Planto's Privacy Policy

1. Introduction
   1. Planto Limited (hereinafter also referred to as 'Planto', 'we', 'us' or 'our') is a software as a service platform that offers goal setting, account aggregation, automated expense tracking and access to 3 rd party financial products via our mobile application (hereinafter also referred to as 'the App') as well as our website.
   2. This Privacy Policy governs the manner in which Planto collects, uses, maintains and discloses Personal Data collected from you as the users (hereinafter also referred to as 'users', 'you' or 'your') of our App and website. We will also explain the measures being, and to be, taken to ensure that your Personal Data stays secure and confidential in compliance with the applicable data protection laws. This Privacy Policy applies to the services offered by Planto.
   3. By accessing or using our App or website, you signify your acceptance of the terms of this Privacy Policy.
2. Definitions
   1. 'Personal Data' refers to the 'Personal Financial Data' and the 'Personal Identification Data'. 'Personal Financial Data' and 'Personal Identification Data' are respectively defined in paragraph 4 below.
   2. 'Non-Personal Data' is any data that is not reasonably practicable to directly or indirectly identify you, including but not limited to aggregated data, application usage, in-app browsing activity, and application activity including user interface elements, etc.
   3. 'Third-party partners' are any individual or organization that cooperate with us for the purpose of facilitating or improving our services or third-party partners' services provided to you.
3. Our Privacy Principles
   1. Planto builds its business on trust between our users and us. Therefore, security and safety of our users' Personal Data is our top priority. To preserve the confidentiality of all Personal Data you provide to us, we maintain the following privacy principles:
      • We will only collect Personal Data that we have identified in this Privacy Policy which we will use to deliver our services to you, and to facilitate third party services at your consent , operate our business, and help make the App useful, more intelligent, and work better for you.
      • We maintain strict security systems designed to prevent unauthorised access to your Personal Data by anyone, including our employees, agents and contractors.
      • Any members of the Planto, including our employees, agents and contractors, who are permitted access to any Personal Data may only do so for a specific and limited purpose and limited time and during such access, are specifically required to strictly observe our confidentiality obligations.
      • Other than as specified in paragraph 4.5 of this Privacy Policy, we generally do not disclose, sell, trade, or rent your personal data to any third parties.
   2. By maintaining our commitment to these principles, we will ensure that we respect the inherent trust that you have placed in us.
4. Data Collection and Purpose
   1. We may collect and process information from you, including Personal Data, in a variety of ways, including but not limited to, when you register for, install, download, access or use the App, or when you contact us in relation to the App. However, we will only use your Personal Data as set out below and always in accordance with the applicable laws.
   2. When you register for and use the Planto App or website, we collect your email address and device ID which we use to:
      • provide you with our services via the Planto App or website;
      • identify you and the accounts you have registered with us;
      • communicate with you;
      • customise the Planto App or website based on your preference; and
      • notify you of any changes to the Planto App or to our services that may affect you.
   3. We may leverage your mobile device's built-in biometric authentication tools to provide you with added security to ensure there will be no unauthorized access to the App. This includes facial recognition information and your fingerprint.
   4. When you use the App or our website to access or connect to your online financial accounts (including but not limited to, online banking accounts, insurance accounts, electronic payment accounts, eStatements, third party mobile and online payment accounts), we may collect and process details such as account name, currency of the account, outstanding balance, credit limit, your transaction details and history, payment dates and names and addresses of goods and services providers that appear in your account (collectively known as 'Personal Financial Data'), for the purposes of displaying the account information and transaction feed to you, providing you with services on the App and from time to time, conduct research & development for technological enhancement. For the avoidance of doubt, Personal Financial Data for this purpose does not include information that is aggregated with similar data from other users to produce Aggregated Data as defined in paragraph 5 below, or is otherwise no longer identifiable to any specific App user.
   5. When you use the App or website to apply for third party financial services, we may request and store your identification data such as your full name, mobile number, HKID number and date of birth (collectively known as 'Personal Identification Data') solely for the purpose of making the application process convenient for you. Your Personal Identification Data will only be used at your request or consent.
      We may collect or store any usernames, passwords, other authentication details, bank account numbers or credit card numbers for your online accounts. Online log-in credentials always remain encrypted on your device or securely stored on our server
   6. We may record certain Non-Personal Data, such as application usage, in-app browsing activity, and application activity including user interface elements. Along with cookies, we may also use third-party tracking technologies, such as Amplitude, OneSignal and Google Analytics, to record similar information regarding you and your activity on the App. We may grant access to such Non-Personal Data and tracking activity to certain trusted third-party services providers that we work with, but only to perform services on our behalf with restricted access to Personal Data on a need-to-know basis only, and always in compliance with this Privacy Policy.
   7. When you make any purchases on Planto, your credit card information and other payment details will not be collected by us, but only by third party payment processors.
5. Aggregated Data
   1. For the purpose of producing research and statistical collective data amongst the App users and provide you with services on the App, we may aggregate your Personal Financial Data together with similar data from other App users ('Aggregated Data'). Aggregated Data will be produced in such a manner that the underlying data will no longer be identifiable to any specific user. We may share Aggregate Data amongst users as part of the services provided, and also with our third party partners to help us make improvements and/or enhancements to our services and for marketing, research and academic purposes. Rest assured that Aggregate Data cannot be linked to an individual or user in any way.
   2. Whilst we take all reasonable steps to anonymise the Aggregate Data, please be informed that these measures are provided on a best-effort basis. In the event that you believe that any of your Personal Data is or has been inadvertently captured in the App or in any report generated or services provided by us, whether within or outside the App, it is your responsibility to immediately notify us at hello@planto.hk so that we are able to promptly rectify the situation.
