Privacy Policy

Last Updated: 31 January 2026

This Privacy Policy explains how Keennovation Sdn Bhd (Company No: 1178740-V) (the “Data Controller”, “we”, “us”, or “our”) collects, handles, and protects your personal data in accordance with the Malaysian Personal Data Protection Act 2010 (PDPA) and its 2024 Amendments.


1. GENERAL PRINCIPLE
By registering for an account or using the Finory: Credit Card & Expenses Tracker and Finory: Cashback Tracker (“both as Platform or App”), you expressly consent to the processing of your personal data as described in this policy. You may withdraw your consent at any time, though this may limit your ability to use the App.

Explicit Consent for Sensitive Data: By forwarding your financial statements to our system, you provide explicit consent for us to process your financial information for the purpose of personal finance management.


2. NOTICE & CHOICE PRINCIPLE
DATA WE COLLECT
We collect information through the following methods:

Account Registration Data: To create your account, we collect your name, email, and phone number (used for OTP verification).
Statement Data: When you forward or upload financial statements, we collect transaction data (amounts, dates, descriptions) and only the last 4 digits of your account numbers.
Manual Entry Data: You may voluntarily key in your spending data manually. This information is treated as user data and is stored securely to maintain your tracking history.
Device Information: We gather information about the device you use, which includes its model and type, operating system version, unique identifiers, your IP address along with its associated location, and statistics on your usage of our application.
App Usage and Analytics Data: We collect data on how you use the app, which encompasses details about the specific features you engage with and their frequency, the duration and regularity of your app sessions, and information pertaining to the app's performance, such as crash reports, error logs, and other relevant metrics.
Excluded Data: Our system is specifically designed not to extract any PII from your statements, such as your full home address and full name.

OBLIGATORY VS. VOLUNTARY DATA

Providing your registration data is mandatory. Failure to do so means we cannot create your account.
Providing financial statements or manual entries is voluntary but necessary for the app's core tracking features.


SOURCES OF DATA

In compliance with Section 7 of the PDPA, we inform you that your personal data is obtained from the following sources:

Directly from You: Information you provide during account registration (name, email, phone number) and any data you voluntarily key in through the manual spending tracker.
From Your Communications: Information contained within the financial statements (PDFs, CSVs, or emails) that you choose to forward or upload to the Finory Platform.
From Your Use of the App: Technical data such as your IP address and device information collected automatically to ensure the security and performance of our services.

HOW WE USE YOUR DATA

We process your personal data for the following purposes:

  • To create and manage your account, including identity verification via OTP.
  • To parse, categorize, and analyze your financial statements for your view.
  • To provide and maintain your manual spending tracking history.
  • To troubleshoot technical issues and improve app performance.
  • To comply with any legal or regulatory obligations.
  • To communicate with you about products, services, offers, updates and events.
  • To respond to your inquiries and provide customer support.
  • To analyze usage patterns and optimize user experience.

3. DISCLOSURE PRINCIPLE
Your information is used solely to provide personal finance management services. 

We Will Never Do:

  1. Sell your personal information to any third party.
  2. Share your data for marketing purposes without your explicit consent.
  3. We will never allow unauthorized parties access to your account.

We may disclose your data to the following classes of third parties:

  1. Service Providers: We engage with third-party companies (data processors) to support the operation of our App, including services such as analytics, payment processing, and cloud storage.
  2. Legal Requirements: When it is requested by authorities.
  3. Internal Personnel: Employees on a "need-to-know" basis for support.

4. SECURITY PRINCIPLE
We implement industry-standard encryption and organizational measures to protect your data from loss or unauthorized access.

Should we identify a data breach that is likely to result in significant harm, we will adhere to the 2024 Amendments by:

Notifying the Personal Data Protection Commissioner within 72 hours.
Notifying you without undue delay (typically within 7 days).

5. RETENTION PRINCIPLE
We do not keep your data longer than necessary:

Raw Source Files: Successfully parsed statement files (PDF, CSV, etc.) are automatically and permanently deleted immediately.
Error Logs: Failed files are kept for a maximum of 7 days for troubleshooting before being purged.
App & Manual Data: Your transaction history and manually entered data are retained until you choose to delete your account.

