top of page

FINSTA

finsta.png

🔒 Privacy Policy

Effective date: July 31 2025

This Privacy Policy explains how Solutionize LTD (UK) and Solutionize LLC (US) (together, “Finsta,” “we,” “us,” “our”) collect, use, share, and protect personal data when you use our mobile apps, websites, and services (the “Platform”). It also explains your privacy choices and rights.

Finsta is a privacy‑first, closed‑ecosystem platform enabling verified creators to offer one‑to‑one messaging, voice/video calls, and digital products to adult consumers. We enforce strict age & ID verification, content moderation, consent tracking, and fraud prevention. Adult/explicit content is not publicly visible; 18+ media is blur‑gated and accessible only to age‑verified users. All uploads are pre‑screened before publication.

We don’t sell personal information. We use data to operate the Platform safely, comply with law and card‑brand rules, and provide you the services you request.

 

1) Who we are & how to contact us

Controllers:

  • Solutionize LTD (UK) — 85 Great Portland Street, W1W 7LT, London, United Kingdom
     

  • Solutionize LLC (USA) — 1111b South Governors Avenue, Dover, DE 19904, United States
     

Privacy contact (all regions): admin@finsta-app.com
Support / Appeals (24/7 WhatsApp): +44 1904 500 751
You may also contact us by post at the addresses above.

EU/UK representative & DPO: Oscar M. You may lodge a complaint with your local data‑protection authority (e.g., the UK ICO).

 

2) Scope & audience

This Policy applies to visitors, registered consumers, and creators using the Platform. It does not cover third‑party websites/apps linked from the Platform.

Adults only. The Platform is for users 18+. We do not knowingly collect data from children. If you believe a minor is using the Platform, contact admin@finsta-app.com immediately.

 

3) What we collect

The categories of personal data we process depend on how you use Finsta:

A. Account & Profile — email, username/handle, display name, profile information, settings, preferences; password (hashed); safety flags/strikes.

B. Identity & Age Verification — name, date of birth, address, government‑issued ID images, selfies/biometric templates and liveness checks (processed via trusted providers such as Yoti/Ondato), verification outcomes, and audit logs. We minimize what we store and rely on providers to process raw biometric data; we retain verification outcomes and limited artifacts to meet safety and compliance obligations.

C. Content & Interactions — media you upload (images, audio, video, text); product listings; captions; purchase delivery logs; chat metadata; call metadata (start/end time, duration, participants). We do not record call audio/video by default. Where recording or temporary buffering is necessary for safety or live streaming moderation, we provide in‑app notice and limit retention.

D. Transactions & Payouts — purchases, top‑ups, refunds, payouts, chargebacks, tax and invoice information. Payment card data is handled by processors (e.g., Stripe/CCBill); we receive tokens and limited card metadata.

E. Device & Network — device identifiers, app version, OS, IP address, language, time zone, approximate location (from IP), cookies and similar technologies (see Cookies section), crash/diagnostics logs.

F. Safety, Moderation & Fraud Signals — automated moderation results (e.g., AWS Rekognition image/video labels; text/metadata analysis), hashes for NCII/CSAM detection, block/mute/report events, abuse patterns, device fingerprinting, velocity checks, risk scores (e.g., from Sift, Stripe Radar), and investigation notes.

G. Support & Compliance — communication history with support, appeals, or legal; copies of IDs or proofs you submit; consents and e‑signatures (including Creator Consent & Media License acceptance), and records required by law/card‑brand rules.

 

4) Why we use your data (legal bases)

We process personal data for these purposes and under these legal bases (EU/UK GDPR terminology in brackets):

  1. Provide the Platform — create accounts, deliver messaging/calls/digital products, show prices, manage wallets/credits, and provide support. (Contract; Legitimate interests)
     

  2. Safety & moderation — pre‑screen uploads; prevent CSAM, non‑consensual content, trafficking, fraud, spam; enforce Standards; investigate reports; comply with takedown and regulator requests. (Legitimate interests; Legal obligation; Vital interests)
     

  3. Identity & age verification — verify creators and, where required by law or policy, consumers. Biometric verification is conducted by providers with your consent; we retain verification outcomes for compliance. (Consent; Legal obligation; Legitimate interests)
     

  4. Payments & payouts — process top‑ups/purchases via Stripe/CCBill; pay creators; manage taxes, refunds, and chargebacks. (Contract; Legal obligation; Legitimate interests)
     

  5. Analytics & service improvement — performance, crash diagnostics, and product analytics. (Legitimate interests; Consent where required)
     

  6. Marketing & communications — transactional messages (receipts, security, policy updates) and, with your opt‑in, optional promotional messages. For creators, off‑platform marketing uses are separately consented (see Creator Consent & Media License). (Legitimate interests; Consent)
     

  7. Legal & regulatory — recordkeeping, responding to lawful requests, exercising or defending legal claims. (Legal obligation; Legitimate interests)
     

We do not use personal data for automated decision‑making that produces legal or similarly significant effects without human involvement. We do use automated tools for moderation and fraud detection; you can request human review of decisions where required by law.

