Персональная финансовая система Finamus

Personal Data Processing Policy

Effective Date: February 10, 2026

1. General Provisions

This Personal Data Processing Policy (hereinafter — the Policy) has been prepared in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter — the Personal Data Law) and defines the procedures for processing personal data and security measures taken by Individual Entrepreneur Anton Vasilievich Lapin (hereinafter — the Operator).

1.1. The Operator considers respect for the rights and freedoms of individuals in the processing of their personal data, including the protection of the right to privacy, as the most important objective and condition of its activities.

1.2. This Policy applies to all information that the Operator may receive about visitors and users of the Finamus service (hereinafter — the Service), available at https://finamus.com.

2. Key Definitions

2.1. Personal data — any information relating directly or indirectly to a specific or identifiable User of the Service.

2.2. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automated means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

2.3. Operator — Individual Entrepreneur Anton Vasilievich Lapin, who independently organizes and carries out the processing of personal data.

2.4. User — any person using the Service or visiting the website https://finamus.com.

3. Categories of Personal Data and Processing Purposes

The Operator processes the following categories of personal data for the stated purposes:

3.1. Account Data

  • Scope: email address, password (hashed)
  • Purpose: registration, authentication, and security of the User's account
  • Legal basis: performance of a contract (clause 5, part 1, Article 6 of the Personal Data Law)

3.2. Profile Settings

  • Scope: interface language, preferred currency, date and time format, theme
  • Purpose: personalization of the Service according to User preferences
  • Legal basis: performance of a contract (clause 5, part 1, Article 6 of the Personal Data Law)

3.3. Financial Data

  • Scope: information about bank accounts, transactions, budgets, debts, and financial goals entered by the User
  • Purpose: providing the Service's personal finance management functionality
  • Legal basis: performance of a contract (clause 5, part 1, Article 6 of the Personal Data Law)

3.4. Technical Data

  • Scope: IP address, browser type and version, operating system
  • Purpose: ensuring operability, security, and improvement of the Service
  • Legal basis: legitimate interest of the Operator (clause 7, part 1, Article 6 of the Personal Data Law)

3.5. Email Data

  • Scope: email address
  • Purpose: informing the User via email (security notifications, transactional emails, Service updates)
  • Legal basis: consent of the data subject (clause 1, part 1, Article 6 of the Personal Data Law)

4. Processing Actions

4.1. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction.

4.2. The Operator carries out automated processing of personal data with transmission over information and telecommunication networks.

5. Principles of Personal Data Processing

5.1. Processing is carried out on a lawful and fair basis.

5.2. Processing is limited to achieving specific, predetermined, and legitimate purposes.

5.3. Merging of databases containing personal data processed for incompatible purposes is not permitted.

5.4. Only personal data that meets the purposes of processing are subject to processing. Excessive data relative to the stated purposes is not permitted.

5.5. The Operator ensures accuracy, sufficiency, and where necessary, relevance of personal data.

5.6. Personal data is stored in a form that allows identification of the data subject for no longer than required by the purposes of processing.

6. Conditions of Processing

6.1. Processing is carried out with the consent of the data subject.

6.2. Processing is necessary for the performance of a contract to which the data subject is a party.

6.3. Processing is necessary for the exercise of the Operator's rights and legitimate interests, provided that the rights and freedoms of the data subject are not violated.

7. Rights and Obligations of the Operator

7.1. The Operator has the right to:

  • receive reliable information and/or documents containing personal data from the data subject;
  • continue processing personal data without consent if grounds exist under the Personal Data Law;
  • independently determine the composition and list of measures necessary to ensure compliance with the Personal Data Law.

7.2. The Operator is obligated to:

  • provide the data subject with information regarding the processing of their personal data upon request;
  • organize processing in accordance with current legislation of the Russian Federation;
  • respond to inquiries from data subjects within the timeframes established by the Personal Data Law;
  • report required information to the supervisory authority within 10 days of receiving a request;
  • ensure unrestricted access to this Policy;
  • take legal, organizational, and technical measures to protect personal data;
  • cease processing and destroy personal data in the manner and cases provided by the Personal Data Law.

8. Rights and Obligations of Data Subjects

8.1. Data subjects have the right to:

  • receive information regarding the processing of their personal data;
  • require the Operator to clarify, block, or destroy personal data that is incomplete, outdated, inaccurate, or unlawfully obtained;
  • withdraw consent to processing;
  • file a complaint with the supervisory authority or in court regarding unlawful actions or inaction by the Operator.

8.2. Data subjects are obligated to:

  • provide the Operator with accurate data about themselves;
  • inform the Operator of updates to their personal data.

9. Storage and Protection of Personal Data

9.1. Security

  • All data is transmitted over encrypted channels (HTTPS/TLS)
  • Passwords are stored in hashed form using modern algorithms (bcrypt)
  • Financial data is stored on secure servers with restricted access
  • Organizational and technical protection measures are applied in accordance with Article 19 of the Personal Data Law

9.2. Retention Periods

  • Account data is stored until account deletion or withdrawal of consent
  • After account deletion, personal data is destroyed within 30 days
  • Backups may be retained for up to 90 days before destruction

9.3. Conditions for Cessation of Processing

Processing is terminated upon:

  • achievement of the processing purposes;
  • expiration of consent;
  • withdrawal of consent by the data subject;
  • identification of unlawful processing.

10. Sharing Data with Third Parties

The Operator does not sell personal data to third parties. Transfer is possible in the following cases:

  • With consent: when the User explicitly authorizes data transfer
  • Service providers: companies providing hosting, payment processing, and email delivery, operating under agreements ensuring confidentiality
  • Legal requirements: upon request from government authorities in accordance with applicable legislation

Information collected by third-party services is stored and processed by them in accordance with their privacy policies. The Operator is not responsible for the actions of third parties.

11. Cross-Border Transfer of Personal Data

11.1. The Operator may carry out cross-border transfer of personal data to foreign states that provide adequate protection of data subject rights.

11.2. Cross-border transfer is carried out in accordance with Article 12 of the Personal Data Law and only if one of the grounds provided in Article 6 of the Personal Data Law exists.

12. Cookies

The Operator uses cookies to:

  • maintain authentication sessions;
  • save User preferences;
  • ensure security.

The User may disable cookies in browser settings, which may limit Service functionality.

13. Consent to Processing

13.1. The User gives consent to the processing of personal data by registering in the Service and accepting this Policy.

13.2. Consent is specific, informed, and conscious in accordance with Article 9 of the Personal Data Law.

13.3. The User may withdraw consent at any time by sending a notification to the Operator at support@finamus.com with the subject "Withdrawal of consent to personal data processing".

13.4. Upon withdrawal of consent, the Operator may continue processing if grounds exist under the Personal Data Law. Data for which no such grounds exist will be destroyed within 30 days of receiving the withdrawal.

14. Children's Data

The Service is not intended for persons under 16 years of age. The Operator does not knowingly collect personal data of minors. If the Operator becomes aware of receiving data from a minor, such data will be promptly destroyed.

15. Policy Changes

15.1. The Operator may amend this Policy. Users will be notified of significant changes via email or through a notification in the Service at least 14 days before the changes take effect.

15.2. The current version of the Policy is publicly available at https://finamus.com/en/privacy/.

16. Contact Information

For questions regarding personal data processing:

Operator: Individual Entrepreneur Anton Vasilievich Lapin Email: support@finamus.com Website: https://finamus.com

Finamus — personal financial system