Privacy Policy

FINBURH (“the Company,” “we,” “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and protect information when you use the FINBURH platform (“Service”). This policy complies with the Korean Personal Information Protection Act (개인정보보호법, “PIPA”) and other applicable data protection regulations.

1. Information We Collect

We collect the following categories of personal information:

1.1 Information You Provide

• Account registration: email address, name, organization (optional)
• Profile information: display name, profile photo (optional)
• Payment information: processed by our payment partner; we do not store card numbers
• Support inquiries: email address, message content

1.2 Information Collected Automatically

• Usage data: pages visited, features used, timestamps
• Device information: browser type, operating system, screen resolution
• Network information: IP address, general geographic location
• Cookies and similar technologies (see Section 8)

1.3 Content You Create

Financial models, documents, deal data, assumptions, and other content you create within the Service are stored to provide the Service. This content is processed solely for the purpose of delivering the features you use.

2. How We Use Information

We use your personal information to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Process payments and manage subscriptions
• Send service-related communications (account verification, security alerts, billing updates)
• Provide customer support
• Ensure platform security and prevent fraud
• Comply with legal obligations
• Generate anonymized, aggregated analytics to improve the Service (no individual identification)

3. Legal Basis for Processing

We process your personal information based on:

• Consent: You consent to data processing when you create an account and accept these terms.
• Contract performance: Processing is necessary to provide the Service you have subscribed to.
• Legal obligation: We may process data to comply with applicable laws, including Korean tax and electronic commerce regulations.
• Legitimate interest: We process data for security, fraud prevention, and service improvement, balanced against your privacy rights.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

• Account data: retained until account deletion, plus 30 days for data recovery
• Deal content: retained until deleted by the User or 30 days after account closure
• Audit logs: retained for 5 years as required by financial services regulations
• Payment records: retained for 5 years as required by Korean tax law
• Support communications: retained for 3 years

After the retention period, data is securely deleted or anonymized.

5. Data Sharing & Third Parties

We do not sell your personal information. We may share limited information with the following categories of third parties:

• Payment processors: To process subscription payments (they receive only payment-related data).
• Infrastructure providers: To host and deliver the Service (bound by data processing agreements).
• Legal authorities: When required by law, court order, or to protect rights and safety.

All third-party service providers are bound by data processing agreements that require them to protect your information in accordance with this Privacy Policy and applicable law.

6. International Data Transfers

Your data may be processed in countries outside of the Republic of Korea for the purpose of providing the Service. When data is transferred internationally, we ensure that appropriate safeguards are in place, including data processing agreements that comply with Korean PIPA requirements for cross-border data transfers.

7. Your Rights

Under Korean PIPA and applicable data protection laws, you have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Withdrawal of consent: Withdraw your consent to data processing at any time.
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.

To exercise these rights, contact our Personal Information Protection Officer at the contact information below.

8. Cookies & Tracking Technologies

We use the following types of cookies:

• Essential cookies: Required for authentication and session management. Cannot be disabled.
• Analytics cookies: Used to understand how the Service is used and to improve features. Can be disabled in browser settings.

We do not use advertising or third-party tracking cookies. You can control cookie preferences through your browser settings.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal information, including:

• TLS 1.3 encryption for data in transit
• AES-256 encryption for data at rest
• Role-based access controls for internal staff
• Regular security assessments and vulnerability testing
• Incident response procedures and breach notification protocols

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we discover that we have collected information from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email or through a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.