Privacy Policy
At MentiqBrain, we handle financial data every day. That means we take privacy seriously—not just because regulations require it, but because your trust matters to us.
This policy explains how we collect, use, and protect your information when you use our financial data integration and synchronization services. We've written this in plain language because legal jargon helps no one.
Information We Collect
When you work with MentiqBrain, we collect different types of information depending on how you use our services. Here's what we gather and why:
Account Information
When you create an account, we need your business email, company name, and contact details. We also collect your password (which we encrypt immediately) and any profile information you choose to share.
Financial Data Access
Our platform synchronizes financial data from your connected sources. This might include transaction records, account balances, payment information, and financial statements. We only access what you explicitly authorize through our secure connection protocols.
Usage Information
We track how you interact with our platform—which features you use, when you log in, what integrations you activate. This helps us improve the service and spot any unusual activity that might indicate a security issue.
Important: We never sell your financial data to third parties. Never. Your information powers your business operations through our platform, and that's where it stays.
How We Use Your Information
Everything we collect serves a specific purpose. Here's how we use your data:
- Providing our core financial data integration and synchronization services
- Maintaining security and preventing unauthorized access to your accounts
- Improving our platform based on how people actually use it
- Communicating with you about service updates, security alerts, and technical issues
- Complying with South Korean financial regulations and legal requirements
- Processing transactions and maintaining accurate financial records
- Troubleshooting technical problems and providing customer support
We don't use your financial data for marketing purposes. If we send you information about new features, you can opt out anytime.
Legal Basis for Processing (South Korea)
Under South Korean privacy laws, including the Personal Information Protection Act (PIPA), we process your data based on:
| Processing Type | Legal Basis | Purpose |
|---|---|---|
| Account Management | Contractual Necessity | Required to provide our services to you |
| Financial Data Sync | Explicit Consent | You authorize specific data connections |
| Security Monitoring | Legitimate Interest | Protecting your account and our platform |
| Regulatory Compliance | Legal Obligation | Meeting financial service requirements |
| Service Improvement | Legitimate Interest | Enhancing platform functionality |
Data Storage and Security
Financial data requires serious protection. We store your information on secure servers located in South Korea, with encrypted backups in geographically separate locations.
Security Measures
Our security approach includes multiple layers:
- 256-bit encryption for data transmission and storage
- Multi-factor authentication for all account access
- Regular security audits by independent third parties
- Restricted access controls—only authorized personnel can access systems
- Real-time monitoring for suspicious activity
- Automated backup systems with 30-day retention
- Secure API connections using industry-standard protocols
Despite these precautions, no system is completely invulnerable. We continuously update our security practices to address emerging threats.
Data Sharing and Third Parties
We share your information only when necessary for service delivery or legal compliance. Here's who might receive your data:
Service Partners
Cloud infrastructure providers host our platform. Payment processors handle billing. These partners access only the data they need to perform their specific functions, and we require them to maintain strict confidentiality.
Financial Institutions
When you connect external accounts, we establish secure data links with those institutions. They share information you've authorized, following their own privacy policies in addition to ours.
Legal Requirements
We may disclose information if required by South Korean law, court orders, or government requests. If legally permitted, we'll notify you before such disclosure.
Third-Party Access: We never give third parties blanket access to your data. Each integration requires your explicit approval, and you can revoke access anytime through your account settings.
Your Privacy Rights
South Korean privacy law gives you substantial control over your personal information. Here's what you can do:
Access Your Data
Request a complete copy of all personal and financial data we hold about you. We'll provide this in a readable format within 10 business days.
Correct Inaccuracies
Update or correct any incorrect information in your account. Some data synced from external sources may need to be corrected at the source.
Delete Your Data
Request deletion of your account and associated data. We'll remove everything except what we're legally required to retain for regulatory purposes.
Withdraw Consent
Remove authorization for specific data connections or integrations anytime. This stops new data collection but doesn't automatically delete historical data.
Data Portability
Export your financial data in commonly used formats. You can transfer this information to other service providers if you choose.
Restrict Processing
Limit how we use your data while maintaining your account. This might affect some service features but preserves your access.
To exercise these rights, contact our privacy team at help@mentiqbrain.com. We'll verify your identity and respond within the timeframes required by South Korean law.
Data Retention
We keep your information only as long as necessary for legitimate business purposes or legal requirements.
Active Accounts
While your account remains active, we retain all associated data to provide continuous service. Transaction records stay accessible for your business reporting needs.
Closed Accounts
After account closure, we delete most personal information within 90 days. However, South Korean financial regulations require us to retain certain records for up to seven years. This includes transaction logs and compliance documentation.
Backup Systems
Deleted data persists in backup systems for up to 30 days before permanent removal. During this period, we can't selectively remove individual records from backups, but they're not accessible for normal operations.
International Data Transfers
We primarily store and process data within South Korea. In some cases, our service partners operate infrastructure in other countries.
When data leaves South Korea, we ensure adequate protection through:
- Contracts requiring equivalent privacy protections
- Encryption during transit and storage
- Regular compliance assessments of international partners
- Adherence to cross-border data transfer regulations
You can request specific information about where your data is stored by contacting our privacy team.
Cookies and Tracking
Our platform uses cookies and similar technologies to maintain your session and remember your preferences. These fall into a few categories:
Essential Cookies
Required for basic platform functionality. These keep you logged in and maintain security settings. You can't opt out of essential cookies while using our service.
Functional Cookies
Remember your preferences like language settings and dashboard configurations. These improve your experience but aren't strictly necessary.
Analytics
We use analytics tools to understand how people use our platform. This helps us identify confusing features and prioritize improvements. These cookies don't identify you personally but track general usage patterns.
You can manage cookie preferences through your browser settings or our platform's privacy controls.
Children's Privacy
MentiqBrain provides financial services for businesses. We don't knowingly collect information from anyone under 18 years old. If you're a parent or guardian who discovers your child has provided us with personal information, please contact us immediately so we can delete it.
Changes to This Policy
We update this privacy policy occasionally to reflect new practices or legal requirements. When we make significant changes, we'll notify you by email and through an in-platform alert.
The "Last Updated" date at the top shows when we last revised this document. Continued use of our services after changes take effect means you accept the updated policy.
We maintain an archive of previous policy versions. If you want to see what changed, contact our privacy team.
Data Breach Notification
If a security incident affects your personal or financial data, we'll notify you within 24 hours of discovering the breach. This notification will explain what happened, what data was involved, and what steps we're taking.
We also report breaches to South Korean regulatory authorities as required by law. Transparency during security incidents is non-negotiable for us.
Questions About Privacy?
We're here to help. If something in this policy isn't clear, or if you want to exercise your privacy rights, reach out to our team.
We respond to privacy inquiries within three business days. For urgent security concerns, call us directly during business hours (Monday-Friday, 9:00-18:00 KST).