Privacy Policy

Last updated: April 5, 2026

At Fynorg ("we," "us," or "our"), we are committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Data Storage and Location
  4. 4. Data Sharing and Disclosure
  5. 5. Cookies and Tracking
  6. 6. Data Security
  7. 7. Data Retention
  8. 8. Your Rights
  9. 9. Children's Privacy
  10. 10. International Data Transfers
  11. 11. Changes to This Policy
  12. 12. Contact Us

1. Information We Collect

1.1 Information You Provide

When you register for an account, use our Services, or communicate with us, we may collect:

  • Account information: name, email address, phone number, organization name, job title, and password.
  • Organization data: organization details, department structure, project information, financial data (budgets, expenditures), and staff records that you enter into the platform.
  • Payment information: billing details, transaction records, and payment method information processed through our third-party payment providers (Stripe, PayPal, M-Pesa).
  • Communications: messages you send through our contact forms, support tickets, or emails.
  • Documents: files, attachments, and documents you upload to the platform.

1.2 Information Collected Automatically

When you access our Services, we automatically collect certain information:

  • Usage data: pages visited, features used, actions taken, and timestamps.
  • Device information: browser type, operating system, IP address, and device identifiers.
  • Log data: server logs including access times, error logs, and referral URLs.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Services: operate the platform, process transactions, manage accounts, and deliver the features you request.
  • Improve the Services: analyze usage patterns, diagnose technical issues, and develop new features.
  • Communicate with you: send service-related notifications, respond to support requests, and provide important updates about your account.
  • Security and compliance: detect and prevent fraud, enforce our terms, and comply with legal obligations.
  • Billing and payments: process subscriptions, generate invoices, and manage payment transactions.

We do not sell your personal information to third parties. We do not use your organization's data to train machine learning models or for advertising purposes.

3. Data Storage and Location

Your data is stored on secure servers managed by our hosting providers. We use industry-standard cloud infrastructure with data centers that maintain appropriate security certifications.

Each organization's data is logically isolated using tenant-level security. This means your organization's data is separated from other organizations' data at the database level, and no other organization can access your information.

4. Data Sharing and Disclosure

We may share your information only in the following circumstances:

  • Service providers: we work with trusted third-party providers who help us operate the Services, including payment processors (Stripe, PayPal, M-Pesa providers), email delivery services, and hosting providers. These providers are contractually obligated to protect your data.
  • Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent: we may share information with your explicit consent or at your direction.

5. Cookies and Tracking

We use cookies and similar technologies to maintain your session, remember your preferences, and ensure the security of your account. The cookies we use are:

  • Essential cookies: required for the platform to function, including authentication session cookies and CSRF protection tokens.
  • Preference cookies: store your language, timezone, and display preferences.

We do not use third-party advertising or analytics tracking cookies. You can configure your browser to refuse cookies, but this may affect your ability to use certain features of the Services.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Two-factor authentication (email, authenticator app, or SMS) for all user accounts.
  • Role-based access controls ensuring users only access data relevant to their role.
  • Immutable audit trails logging every significant action within the platform.
  • Regular security assessments and updates.
  • Tenant-level data isolation preventing cross-organization data access.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to continuously improving our security practices.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. When you close your account or request deletion, we will delete or anonymize your personal information within a reasonable timeframe, except where we are required to retain it for legal, accounting, or compliance purposes.

Organization data (projects, budgets, submissions, expenditures) is retained for the duration of the organization's subscription. Upon subscription termination, data is retained for a grace period to allow for reactivation, after which it is permanently deleted.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: request that we correct inaccurate or incomplete information.
  • Deletion: request that we delete your personal information, subject to legal retention requirements.
  • Portability: request a copy of your data in a structured, machine-readable format.
  • Objection: object to certain processing of your personal information.
  • Restriction: request that we restrict the processing of your information in certain circumstances.

To exercise any of these rights, please contact us at privacy@fynorg.com. We will respond to your request within 30 days.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of those changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: