PRIVACY_POLICY

FINTECH_MCP ("we", "us", "our") is operated by Infinite Rectangles. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using FINTECH_MCP, you agree to the practices described here.

We take privacy seriously. We collect only what we need to operate the service and never sell your personal or financial data to third parties.

Account information: When you register, we collect your name and email address.

Financial data: When you link a bank account via Plaid, we receive and store account metadata (institution name, account type, mask), balance snapshots, and transaction history. We do not store your bank login credentials — those are handled entirely by Plaid.

API usage: We log API key usage (timestamp and endpoint) to support rate limiting and abuse detection. We do not log request bodies or response payloads.

Billing: Payment processing is handled by Stripe. We store only your Stripe customer ID and subscription status — we never see or store your full card number.

We use your information to:

• // Provide and operate the FINTECH_MCP service
• // Sync and display your financial data via the API and MCP tools
• // Process payments and manage your subscription
• // Send transactional emails (account creation, billing receipts)
• // Detect and prevent fraud or abuse

We do not use your financial data for advertising, profiling, or sale to third parties.

We share data with the following third-party services solely to operate FINTECH_MCP:

• // Plaid — bank account linking and transaction sync
• // Stripe — payment processing and subscription management
• // Loops — transactional email delivery

Each of these providers has their own privacy policy and data processing terms.

We may disclose information if required by law or to protect the rights and safety of our users.

We retain your account data for as long as your account is active. Financial data (transactions, balances, holdings) synced from Plaid is retained to power the API and MCP tools.

When you unlink a bank account, the associated data is deleted from our database. When you delete your account, all of your data is permanently removed within 30 days.

Sensitive data (including Plaid access tokens and API keys) is encrypted at rest using AES-256. All data in transit is protected by TLS. Access to production systems is restricted to authorized personnel.

No system is perfectly secure. If you discover a security vulnerability, please report it to [contact].

You have the right to:

• // Access the personal data we hold about you
• // Correct inaccurate data
• // Delete your account and all associated data
• // Export your data in a machine-readable format
• // Opt out of non-transactional email communications

To exercise any of these rights, contact us at [contact].

We use a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the dashboard. Continued use of the service after changes constitutes acceptance of the updated policy.

Questions about this Privacy Policy? Contact us at [contact].