Data Processing Agreement
Last updated: March 2026. Review the terms regarding how we process financial data securely on your behalf.
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person processed by Fintolly on behalf of the Customer. "Processing" means any operation or set of operations performed upon Personal Data.
2. Processing of Personal Data
Fintolly shall process Personal Data only in accordance with the Customer's documented instructions. Customer instructs Fintolly to process Personal Data to provide the Services and as otherwise necessary to fulfill Fintolly's obligations under the Terms of Service.
3. Sub-processors
Customer authorizes Fintolly to engage Sub-processors to process Personal Data. Fintolly will enter into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA.
4. Security Measures
Fintolly shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing.
5. Deletion of Data
Upon termination of the Services, or upon Customer's written request, Fintolly shall securely destroy or return all Personal Data to Customer, unless further storage of the Personal Data is required by applicable law. Bank statements processed without an account are deleted immediately after the session ends.
Security or Compliance Questions?
If you need a signed copy of this DPA or have detailed questions about our data centers, sub-processors, or compliance audits, please contact our security team at fintollyhq@gmail.com.