finqt Logo

Privacy Policy

Effective Date: March 11, 2026 Last Updated: April 10, 2026 Authoritative Language: English. Any translation is provided for convenience only. If a translated version conflicts with the English version, the English version controls.

1. Scope and Who We Are

This Privacy Policy explains how Finqt LLC-FZ ("Finqt", "we", "us", or "our"), established in Meydan Free Zone, Dubai, United Arab Emirates, collects, uses, discloses, stores, transfers, and otherwise processes personal data when you use the finqt mobile application and the related services we operate for that application, including account, alerting, AI, content, subscription, and support functions (collectively, the "Services").

For the purposes of applicable privacy law, Finqt is generally the controller of the personal data described in this Privacy Policy unless we expressly state otherwise for a specific feature or partner flow.

Depending on where you live, local law may give you specific privacy rights. We describe important rights and regional disclosures below.

2. Categories of Personal Data We Process

We process different categories of personal data depending on how you use the Services.

2.1 Account and identity data

This may include:

  • email address
  • display name, username, and account identifiers
  • password hash and authentication state for email-password accounts
  • Apple or Google sign-in identifiers and associated basic profile data provided by those providers
  • avatar or profile image you upload
  • verification, reset, recovery, and account-status records

2.2 Profile, onboarding, and preference data

This may include:

  • language and localization preferences
  • onboarding selections such as experience level, goals, risk preferences, asset interests, and similar product-preference signals
  • notification preferences, quiet hours, and consent choices
  • app-level settings and feature toggles connected to your account

2.3 User-created content

This may include:

  • watchlists, favorites, bookmarks, alerts, and related notes
  • trading notes, journal entries, rules, tags, mood records, and uploaded mood images
  • support requests, feature requests, abuse reports, survey responses, and similar submissions

2.4 AI and conversation data

If you use AI features, we may process:

  • prompts, chat messages, titles, and conversation metadata
  • attached images, including chart screenshots or similar files submitted for analysis
  • symbols, tickers, contextual selections, or settings included in an AI request
  • message counts, token usage, credits consumed, moderation data, and operational records needed to deliver and secure AI functionality

2.5 Subscription, purchase, and entitlement data

This may include:

  • subscription tier (Free, Pro, or Pro+), billing cycle (monthly or annual), platform, status, expiration, trial status, and renewal state
  • product identifiers, transaction identifiers, original transaction identifiers, restore records, and environment data supplied by the relevant storefront
  • subscription credit balances (base credits allocated monthly by tier), purchased credit balances (top-up credits acquired through one-time credit packages), credit resets, deductions, reversals, refunds, revocations, quota data, and entitlement assignments
  • credit consumption records, including the type of AI feature used (text message or image analysis) and the number of credits deducted per request
  • refund-request, dispute, chargeback-risk, and abuse-review records where reasonably necessary to investigate billing misuse, fraud, or repeated refund attempts after digital entitlements were delivered or consumed

We do not receive or store your full payment-card number for App Store purchases.

2.6 Device, session, and security data

This may include:

  • IP address and approximate network-derived location
  • device name, device model, operating-system version, app version, and technical identifiers needed to secure sessions or route notifications
  • session identifiers, login history, active-session records, and revoked-session records
  • audit trails, security logs, anti-fraud signals, abuse-prevention data, and report-resolution records

2.7 Notification and communication data

This may include:

  • push-notification tokens and related routing identifiers
  • live-activity or similar notification-delivery tokens where supported
  • in-app notification state, read status, and preference settings
  • email-delivery records and support correspondence

2.8 Diagnostic and usage data

Depending on the product surface, configuration, and consent state, this may include:

  • product interaction data
  • crash data
  • performance data and reliability metrics
  • server logs and debugging context

The iOS app may request Apple's App Tracking Transparency permission before enabling advertising attribution or more relevant sponsored content where available. Any such processing depends on your permission status, applicable consent choices, and the disclosures then presented in the app and on the relevant storefront.