6. DATA INTEGRITY PRINCIPLE
We take reasonable steps to ensure your data is accurate and complete. You are encouraged to review and correct any manually entered data or parsed categories directly through the App settings.


7. ACCESS PRINCIPLE

You are entitled to the following rights:

Access and Correction: The right to view your personal data and correct any inaccuracies.
Right to Erasure: The right to request the permanent deletion of your account and associated data whenever you choose.

Data Deletion & Account Termination

You may delete your account and all associated transaction data at any time directly within the App under Settings > Profile> Delete Account. Upon deletion, all your personal and processed data is permanently removed from our active databases. You may also initiate a deletion request by visiting our [https://help-cashback.finory.app/general/how-to-delete-my-account-and-data] or emailing support@finory.app.

 


Updates to This Privacy Policy
This Privacy Policy may be revised periodically. We will inform you of any significant amendments by publishing the updated version within the App and modifying the "Last Updated" date accordingly.


CONTACT OUR DATA PROTECTION OFFICER (DPO)
For any privacy-related inquiries, please contact our DPO:

Email: [support@finory.app]
Address: [Level 23-1, Premier Suite One Mont Kiara, No 1, Jalan Kiara, Mont Kiara, 50480 Kuala Lumpur.]

Dasar Privasi
Terakhir Dikemaskini: 31 Januari 2026

Dasar Privasi ini menerangkan bagaimana Keennovation Sdn Bhd (No. Syarikat: 1178740-V) (“Pengawal Data”, “kami”, atau “milik kami”) mengumpul, mengendalikan, dan melindungi data peribadi anda selaras dengan Akta Perlindungan Data Peribadi 2010 (PDPA) Malaysia dan Pindaan 2024 akta tersebut.

1. PRINSIP AM
Dengan mendaftar akaun atau menggunakan Finory: Credit Card & Expenses Tracker dan Finory: Cashback Tracker (“kedua-duanya sebagai Platform atau Aplikasi”), anda memberikan persetujuan nyata terhadap pemprosesan data peribadi anda seperti yang diterangkan dalam dasar ini.

Penarikan Balik Persetujuan: Anda boleh menarik balik persetujuan anda pada bila-bila masa, walaupun ini mungkin mengehadkan keupayaan anda untuk menggunakan Aplikasi.
Persetujuan Nyata untuk Data Sensitif: Dengan memajukan penyata kewangan anda ke sistem kami, anda memberikan persetujuan nyata untuk kami memproses maklumat kewangan anda bagi tujuan pengurusan kewangan peribadi.


2. PRINSIP NOTIS & PILIHAN
DATA YANG KAMI KUMPUL

Kami mengumpul maklumat melalui kaedah berikut:

Data Pendaftaran Akaun: Nama, e-mel, dan nombor telefon (digunakan untuk pengesahan OTP).
Data Penyata: Data transaksi (jumlah, tarikh, huraian) dan hanya 4 digit terakhir nombor akaun anda apabila anda memajukan atau memuat naik penyata kewangan.
Data Kemasukan Manual: Data perbelanjaan yang anda masukkan secara sukarela.
Maklumat Peranti: Model peranti, versi sistem operasi, pengecam unik, alamat IP, lokasi berkaitan, dan statistik penggunaan aplikasi.
Data Penggunaan dan Analitik Apl: Ciri yang digunakan, kekerapan dan tempoh sesi aplikasi, serta prestasi aplikasi (laporan kerosakan/ralat).
Data yang Dikecualikan: Sistem kami direka khusus untuk tidak mengekstrak sebarang PII (Maklumat Pengenalan Peribadi) daripada penyata anda, seperti alamat rumah penuh dan nama penuh anda.


DATA WAJIB VS. SUKARELA
Wajib: Menyediakan data pendaftaran adalah wajib. Kegagalan berbuat demikian menyebabkan akaun tidak dapat dicipta.
Sukarela: Menyediakan penyata kewangan atau kemasukan manual adalah sukarela tetapi diperlukan untuk ciri penjejakan teras aplikasi.


