Mr. Fino

RETURNX EDUMODE LLP

Privacy Policy

RETURNX EDUMODE LLP, the maker of Mr. Fino, is committed to keeping your financial data private. This is what we collect, why, and what you control.

Effective April 30, 2026

1. Who we are

Mr. Fino is a financial-education product operated by RETURNX EDUMODE LLP (“we”, “us”, “our”), registered at Chennai, Tamil Nadu, India.

This Privacy Policy explains what data we collect when you use Mr. Fino, why we collect it, how we keep it safe, and what choices you have. By using Mr. Fino, you agree to this policy.

2. Data we collect

We only collect the data needed to give you a useful score:

  • Account data — name, email, password (hashed), phone (if you choose to verify) and email-verification status.
  • Personal details — date of birth, dependants, country, occupation. You enter these once and can edit them anytime.
  • Assessment inputs — your income, expenses, savings, debt, insurance and habit answers. Used only to compute your Mr. Fino score and personalise your report.
  • Usage telemetry — basic device, browser and page-view information so we can debug issues and improve the product.

We do not ask for your bank login, scrape your bank statements, or pull data from any third-party financial provider.

3. How we use your data

Strictly to operate Mr. Fino:

  • Compute your 0–100 Financial Health Score and breakdowns.
  • Generate your personalised report and progress history when you return.
  • Send transactional emails (verification, password reset, score summary) — never marketing without your opt-in.
  • Diagnose bugs and improve the product.

4. What we never do

  • We never sell your data.
  • We never share your data with advertisers.
  • We never recommend financial products for commission.
  • We never read your bank account or credit-card statements.

5. Storage & security

Your account and assessment data is stored on managed MongoDB Atlas infrastructure with encryption at rest. All traffic between your browser and our servers uses HTTPS/TLS. Passwords are hashed with bcrypt (12 rounds) — we cannot read them, even internally.

Sessions use HttpOnly JWT cookies issued via NextAuth, which protects against XSS-based token theft. Every request to our API is validated server-side with strict Zod schemas before it ever touches the database.

6. Third-party processors

We rely on a small number of vendors to run the service. Each is bound by their own contractual privacy terms:

  • MongoDB Atlas — encrypted database hosting.
  • Resend — transactional email delivery (account verification, password reset, score summary).
  • Hosting provider — application hosting and CDN.

We do not run third-party advertising or analytics scripts that identify you personally.

7. Cookies

We use first-party cookies only — strictly for authentication (HttpOnly session cookie) and to remember your last-used theme/view. We do not use third-party tracking cookies.

8. Your rights

You can access, export or delete every piece of personal data we hold from inside your account at /my/settings. You can also email hello@mrfino.com and we'll act on the request within 30 days.

Deleting your account permanently erases your assessments, personal details and account record. Aggregated, fully-anonymised analytics may be retained.

9. Children

Mr. Fino is intended for users 18 or older. We do not knowingly collect data from anyone under 18.

10. Changes to this policy

If we make material changes, we'll update the effective date at the top of this page and notify signed-in users by email when appropriate. Continued use after a change means you accept the updated policy.

11. Contact

Questions about this policy? Email hello@mrfino.com or visit our contact page.

RETURNX EDUMODE LLP · Registered office: Chennai, Tamil Nadu, India · hello@mrfino.com