6. Sharing and Disclosure
   1. We may share users' Personal Data, Non-Personal Data or Aggregated Data to third parties in the following situations:
      1. Our business partners: We cooperate with our business partners to deliver their services to you. With your consent through our business partner, we may provide some of your Personal Data, Non-Personal Data or Aggregated Data to our business partners, on a need-to-know basis. For instance, we may share your Personal Financial Data to our business partners for them to display or render their services to you. Further, if you have applied for certain financial services on the App, we may need to share your Personal Data to our business partners for processing your application. All information and data which we share to our business partners will also be subject to their own privacy policies, and you are recommended to review their privacy policies prior to making an application for their services through our App and/or website.
      2. Security, legal and regulatory requirements: We reserve the right to disclose your Personal Data to government authorities that have jurisdiction over our company or to our professional advisors such as auditors, lawyers, where it is appropriate or necessary to (i) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (ii) take precautions against liability, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of the services we provide and any facilities or equipment used to make those services available, (v) comply with any law or regulatory requirement, including pursuant to a court order or other legal process, or (vi) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others
7. Data Retention
   1. Online log-in credentials always remain encrypted on your device or securely stored on our server.
   2. We shall take all reasonably practicable steps to ensure that the Personal Data collected is not kept longer than is necessary for fulfilment of the purpose for which it is or is to be used. In some situations, upon we collecting the Personal Data, Non-Personal Data and/or Aggregate Data from you, and transferring such data to our business partners to facilitate our business partners to supply their services to you, we may immediately delete the data that has been passed to our business partners, and we may not store any such data on the App and our website.
   3. Unless otherwise specified in paragraph 7 .1 of this Privacy Policy, Non-Personal Data including Aggregate Data will continue to be stored and retained on our servers indefinitely. We reserve the right to retain and use Aggregate Data derived from the use of the App.
8. Data Deletion, Correction and Access to Personal Data
   1. You have the right to request that your App account or for any of your Personal Data to be deleted from our servers at any time. You can make this request to us by contacting us at hello@planto.hk. Please note that once your account is deleted, any data linked to the App shall be excised permanently from our servers and further access to your account will be impossible.
   2. At the end of your trial period, you will still have an option to request for Personal Data deletion anytime either using means listed out in paragraph 8.1 or through a feature within the Planto App.
   3. You have the right to request access to and correction of your Personal Data held by Planto. We will respond to your request for data access or correction as soon as practicable upon receiving your request. A reasonable administrative fee may be charged for responding to a data access request to reflect the cost of responding to the request.
9. Data Security
   1. Your responsibility:
      1. The App and website requires a user ID and password and/or biometric verification to log in. You should safeguard your user ID and password and keep them secret and confidential. We will never ask you for your password given that you should be the only person who knows it. We strongly recommend that you use strong passwords between 6-16 characters long that are difficult for others to guess. We also recommend that you change your password periodically. In public areas, you should exercise caution and not leave your mobile device unattended or susceptible to theft whilst logged into your account.
      2. If you suspect that your credentials have been stolen or been made known to others, it is your responsibility to change your password immediately and contact us promptly at hello@planto.hk. We shall not be responsible for any loss or damage resulting from any unauthorised access to your account due to any failure to comply with these precautions or through any violation of this Privacy Policy or the Terms of Use.
      3. You should only download the App and its updates from official Play Store and App Store and not from any unofficial sources.
   2. Our commitment to safeguarding your Personal Data:
      1. To maintain the safety and security of your Personal Data, and to protect the App accounts and systems from unauthorized access, we use a combination of firewall barriers, encryption techniques and authentication procedures, among others. Our system will always prompt you to enter your credentials or biometric authentication for your privacy and security. The Personal Data that is collected from you in accordance with this Privacy Policy is transmitted securely to our servers. Access to our systems requires multiple levels of authentication. Our databases are protected from general employee access.
      2. However, the aforementioned security efforts do not preclude us from the possibility of fraud, cyber-attacks, such as hacking, spyware and viruses, and we do not warrant that our servers or network will be immune from such attacks. We are not liable for any loss or damage arising from such risks.
10. Changes
    1. If there are any significant changes to this Privacy Policy, we will send you a notification and to give you the opportunity to review the revised Privacy Policy before the change becomes effective. If you have continued to use our App and/or services, you shall be deemed to have accepted the changes to our Privacy Policy.
    2. Your use of the App and website is subject to the Terms of Use. By using the App, you are deemed to have accepted and agreed to be bound by the Terms of Use. We reserve the right to make changes to the Terms of Use from time to time. We shall notify you of such changes by any reasonable means, including posting the revised version of the Terms of Use on the App or Planto website. It is your responsibility to frequently check on the changes, your continued use of the App following the changes to the Terms of Use will constitute your acceptance of those changes.
11. Minors' Privacy
    1. We do not direct our App and services to minors (typically individuals under the age of 18 years old). If you become aware that am minor has provided us with Personal Data without parental consent, please contact us using the information at paragraph 13 of this Privacy Policy. If we become aware that a minor has provided us with his/her Personal Data without the consent of his/her parent or guardian, we will take commercially reasonable steps to remove such information from our systems.
12. Governing Law
    1. This Privacy Policy will be governed by and construed in accordance with the laws of Hong Kong.
13. Contact
    1. If you have questions or concerns about this Privacy Policy or about our use or retention of your Personal Data, please contact us via email at hello@planto.hk.