Privacy Policy

1. Who we are

FingerPay ("we", "us", "our") operates the fingerprint payment platform at fingerpay.net. We provide fingerprint-based payment processing for merchants and their customers.

2. What we collect

When you enroll as a customer, we collect:

• Identity information: Full name, email address, phone number (optional)
• Biometric data: A mathematical fingerprint template derived from your fingerprint scan. This is not an image of your fingerprint — it is a numeric descriptor used only for matching.
• Payment information: Your card details are stored securely by Stripe, our payment processor. FingerPay stores only a Stripe customer ID and payment method reference — never raw card numbers.
• Transaction records: Amount, merchant, date, and Stripe payment status for each transaction.

3. How we use your data

• To authenticate you at the payment terminal using your fingerprint
• To charge your payment method via Stripe when a match is confirmed
• To send email receipts after each transaction
• To allow you to access and delete your account via the customer portal

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

4. Biometric data

We treat fingerprint templates with the highest level of protection:

• Fingerprint templates are encrypted with AES-256-GCM before being stored in our database
• Raw fingerprint images are never stored — only the mathematical template is kept
• The fingerprint matching process happens locally on the payment terminal — your template is fetched over an encrypted connection and never transmitted to a third party
• Biometric data is permanently deleted when you delete your account

5. Third parties

We share data with the following third parties only to the extent necessary to operate the service:

• Stripe — payment processing and card storage. Stripe's privacy policy is available at stripe.com/privacy
• Supabase / PostgreSQL — encrypted database hosting
• Resend — transactional email (receipts, verification codes). Email addresses are shared only to deliver emails you have requested

6. Data retention

We retain your data for as long as your account is active. Transaction records are retained for financial compliance purposes even after account deletion, but are pseudonymized — your name, email, and fingerprint are removed, and only the transaction amount, date, and merchant are kept.

7. Your rights

You have the right to:

• Access your data — visit fingerpay.net/static/customer-portal.html to see your enrolled information
• Delete your account — from the customer portal, you can permanently delete your fingerprint, payment method reference, and personal information
• Opt out of receipts — contact us at the address below

Residents of California (CCPA), Illinois (BIPA), Texas, Washington, and other states with biometric privacy laws have additional rights. Please contact us to exercise these rights.

8. Security

All data is transmitted over HTTPS (TLS). Fingerprint templates are encrypted at rest with AES-256-GCM. Merchant passwords are hashed with bcrypt. API keys are stored as SHA-256 hashes. We do not log personally identifiable information.

9. Children

FingerPay is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has enrolled, contact us immediately.

10. Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. Continued use of FingerPay after changes constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data requests, or to exercise your rights, contact us at:

Email: warrenemmanuel969@gmail.com