Digital Money Innovations AG · Baarerstrasse 43 · CH-6300 Zug · Switzerland

How we protect your data.

+------------------------------------------+ | ISSUE 2024.01 | | LAST UPDATED 2026-05-27 | +------------------------------------------+

01 // SCOPE

This policy governs the processing of personal data by Digital Money Innovations AG (operating as Fynful) in connection with the Fynful platform, including the website at https://fynful.com and all services offered under our Swiss FINMA-supervised license.

We act as the data controller for the personal data we collect. The policy applies to clients, prospects, applicants, and visitors and is written to be consistent with the Swiss FADP and the EU GDPR where applicable.

02 // WHAT WE COLLECT

We collect only what is necessary to operate the platform and meet our regulatory obligations. Categories include account and identity data, KYC documents, transaction metadata, device and session signals, support correspondence, and limited marketing preferences.

We do not knowingly collect sensitive categories of data beyond what is required for sanctions and AML screening. Where data is optional, fields are clearly marked as such at the point of collection.

03 // HOW WE USE IT

Personal data is processed to provide the service, route and settle transactions, detect fraud, comply with AML and sanctions regimes, secure the platform, and improve product quality. Each processing activity is tied to a specific legal basis: contract, legal obligation, legitimate interest, or consent.

We do not sell personal data. Profiling is limited to risk scoring and fraud prevention and is reviewed by humans before any decision with legal or similarly significant effect is taken.

We share data with banking partners, card networks, KYC and sanctions screening providers, cloud infrastructure providers, and professional advisers, strictly on a need-to-know basis and under written data processing agreements.

Where data leaves Switzerland or the EEA, transfers rely on adequacy decisions or Standard Contractual Clauses combined with supplementary technical measures such as in-transit encryption and key management controls.

05 // STORAGE & RETENTION

Data is encrypted in transit using TLS 1.3 and at rest using AES-256. Access is restricted by role and audited continuously. Production systems are hosted in EU and Swiss regions with redundant backups under the same protection regime.

We retain operational data for 12 months by default. KYC and transaction records are retained for the periods mandated by Swiss financial regulation, typically 10 years. After the retention period elapses, records are deleted or irreversibly anonymised.

06 // YOUR RIGHTS

You have the right to access your personal data, rectify inaccurate records, request erasure, port your data to another controller, and object to processing based on legitimate interests. Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

Requests are handled within 30 days. You may also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner or with the supervisory authority in your country of residence.

07 // CONTACT

Our Data Protection Officer can be reached at [email protected]. Postal mail should be addressed to the DPO at the company address above. We respond to all credible requests, including from non-customers exercising their statutory rights.