Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how Finoment LLC (USA) (collectively, “FinTEM,” “we,” “us,” or “our”) collect, use, and protect the information processed through our technical orchestration platform.

• 1.1. Data Processor Status: In the context of transaction processing, FinTEM acts as a Data Processor on behalf of the Merchant (the Data Controller).
• 1.2. Scope: This policy applies to all data transmitted via our APIs, dashboard, and integration tools from Merchants and their respective End-Users.

2. Information We Collect

To facilitate technical orchestration, we process the following categories of data:

• 2.1. Merchant Data: Corporate identity, authorized representative contact details, API credentials, and billing information.
• 2.2. Transactional Metadata: Transaction ID, amount, currency, timestamp, and IP address.
• 2.3. End-User Data (PII): Name, email address, and billing address as provided by the Merchant’s CRM/System to facilitate the payment request.
• 2.4. Non-Sensitive Financial Data: We may process the last four digits of the card number and card type (BIN) for routing and reporting purposes. FinTEM does not store full Primary Account Numbers (PAN) or CVV codes.

3. How We Use Information

We process information strictly for the following purposes:

• 3.1. Orchestration & Routing: To transmit transaction data to the Merchant’s selected Financial Partners (PSPs/Banks).
• 3.2. Real-Time Reporting: To provide the Merchant with a unified view of their transaction performance across multiple regions (e.g., CIS, Africa).
• 3.3. Fraud Prevention: To analyze transactional patterns and identify potential security threats or unauthorized activities.
• 3.4. Technical Support: To troubleshoot API issues and ensure system uptime (SLA compliance).

4. Data Sharing and Third-Party Transfers

• 4.1. Financial Partners: Data is shared exclusively with the licensed Financial Partners (PSPs/Banks) explicitly selected and contracted by the Merchant.
• 4.2. Regulatory Compliance: We may disclose information if required by law, court order, or formal request from a competent regulatory or law enforcement authority.
• 4.3. No Sale of Data: FinTEM never sells, rents, or trades Merchant or End-User data to third-party marketing entities.

5. Data Security and PCI-DSS

• 5.1. Encryption: All data transmitted via FinTEM APIs is encrypted using industry-standard Transport Layer Security (TLS 1.2+).
• 5.2. PCI Scope Reduction: By utilizing secure Hosted Payment Pages (HPP) and Server-to-Server (S2S) encryption provided by our partners, FinTEM ensures that full cardholder data remains outside our internal storage environment, significantly reducing the Merchant’s PCI-DSS audit scope.
• 5.3. Infrastructure: Our systems are hosted on Amazon Web Services (AWS), leveraging global security best practices and multi-region redundancy.

6. Data Retention and Deletion

• 6.1. Retention Period: We retain transactional metadata for as long as necessary to provide reporting services to the Merchant or to comply with statutory legal requirements (typically 5 to 10 years depending on the jurisdiction).
• 6.2. Deletion Requests: Merchants may request the deletion of their corporate data upon contract termination, subject to mandatory regulatory data retention laws.

7. International Data Transfers

Given our global presence, data may be processed in the United States, Turkey, or other regions where our cloud infrastructure resides. We utilize Standard Contractual Clauses (SCCs) to ensure that data transferred across borders receives an adequate level of protection.

8. Your Rights (GDPR)

Depending on the user’s location, they may have rights to:

• Access their personal data.
• Rectify inaccurate information.
• Object to certain types of processing.
• Request data portability.

9. Contact Information

For any privacy-related inquiries or to exercise your data rights, please contact our Data Protection Officer (DPO) at: Email: info@fintem.com Subject: Data Privacy Inquiry