2.9 Media and device-permission data

If you choose to use certain features, we may process:

  • photos, screenshots, or other images you voluntarily upload
  • data needed to honor camera, photo-library, notification, or similar permissions
  • locally cached copies or derived artifacts necessary to complete the requested feature

2.10 Data that remains primarily on your device

Some security or convenience functions are designed to remain primarily on your device. For example, biometric matching is performed by your device operating system, and certain secure credentials may be stored in platform secure storage or keychain rather than in our plain-text systems. We may still store a setting flag indicating whether a feature is enabled.

2.11 Data from third parties

We may receive personal data from:

  • Apple, Google, or other authentication and platform providers
  • app-store verification and billing systems
  • market-data providers and public-market sources needed to support quotes, charts, or context
  • other users or administrators when they report abuse, fraud, or policy issues involving your account

2.12 Data we generally do not seek to collect

The Services are not designed to require your full payment-card number, national-ID number, passport number, health records, biometric templates, or precise geolocation in the ordinary course. You should not submit highly sensitive data through free-text notes, support messages, or AI prompts unless it is strictly necessary and you are legally authorized to do so.

If you nevertheless provide sensitive data through a feature that is not designed for it, we may process that data only to the extent technically unavoidable to deliver the feature you used, secure the Services, or resolve the issue you raised.

3. Sources of Personal Data

We collect personal data from several sources:

  • directly from you when you create an account, edit a profile, submit content, contact support, or use features
  • automatically from your device and app interactions when you access the Services
  • from platform and identity providers such as Apple or Google when you choose those sign-in methods
  • from billing and verification providers when you purchase, restore, renew, or refund a product
  • from service providers and partners that help us run security, infrastructure, AI, market-data, and notification functions

4. How We Use Personal Data

We use personal data to:

  • create, authenticate, maintain, and secure accounts
  • provide watchlists, alerts, bookmarks, notes, moods, and sync features
  • deliver market data, news, educational content, and personalization
  • generate AI responses, image-analysis results, summaries, and other outputs you request
  • provide subscriptions, credits, quota checks, entitlement management, restore flows, and support for billing-related investigations
  • send notifications, transactional emails, security alerts, and system updates
  • detect abuse, fraud, suspicious activity, policy violations, and operational problems
  • monitor performance, troubleshoot incidents, and improve reliability and product quality
  • comply with legal obligations and respond to lawful requests
  • protect our rights, the Services, our users, and the public

We may also aggregate or de-identify information for analytics, operational reporting, product planning, and similar internal purposes where permitted by law.

5. Legal Bases for Processing

Where applicable law requires a legal basis, we rely on one or more of the following:

  • Contract: to provide the Services you requested, manage your account, verify purchases, deliver AI outputs, and perform related obligations.
  • Legitimate interests: to secure the Services, prevent abuse, maintain reliability, understand product usage, investigate problems, and operate our business responsibly.
  • Consent: where required, including for certain optional analytics, diagnostics, communications, or other processing that depends on prior permission.
  • Legal obligation: to comply with laws, accounting rules, tax obligations, lawful governmental requests, sanctions restrictions, or recordkeeping requirements.
  • Legal claims or vital interests: where necessary to establish, exercise, or defend legal claims, investigate misconduct, or protect users and the public.

The legal basis may differ depending on the feature and jurisdiction.

6. How We Share Personal Data

We do not share personal data except as reasonably necessary for the purposes described in this Policy.

6.1 Service providers and processors

We may share data with service providers that help us operate the Services, such as providers involved in:

  • hosting, storage, backups, networking, and content delivery
  • logging, observability, diagnostics, and incident response
  • notifications, email delivery, and support tooling
  • image processing, file upload, and security tooling
  • AI inference or related model-processing services
  • analytics or crash-reporting services, where enabled and permitted

6.2 Named third-party categories reflected in the Services

Based on visible integrations in our codebase and infrastructure, these categories may include:

  • Apple, for App Store billing, purchase verification, restore flows, Sign in with Apple, push notifications, and platform services
  • Google, including Google sign-in services and Google Gemini or related AI processing used to generate requested outputs
  • market-data and public-market sources used to power quotes, charts, and market context, including providers or services such as TwelveData and certain exchange-connected data sources

Some providers may receive technical request data such as IP address, device metadata, or request headers directly from your device or our servers as part of delivering the requested feature.

