Privacy policy

Privacy policy

Last updated: 03.12.2025

1. Introduction

Finchecker (“Finchecker”, “we”, “our”, “us”) provides AML, KYC, Transaction Monitoring, and related compliance services through the Finchecker Dashboard (“Service”).
We are committed to protecting the privacy and security of personal data processed through our platform.

This Privacy Policy explains how we collect, use, store, share, and protect personal data of authorized users and customer data processed through the Service.

2. Data Controller / Data Processor Roles

Finchecker acts as:

2.1. Data Controller

For personal data related to:

  • User accounts and credentials
  • Access logs and security logs
  • Analytics and usage data
  • Communication with support
  • Billing and account administration

2.2. Data Processor

For data processed on behalf of clients and per their documented instructions, including:

  • Transaction metadata
  • Screening data (e.g., names, identifiers, metadata)
  • Documents and customer files provided by the client
  • Risk scoring results, alerts, case-management data

Finchecker does not determine the purpose or scope of client-provided data.
Clients remain data controllers for all customer data they upload or generate through the Service.

3. Categories of Personal Data We Process

3.1. User Account Data

  • Name
  • Email
  • Organization
  • Role / permissions
  • Authentication data (hashed passwords)

3.2. Usage and Technical Data

  • IP address
  • Browser and device information
  • Login timestamps
  • Internal system logs (audit logs, rule execution logs)
  • Activity logs within the dashboard

3.3. Client-Provided Data (Processed as Processor)

Depending on configuration, this may include:

  • Screening subjects: names, aliases, identifiers
  • Transaction metadata (no raw PAN is ever stored; PAN is tokenized before processing)
  • Customer data required for AML/KYC or Transaction Monitoring
  • Documentation or attachments uploaded by the client

3.4. Communication Data

  • Support inquiries
  • Emails to support or account managers
  • Feedback messages

3.5. Anonymized / Aggregated Data

We may create aggregated or anonymized datasets for internal analytics, product improvement, and system optimization.
These datasets cannot be used to identify individuals.

4. How We Collect Personal Data

We collect data through:

  • Account creation and onboarding
  • Dashboard usage and API calls
  • Logs generated by system activity
  • Communication with support
  • Client-provided datasets for AML/KYC/TM processing

We do not collect data from third parties without client authorization.

5. Purposes and Legal Bases of Processing

5.1. To Provide and Maintain the Service (Contractual Necessity)

  • Account management
  • Authentication and access provisioning
  • Rule processing and alert generation
  • Data storage and screening workflows

5.2. Security and Compliance (Legitimate Interest / Legal Obligation)

  • Monitoring for unauthorized access
  • Maintaining audit trails
  • Detecting fraud, abuse, or security threats
  • Compliance with AML/CTF and data protection laws

5.3. Support and Communication (Legitimate Interest)

  • Responding to support tickets
  • Providing technical and operational assistance

5.4. Product Improvement (Legitimate Interest)

  • Feature optimization
  • Understanding usage patterns
  • Load balancing and performance analytics

We do not use client data for marketing or profiling unrelated to the Service.

6. Data Retention

6.1. User Accounts

Stored for the duration of the contract or until deletion is requested by the client.

6.2. Logs and Audit Data

Retained for operational security for a period defined by internal policy
(e.g., 90–365 days, depending on the log type), then deleted or anonymized.

6.3. Client-Processed Data

Retained according to contract, configuration, or client instructions.
Finchecker deletes or anonymizes data upon client request unless legal obligations require retention.

7. Data Sharing and Subprocessors

We do not sell personal data.

We may share data only with vetted third-party service providers necessary for operating the Service, such as:

  • Cloud hosting providers (AWS, DigitalOcean)
  • Database and backup infrastructure
  • Secure email delivery services
  • Monitoring and logging tools

All subprocessors operate under strict Data Processing Agreements (DPAs).
A current list can be provided upon request.

Data is never shared with marketing or advertising providers.

8. International Data Transfers

If data is transferred outside the EEA or your jurisdiction, we rely on legally valid mechanisms such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Additional technical and organizational safeguards

9. Security Measures

We apply industry-standard security controls, including:

  • Encrypted data storage and encrypted transit (TLS 1.2+)
  • Role-based access control
  • Multi-layer VPN security for administrative access
  • Tokenization of PANs; raw PAN is never stored
  • Regular vulnerability scanning and penetration tests
  • Logging and monitoring to detect anomalies

Security is built following privacy-by-design and least privilege principles.

10. Users’ Rights

Depending on your jurisdiction (e.g., GDPR), users may have the right to:

  • Access personal data
  • Request correction
  • Request deletion (where applicable)
  • Restrict processing
  • Object to processing
  • Request data portability

Withdraw consent (where consent is used)

Requests can be submitted via:
info@finchecker.eu or support@finchecker.eu

We may require verification to confirm identity before fulfilling requests.

11. Data Breach Notification

If a personal-data breach occurs that poses a risk to individuals:

  • We notify the client without undue delay
  • We cooperate with regulatory reporting requirements
  • We provide all relevant information about mitigation measures

Clients are responsible for notifying their own end-users (if applicable).

12. Children’s Data

The Service is not intended for individuals under 18.
We do not knowingly collect children’s personal data.

13. Changes to This Privacy Policy

We may update this Policy to reflect changes in:

  • Legal requirements
  • Service features
  • Security practices

We will notify clients of significant updates.

14. Contact Information

Finchecker SIA
Zemitāna ielā 9, Riga
Reg num: 40203196572
Email: info@finchecker.eu