Privacy Policy

Last updated: 07 Feb 2024

Fynbos ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy ("Policy") will inform you about how we collect, use, share, and protect your personal data when you use our online digital wallet services (collectively, the "Services").

This Policy also describes your data protection rights and how you can exercise them.

Please read this Policy carefully to understand our policies and practices regarding your personal data.

Personal Data We Collect

We collect and process the following categories of personal data from you when you use our Services:

  1. Full legal name

  2. Physical address

  3. Email address

  4. Mobile number

  5. Date of birth

  6. Biometric data

  7. Payment card details

  8. Bank account details

  9. Social media account details

  10. IP Address

  11. Approximate location

  12. Device and browser fingerprints

  13. How We Use Your Personal Data

We use your personal data for the following purposes:

  1. Register you as a user of our Services

  2. Contact you regarding your account or transactions

  3. Verify your legal identity to prevent fraud and comply with regulatory requirements, such as the Bank Secrecy Act and Patriot Act

  4. Comply with legal, regulatory, and contractual obligations

  5. Reduce the risk of, or prevent, fraudulent use of our Services

  6. Execute transactions with counterparties that need to verify your personal information

  7. No Sale of Personal Data

Fynbos will never sell your personal data or disclose it to a third-party unless required to do so to deliver the Services to you.

Sharing Your Personal Data

We share your personal data with the following external processors to assist us in providing our Services:

  1. Provenance Technologies Inc - for facilitating money transfers between users and across different financial institutions

  2. MX - for account aggregation, transaction data enrichment, and personal financial management tools

  3. Astra - for processing payment transactions and verifying payment card information

  4. Persona - for identity verification, fraud prevention, and compliance with regulatory requirements

  5. Grafana Cloud - for monitoring, analyzing, and visualizing data related to the performance of our Services

  6. Segment - for tracking user interactions and events to improve our Services

  7. Twilio - for communication purposes, including SMS and email notifications

These external processors are contractually obligated to process your personal data in accordance with applicable data protection laws and regulations.

Data Security

We have implemented appropriate technical and organizational measures to ensure the security of your personal data. These measures are designed to protect your personal data from unauthorized access, use, disclosure, alteration, and destruction.

Data Retention

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Your Rights

You have the right to:

  1. Access your personal data

  2. Request correction of any inaccurate personal data

  3. Request deletion of your personal data in certain circumstances

  4. Object to the processing of your personal data for direct marketing purposes

  5. Request restriction of processing your personal data in certain circumstances

  6. Data portability, allowing you to obtain and reuse your personal data for your own purposes

Rights for California Residents

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA):

  1. The right to know what personal information has been collected about you, the sources from which it was collected, and the purpose for collecting it.

  2. The right to know whether your personal information is sold or disclosed and to whom.

  3. The right to opt-out of the sale of your personal information.

  4. The right to non-discrimination for exercising your CCPA rights. This means we will not deny you services, charge you different prices or provide a different level or quality of services, based solely on the exercise of your CCPA rights.

To exercise any of these rights, please contact us using the contact details provided below. Please note that we may need to verify your identity before processing your request.

Rights for EU Residents (GDPR)

If you are a resident of the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  1. The right to be informed about the collection and use of your personal data.

  2. The right to access your personal data and supplementary information.

  3. The right to rectify any inaccurate or incomplete personal data.

  4. The right to have your personal data erased (the "right to be forgotten") under certain circumstances.

  5. The right to restrict the processing of your personal data under certain circumstances.

  6. The right to data portability, allowing you to obtain and reuse your personal data across different services.

  7. The right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests or the performance of a task in the public interest.

  8. The right to not be subject to a decision based solely on automated processing, including profiling, which has legal or similarly significant effects.

To exercise any of these rights, please contact us using the contact details provided below. Please note that we may need to verify your identity before processing your request.

Rights for Brazilian Residents (LGPD)

If you are a resident of Brazil, you have the following rights under the Brazilian General Data Protection Law (LGPD):

  1. The right to confirm the existence of the processing of your personal data.

  2. The right to access your personal data.

  3. The right to correct incomplete, inaccurate, or outdated personal data.

  4. The right to anonymize, block, or delete unnecessary or excessive personal data, or data that is not being processed in compliance with the LGPD.

  5. The right to the portability of your personal data to another service or product provider, by means of an express request.

  6. The right to delete your personal data processed with your consent, except in cases where the law requires or allows the data to be retained.

  7. The right to information about public and private entities with which we have shared your personal data.

  8. The right to refuse consent and to be informed of the consequences of such refusal.

  9. The right to revoke consent at any time.

To exercise any of these rights, please contact us using the contact details provided below. Please note that we may need to verify your identity before processing your request.

Changes to This Policy

We may update this Policy from time to time. We will notify you of any changes by posting the new Policy on our website. It is your responsibility to review this Policy periodically for any changes.

Contact Us

If you have any questions or concerns about this Policy or our data practices, please contact us at [email protected].

By using our Services, you agree to the terms of this Policy.