6.3 Legal, safety, and corporate event disclosures

We may disclose personal data:

  • to comply with law, regulation, subpoena, court order, or lawful governmental request
  • to investigate fraud, abuse, security incidents, or Terms violations
  • to protect our rights, systems, users, or the public
  • in connection with a merger, financing, acquisition, restructuring, sale of assets, or similar corporate event

6.4 Advertising and "sale" or "sharing" disclosures

We do not sell personal data for money in the ordinary sense.

If we use data for advertising attribution, more relevant sponsored content, or similar activities that are treated as a "sale," "sharing," or targeted advertising under applicable law, we will provide the notices, permissions, and controls required by law and platform rules.

6.5 Internal access, professional advisers, and need-to-know handling

Within Finqt, access to personal data is limited to personnel, contractors, and advisers who reasonably need the data for product operations, support, security, finance, legal, compliance, or incident response. Such access is subject to role-based controls, confidentiality obligations, and operational need.

We may also disclose relevant records to auditors, legal counsel, insurers, and professional advisers where reasonably necessary to obtain advice, investigate incidents, defend claims, complete diligence, or comply with legal and regulatory requirements.

7. AI Processing Disclosures

If you use AI features, your prompts, messages, and uploaded images may be transmitted to third-party AI providers selected by us to generate the requested output.

We use AI-related data to:

  • generate the response or analysis you requested
  • manage conversation state and history
  • enforce quotas, credit deductions, and abuse controls
  • investigate support issues and harmful-output reports

You should not submit highly sensitive personal data, payment-card numbers, government IDs, health information, or confidential third-party information to AI features unless you are legally authorized to do so and the feature specifically requires it.

8. Cookies, Local Storage, Device Identifiers, and Tracking

The Services may use web cookies on web surfaces and equivalent app technologies such as secure tokens, keychain entries, local storage, caches, push tokens, consent records, and device identifiers.

We use these technologies to:

  • keep you signed in
  • remember preferences and consent choices
  • secure sessions and detect abuse
  • support notifications, restores, and core app functionality
  • measure performance and product reliability where enabled

For more detail, see our Cookie & Tracking Policy.

9. International Transfers

We operate from the United Arab Emirates and may process or store personal data in the UAE and other countries where we or our service providers operate. Those countries may not provide the same level of protection as your home jurisdiction.

Where required, we use contractual, technical, and organizational safeguards intended to protect transferred personal data, taking into account the nature of the data and the risks involved.

10. Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, meet legal obligations, resolve disputes, maintain security, enforce agreements, and preserve business records.

Retention depends on the data category and context. In general:

  • account and profile data are retained while your account remains active and for a reasonable period afterward to handle deletion requests, disputes, fraud prevention, legal obligations, and backup cycles
  • session, security, and audit data may be retained longer where necessary for abuse prevention, account-integrity investigations, and legal compliance
  • subscription, refund, chargeback, and transaction-related records may be retained as long as reasonably necessary for accounting, fraud, tax, and legal obligations
  • AI conversation and message records may be retained while the conversation remains available to you and for operational, support, moderation, or legal purposes thereafter, subject to deletion workflows and retention needs
  • backups and cached copies may persist until overwritten according to our retention cycles

Deletion requests do not always result in immediate deletion from every active system, log index, or backup snapshot. Where permitted by law, we may retain limited records needed to:

  • demonstrate compliance with legal obligations
  • detect and prevent fraud, abuse, chargebacks, and security incidents
  • resolve billing disputes, platform disputes, or legal claims
  • maintain suppression lists so a deleted account is not inadvertently recreated or re-contacted inappropriately

When retention is no longer reasonably necessary, we delete, anonymize, aggregate, or otherwise de-identify the relevant data where practical.