SUMBER DATA

Selaras dengan Seksyen 7 PDPA, data peribadi anda diperoleh daripada:

Terus daripada Anda: Maklumat semasa pendaftaran dan data yang dimasukkan secara manual.
Daripada Komunikasi Anda: Maklumat dalam penyata kewangan (PDF, CSV, atau e-mel) yang anda pilih untuk hantar.
Daripada Penggunaan Aplikasi: Data teknikal (alamat IP dan maklumat peranti) yang dikumpul secara automatik.


BAGAIMANA KAMI MENGGUNAKAN DATA ANDA

Menguruskan akaun dan pengesahan identiti (OTP).
Menganalisis dan mengkategorikan penyata kewangan untuk paparan anda.
Menyediakan sejarah penjejakan perbelanjaan manual.
Menyelesaikan masalah teknikal dan meningkatkan prestasi aplikasi.
Mematuhi kewajipan undang-undang atau kawal selia.
Berkomunikasi mengenai produk, perkhidmatan, tawaran, dan kemas kini.


3. PRINSIP PENDEDAHAN
Maklumat anda digunakan semata-mata untuk perkhidmatan pengurusan kewangan peribadi. Kami Tidak Akan Pernah:

Menjual maklumat peribadi anda kepada mana-mana pihak ketiga.
Berkongsi data untuk tujuan pemasaran tanpa persetujuan nyata anda.
Membenarkan pihak yang tidak berkuasa mengakses akaun anda.
Kami mungkin mendedahkan data kepada: Penyedia Perkhidmatan (pemproses data untuk operasi aplikasi), Pihak Berkuasa (jika diminta oleh undang-undang), dan Kakitangan Dalaman (atas dasar "perlu tahu" untuk sokongan).

4. PRINSIP KESELAMATAN
Kami melaksanakan penyulitan standard industri untuk melindungi data anda. Jika berlaku pelanggaran data yang mendatangkan bahaya ketara, kami akan:

Memaklumkan Pesuruhjaya Perlindungan Data Peribadi dalam tempoh 72 jam.
Memaklumkan anda tanpa kelengahan yang tidak munasabah (biasanya dalam masa 7 hari).


5. PRINSIP PENYIMPANAN
Fail Sumber Mentah: Fail penyata yang berjaya diproses akan dipadamkan secara automatik dan kekal dengan serta-merta.
Log Ralat: Fail yang gagal disimpan selama maksimum 7 hari untuk tujuan penyelesaian masalah.
Data Aplikasi & Manual: Sejarah transaksi disimpan sehingga anda memilih untuk memadamkan akaun anda.


6. PRINSIP INTEGRITI DATA
Kami mengambil langkah munasabah untuk memastikan data anda tepat. Anda digalakkan untuk menyemak dan membetulkan sebarang data manual atau kategori yang diproses melalui tetapan Aplikasi.

7. PRINSIP AKSES
Anda berhak untuk:

Akses dan Pembetulan: Melihat dan membetulkan sebarang ketidaktepatan data peribadi anda.
Hak untuk Pemadaman: Meminta pemadaman kekal akaun dan data berkaitan pada bila-bila masa.

Anda boleh memadamkan akaun anda dan semua data transaksi yang berkaitan pada bila-bila masa terus dalam Aplikasi di bawah Tetapan > Profil > Padam Akaun. Setelah pemadaman, semua data peribadi dan data yang diproses anda akan dikeluarkan secara kekal daripada pangkalan data aktif kami. Anda juga boleh memulakan permintaan pemadaman dengan melayari \[https://help-cashback.finory.app/general/how-to-delete-my-account-and-data\] atau menghantar e-mel ke support@finory.app.

8. PERCANGGAHAN BAHASA
Dasar Privasi ini disediakan dalam Bahasa Inggeris dan Bahasa Melayu. Sekiranya terdapat sebarang percanggahan, ketidakkonsistenan, atau keraguan antara versi Bahasa Melayu dengan versi Bahasa Inggeris, maka versi Bahasa Inggeris akan dianggap sebagai versi yang muktamad dan diguna pakai.