 

5) Cookies & similar technologies

We use cookies/SDKs to:

  • keep you signed in and remember preferences (strictly necessary/functional),
     

  • secure the Platform and prevent fraud (security), and
     

  • measure usage and performance (analytics).
     

Where required, we request consent for non‑essential cookies. You can change preferences in Settings → Privacy or your browser settings. Do Not Track (DNT) is not standardized; we do not respond to DNT signals.

 

6) How we share data

We share personal data only as needed to operate the Platform, comply with law, or with your consent:

  • Service providers (processors): cloud hosting and storage; content delivery; age/ID verification (Yoti, Ondato); payment processing (Stripe, CCBill); fraud prevention (Sift, Stripe Radar); safety/moderation (AWS Rekognition, text/metadata analysis tools); communications and support tools. Contracts limit their use to our instructions.
     

  • Creators/Consumers (within the Platform): we share what’s necessary to complete your transactions/interactions (e.g., purchased media delivery, message/call metadata) — never your full payment details.
     

  • Authorities & partners: where legally required or appropriate to protect users (e.g., child‑safety reports to NCMEC/IWF or competent authorities), to investigate fraud/abuse, or to enforce legal rights.
     

  • Business transfers: in connection with a merger, acquisition, or asset sale, under continued protections.
     

We do not sell personal information, and we do not share personal information for cross‑context behavioral advertising.

 

7) International data transfers

We operate globally and may transfer data outside your country (e.g., to the UK, US, EEA). When we do, we rely on recognized safeguards such as EU Standard Contractual Clauses (SCCs), the UK Addendum/IDTA, adequacy decisions, and other lawful mechanisms. We perform transfer risk assessments where appropriate.

 

8) Retention

We keep personal data only as long as necessary to provide the Platform and for legitimate business needs, including to comply with legal, tax, chargeback (card‑brand windows), and safety obligations. Typical retention examples:

  • Account & profile: for the life of your account, then for a limited period (e.g., up to 6 years) for legal/audit purposes.
     

  • Verification records: for as long as your creator account is active and thereafter as required by law/partner rules (often 5 years).
     

  • Transactions: as required by tax/accounting and card‑brand rules (typically 6–7 years).
     

  • Safety logs & investigation files: as long as needed for enforcement, appeals, and legal defense.
     

  • Backups: time‑limited per our disaster‑recovery schedules.
     

 

9) Your rights & choices

Depending on your location, you may have rights to:

  • Access your data and receive a copy,
     

  • Correct inaccurate data,
     

  • Delete data,
     

  • Restrict or object to certain processing,
     

  • Data portability,
     

  • Withdraw consent (e.g., for biometrics or marketing), and
     

  • Appeal automated moderation/fraud decisions or request human review where required.
     

How to exercise: Email admin@finsta-app.com (subject: Privacy Request) or use in‑app Help → Privacy. We will verify your identity and respond within 30 days (EU/UK) or 45 days (California/US), extendable where permitted. You may authorize an agent where your law allows.

Complaints: You may complain to your local data‑protection authority (e.g., UK ICO) in addition to contacting us.

 

10) State/Regional notices

EU/UK GDPR. We identify legal bases in Section 4, provide transfer safeguards in Section 7, and honor GDPR rights in Section 9. Special‑category data (e.g., biometrics for verification) is processed with your explicit consent via our providers and retained only as necessary for safety/compliance.

California (CPRA) & similar US laws. We disclose the categories of data collected (Sections 3 & 6), purposes (Section 4), retention (Section 8), and your rights (Section 9). We do not sell or share personal information as defined by CPRA and do not use sensitive personal information (e.g., ID images, biometrics) for purposes other than those permitted (security, authentication, fraud prevention, short‑term transient use, or to provide requested services).

 

11) Security

We use technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, segmented environments, logging and monitoring, and vendor due diligence. No system is 100% secure; you are responsible for keeping your account credentials confidential and updating software on your devices.

 

12) Creator‑specific disclosures

Creators must accept a separate Creator Consent & Media License (presented at signup with its own checkboxes) before uploading content. That consent explains how Finsta uses creator media and likeness in the Platform, blur‑gated previews, optional off‑platform marketing (opt‑in only), and mechanisms for consent withdrawal and periodic reconfirmation.

 

13) Changes to this Policy

We may update this Privacy Policy to reflect changes in laws, our practices, or Platform features. We will post updates here with a new Effective date and, for material changes, provide additional notice in‑app or by email.

 

14) Contact

  • General, Privacy & Safety: admin@finsta-app.com
     

  • Appeals / Support (24/7 WhatsApp): +44 1904 500 751
     

  • Postal:
     

    • Solutionize LTD (UK): 85 Great Portland Street, W1W 7LT, London, UK
       

    • Solutionize LLC (USA): 1111b South Governors Avenue, Dover, DE 19904, USA
       

If this Policy is translated, the English version controls in case of conflict.

Report

bottom of page