Sign Up

Privacy Policy

Home » Privacy Policy

Privacy Policy

Effective Date: October 9, 2025

  1. Introduction

This Privacy Policy describes how Provua (“we,” “us,” or “our”) collects, uses, and discloses your personal information when you use our websites (Provua.com and Finnite.com) and the Provua application (collectively, the “Services”).

We are committed to protecting your privacy and handling your personal information in an open and transparent manner. This policy is designed to help you understand your privacy rights and to comply with major global privacy laws, including the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR), and the UK’s Data Protection Act 2018 (UK-GDPR).

  1. Information We Collect

We collect information that you provide to us, information we collect automatically, and information from other sources.

  • Information You Provide Directly:
    • Account Information: When you create an account, we collect your name, email address, password, and other profile information you provide.
    • Payment Information: If you subscribe to a paid plan, we or our third-party payment processors collect your billing address and payment details.
    • Communications: When you contact us for support, provide feedback, or communicate with us in any way, we collect the information you provide.
  • Information We Collect Automatically:
    • Log and Usage Data: Our servers automatically collect information when you use our Services, including your IP address, browser type, operating system, referring URLs, device information, pages visited, and cookie data.
    • Device Information: We collect information about the device you use to access our Services, such as the hardware model, operating system, application IDs, and unique device identifiers.
  • Information From Third Parties:
    • We may receive information about you from third-party services if you choose to link or integrate them with our Services (e.g., linking a third-party account).
  1. How and Why We Use Your Information (Legal Basis for Processing)

Our legal basis for collecting and using your personal information depends on the specific context.

  • To Provide and Maintain the Services (Performance of a Contract): We use your information to operate our Services, process transactions, manage your account, and provide customer support. This processing is necessary to perform the contract we have with you.
  • To Improve Our Services and for Security (Legitimate Interests): We use your information to understand user behaviour, improve our products, prevent fraud, and secure our systems. We do this based on our legitimate interest in maintaining and enhancing our Services, provided it does not override your fundamental rights. We may analyse your interactions with Provua assistant to gain better insights into how to improve its responses, training and/or Provua’s UX/UI.
  • For Marketing and Promotions (Consent): We may send you marketing communications about our products and services. You may withdraw consent at any time by contacting us as below.
  1. How We Share Your Information

We do not sell your personal information. We may share it in the following limited circumstances:

  • Service Providers: We share information with third-party vendors who perform services on our behalf, such as cloud hosting (e.g. Supabase), payment processing (e.g., Stripe), AI services (e.g.OpenAI) and analytics (e.g., Google Analytics). These providers are contractually obligated to protect your data.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.
  • Legal Obligations: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  1. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. Cookies are small data files stored on your device. For more detailed information, please see our Cookie Policy [You should create a separate Cookie Policy and link it here].

  1. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, based on criteria such as the duration of your active account and our legal or regulatory obligations. When no longer needed, we will either delete or anonymize it.

  1. Security of Your Personal Information

We have implemented appropriate technical and organizational security measures, such as encryption and access controls, to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

  1. International Data Transfers

Your information may be transferred to and processed in countries other than your own. For residents of the European Economic Area (EEA) and the United Kingdom (UK), we rely on legal mechanisms to ensure your data is protected, such as:

  • Adequacy Decisions: Transferring data to countries that the European Commission or the UK Government has deemed to have an adequate level of data protection.
  • Standard Contractual Clauses (and UK equivalent): Using legal contracts like the EU’s Standard Contractual Clauses (SCCs) and the UK’s International Data Transfer Agreement (IDTA) or Addendum to ensure your information is protected.
  1. Your Data Protection Rights

Depending on your location, you have certain rights regarding your personal information.

Rights for Residents of the EEA and UK (GDPR)

If you are a resident of the EEA or the United Kingdom, you have the following rights:

  • The right to access, update, or delete the information we have on you.
  • The right of rectification to correct any inaccurate information.
  • The right to object to our processing of your personal information.
  • The right of restriction to request we limit the processing of your information.
  • The right to data portability to receive a copy of your information in a structured, machine-readable format.
  • The right to withdraw consent at any time.
  • The right to lodge a complaint with a Data Protection Authority (such as the Information Commissioner’s Office in the UK).

Rights for Residents of California (CCPA/CPRA)

If you are a California resident, you have the right to know, delete, opt-out of the “sale” or “sharing” of your information, and non-discrimination for exercising your rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the details in the “Contact Us” section below.

  1. Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the “Effective Date” at the top. For any material changes, we will also provide you with a more prominent notice, such as by sending an email or through an in-app notification. We encourage you to review this policy periodically.

  1. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact our Data Privacy team:

  • By email: support@finnite.com.au
  • By mail: Suite 2, 28 Fortescue St, Spring Hill, 4000