Privacy Policy

FEND, Inc. (“FEND,” “we,” “us,” or “our”) operates the FEND financial defense platform at fend.win. We are committed to protecting your privacy. This Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Information you provide directly:

• Account registration data: name, email address, password
• Financial documents you upload (medical bills, credit reports, contracts)
• Bank account data accessed via Plaid (read-only; transaction history only)
• Payment information processed via Stripe (we never store card numbers)
• Communications you send to support@fend.win

Information collected automatically:

• Log data: IP address, browser type, pages visited, timestamps
• Device information: operating system, screen resolution
• Usage analytics: features used, session duration, click patterns
• Cookies and similar tracking technologies (see Section 7)

We use the information we collect to:

• Provide, operate, and improve the Service
• Process AI analysis of your financial documents
• Generate personalized letters, scripts, and recommendations
• Process payments and manage your subscription
• Send transactional emails (receipts, alerts, account notices)
• Respond to your support requests
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Send product updates and offers (you can opt out at any time)

We do not sell your personal data to third parties. We do not use your financial documents for advertising or to build advertising profiles.

We may share your information with:

• Service providers: Supabase (database), Stripe (payments), Plaid (bank data), Anthropic (AI processing), Cloudflare (infrastructure). Each is bound by data processing agreements
• Legal compliance: Where required by law, court order, or governmental authority
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
• Safety: To protect the rights, property, or safety of FEND, our users, or the public

We do not share your personal financial documents or AI-generated outputs with any third party except as described above.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Bank connections via Plaid use read-only access tokens; we never see or store your banking credentials
• Payment data is handled entirely by Stripe; FEND never stores card numbers or CVVs
• Access to production systems is limited to authorized personnel with multi-factor authentication
• Regular security reviews and penetration testing

No system is 100% secure. If you discover a security vulnerability, please contact us at support@fend.win before public disclosure.

We retain your data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods:

• Account data: Retained until account deletion plus 90 days
• Uploaded documents: Retained per your plan (30 days for Starter, 1 year for Guardian, indefinitely for Arsenal). You may delete documents at any time
• Payment records: Retained for 7 years per financial regulations
• Log data: Retained for 90 days

To delete your account and all associated data, go to Account Settings or email support@fend.win. We will process deletion within 30 days.

We use the following types of cookies:

• Essential cookies: Required for authentication and core functionality. Cannot be disabled
• Analytics cookies: Help us understand how users navigate the Service. You can opt out via your browser settings
• Preference cookies: Remember your settings (e.g., annual/monthly pricing toggle)

We do not use third-party advertising cookies or share cookie data with advertisers.

Depending on your location, you may have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data (“right to be forgotten”)
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdrawal of consent: Withdraw consent where processing is based on consent

To exercise any right, email support@fend.win with “Privacy Request” in the subject line. We will respond within 30 days.

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

FEND is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. Where required, we ensure appropriate safeguards are in place for international transfers.

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination. To exercise CCPA rights, contact us at support@fend.win.

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent in-app notice at least 30 days before taking effect. Continued use of the Service after changes take effect constitutes acceptance.

Questions, concerns, or requests related to this Privacy Policy:

FEND, Inc.
Privacy Team
support@fend.win