact.

Send newsletters, solicitations and promotional messages For customers: our legitimate interest in retaining and informing our customers of our latest news.

For prospects: your consent

The data is kept for 3 years from your last contact.
Develop internal statistics on how our users are using our services Our legitimate interest in improving our services Personal data are kept for 2 years since their collection
Deliver statistics on financial investment current trends, based on our user’s profiles. \ These trends are shared among our users, but no name nor identity are shared across our users. Our legitimate interest in providing you relevant statistics Personal data are kept for 2 years since their collection
Deliver personalized advertising Your consent The retention period varies depending on the advertising platform used, contact us at [email protected] for more details.
Respond to your requests for information and complaints (via our chat, or by email, or on social networks) Our legitimate interest in replying to your requests The data is kept for the time necessary to process your request for information and deleted once the request for information has been processed.
Fight against money laundering and terrorist financing, against fraud (in particular verifying your identity as part of our KYC obligations, taking into account international economic and financial sanctions, fiat transaction monitoring) as part of the investment service Compliance with a legal obligation For data relating to identity verification and assessment of an alert generated (full name, date of birth, address, proof of identity, source of funds, IBAN details, biometrical data (selfie) and any other relevant documents or information as stated by law…) The data are kept for 5 years from the closing of the investment account.

Retention of the alert qualified as relevant: the data is kept for 5 years from the closing of the reviewed file.

Crypto withdrawal to your own wallet Compliance with a legal obligation Your wallet address, any additional details that might be asked to confirmed your ownership of said wallet, as well as the legitimacy of said wallet, and the assessment of any potential alert linked to the wallet of the user behavior.

The data are kept for 5 years from the closing of the investment account.

Manage requests to exercise GDPR rights Compliance with a legal obligation Should we ask you for a proof of identity: we keep it only for the time necessary to verify your identity. Once verified, the ID is deleted.

If you exercise your right to oppose prospecting: we keep this information for 3 years.

  1. Who has access to your personal data ?

Will have access to your personal data:

1. Our staff ;
2. Our subcontractors: hosting provider, chat tool, platform analysis and administration provider, bug management provider, newsletter sending provider, our product launch provider, contests, our payment service providers, audience measurement provider, customer request management provider, identity document verification provider;
3. The service providers we use to deliver personalized advertising (Facebook Ads, Apple Search Ads, Google Ads, Snapchat, Tik Tok, Twitter and Reddit);
4. Our partners for bank account aggregation: Powens and Flanks in Europe and Plaid in the United States. The latter will process the data in accordance with their privacy policy. You can view Powens' privacy policy [here](, Flanks' privacy policy [here](, and Plaid's privacy policy [here](
5. Our banking partners (Fiat Republic [here](, and our digital asset service partners (Bitstamp [here]( provide you with our investment service. The latter will act as an independent data controller, and will apply their respective privacy policies;
6. Our compliance solution provider (Onfido [here]( provides you with our investment service. And will apply their respective privacy policies;
7. Your wealth advisors for the purpose of supporting you in your financial management when you have entered into a contract with them. The latter will act as an independent data controller and will apply their respective privacy policies;
8. Where applicable: public and private bodies, exclusively to meet our legal obligations.

In the context of sponsorship, sponsors are informed that their first and last names will be disclosed to the sponsored person in order to inform him of the identity of his sponsor. Sponsored persons are informed that their email addresses will be disclosed to the associated sponsor in a partially concealed manner, for the purpose of informing the sponsor of whether or not the sponsorship has been completed.

  1. Do we share your personal data outside the European Union ?

Your data is kept and stored for the duration of the processing on the servers of HEROKU and Digital Ocean, both located in the Netherlands.

As part of the tools we use (see article on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in this context is secured using the following tools:

  • either this data is transferred to a country that has been deemed to offer an adequate level of protection by a decision of the European Commission;
  • either we have entered into a specific contract with our subcontractors governing the transfer of your data outside the European Union, on the basis of standard contractual clauses approved by the European Commission;
  • or we have recourse to the appropriate guarantees provided for by the applicable regulations.
  1. Quels sont vos droits sur vos données ?

You have the following rights with regard to your personal data:

  • Right to information: this is precisely why we have written this policy. This right is provided for in Articles 13 and 14 of the GDPR.
  • Right of access: you have the right to access all of your personal data at any time, under Article 15 of the GDPR.
  • Right of rectification: you have the right to rectify at any time your inaccurate, incomplete or obsolete personal data in accordance with Article 16 of the GDPR
  • Right to restriction of processing: you have the right to obtain the limitation of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: you have the right to demand that your personal data be erased, and to prohibit any future collection for the reasons set out in Article 17 of the GDPR
  • Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable texts. (Article 77 GDPR)
  • Right to define directives relating to the storage, erasure and communication of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Act.
  • Right to withdraw your consent at any time: For purposes based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. This withdrawal will not call into question the legality of the processing carried out before the withdrawal.
  • Right to portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data that you have provided to us in a standard machine-readable format and to require their transfer to the recipient of your choice.
  • Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Note, however, that we may continue to process them despite this opposition, for legitimate reasons or the defense of legal claims.

You can exercise these rights by writing to us at the contact details below. We may ask you on this occasion to provide us with additional information or documents to prove your identity.

We have a maximum response time of one month from the date of receipt of the request. If the request made cannot be satisfied immediately, a dated acknowledgment of receipt will be given to you.

If the request is incomplete (absence of identity document for example), we are entitled to request additional information: the period is then suspended and runs again once these elements have been provided.

Access to these rights is free. In some cases, reasonable costs related to the processing of your file may be requested, for example in the event of a request for an additional copy, or in the event of a particularly complex request.

In accordance with the applicable regulations, you are entitled to lodge a complaint with the CNIL (National Commission for Computing and Liberties) in the event of an unsatisfactory resolution of your exercise of rights in France. You can access the complaint form by clicking here.

  1. Personal data requests point of contact

Contact email of our Data Protection Officer: [email protected]

Contact address: Finary SAS, 95 avenue du President Wilson, 93100 Montreuil

  1. Updates

We may update this policy at any time, in particular to comply with any regulatory, jurisprudential, editorial or technical developments. These modifications will apply on the effective date of the modified version. You are therefore invited to regularly consult the latest version of this policy. Nevertheless, we will keep you informed of any significant changes to this privacy policy.

Entry into force: 03/10/2023