If you request account deletion, we may deactivate your account, revoke sessions, and then retain limited records where necessary for security, legal, contractual, tax, fraud-prevention, or technical reasons.

11. Security

We use administrative, technical, and organizational measures designed to protect personal data, such as access controls, encryption in transit, secure storage practices, logging, monitoring, abuse-prevention controls, and least-privilege principles.

No method of transmission or storage is completely secure. We cannot guarantee absolute security.

You are also responsible for using strong credentials, protecting your devices, and notifying us if you believe your account has been compromised.

12. Automated Processing and Profiling

We may use automated systems for fraud detection, security review, spam or abuse filtering, quota enforcement, relevance ordering, and similar operational tasks.

As of the effective date of this Policy, we do not describe the Services as relying on solely automated decision-making that produces legal or similarly significant effects on you without meaningful human oversight.

13. Children's Privacy

The Services are not directed to children under 13, and we do not knowingly seek to collect personal data from children under 13. If we learn that we have collected personal data from a child under 13, we will take appropriate steps to delete or disable that data subject to applicable law.

If you believe a child under 13 has provided personal data to us, contact [email protected].

14. Your Privacy Rights and Choices

Depending on your jurisdiction, you may have rights such as the right to:

  • know whether we process your personal data
  • access a copy of your personal data
  • correct inaccurate personal data
  • request deletion of personal data
  • restrict or object to certain processing
  • withdraw consent where processing depends on consent
  • receive a portable copy of certain data
  • opt out of certain direct marketing or similar communications
  • opt out of sale, sharing, or targeted-advertising processing where such rights apply

You may also be able to manage some information directly through the Services, such as profile details, notification settings, or certain device permissions.

To exercise rights not available in-product, contact us at [email protected].

We may need to verify your identity before completing a request. We may refuse or limit requests where permitted by law, including when we cannot verify identity, the request is manifestly unfounded or excessive, or an exemption applies.

If an authorized agent submits a request on your behalf, we may require proof of identity and proof of authority.

Where required by law, we will respond within the timeframe prescribed by the applicable jurisdiction, subject to lawful extensions, identity verification, and complexity of the request. If we decline a request in whole or in part, we will generally explain the basis for that decision unless law restricts us from doing so.

Submitting a rights request does not prevent us from continuing to process data where a legal exemption applies, where the data is required to provide an active service you still use, or where continued retention is necessary for security, legal, accounting, or fraud-prevention purposes.

15. EEA, UK, and Similar Jurisdictions

If you are located in the EEA, UK, or a similar jurisdiction, you may have rights to access, rectification, erasure, restriction, objection, and portability, as well as the right to withdraw consent where consent is the legal basis.

You may also have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can try to resolve your concern.

16. California and Similar U.S. State Notices

If you live in California or another U.S. state with similar privacy rights, you may have rights to:

  • know the categories of personal data we collected, used, disclosed, sold, or shared
  • access specific pieces of personal data, where applicable
  • request correction or deletion
  • request portability
  • opt out of sale, sharing, or certain targeted-advertising processing, if applicable
  • not receive discriminatory treatment for exercising privacy rights

We do not sell personal data for money in the ordinary sense. If our practices change in a way that triggers additional opt-out rights, we will provide the required disclosures and controls.

If applicable law grants you a right to appeal a privacy-rights decision, you may contact us again using the contact details below and clearly identify the prior request and the basis for your appeal. We will review the matter according to the law that applies to your request.

17. Third-Party Sites and Services

The Services may link to or surface third-party sites, articles, exchanges, app-store pages, or tools that we do not control. Their privacy practices are governed by their own policies, not this Privacy Policy.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will be posted through the Services with an updated effective date. Material changes may also be highlighted in-product or through another reasonable communication method when appropriate.

19. Contact Us

If you have privacy questions, want to exercise your rights, or need to contact us about this Privacy Policy:

Email: [email protected]

Finqt LLC-FZ Meydan Free Zone Dubai, United Arab Emirates

Questions? Contact us:

[email protected]