Privacy Policy

Your privacy and data security are fundamental to everything we do. Learn how we protect your information with transparency and care.

Last updated: December 22, 2024

Privacy at a Glance

We never sell your personal data to third parties
Your financial data is encrypted using bank-grade security
You have full control over your data and can delete it anytime
We only collect data necessary to provide our service
We're compliant with GDPR, CCPA, and SOX regulations
Regular third-party security audits ensure your data is safe

Table of Contents

1. Information We Collect

Account Information

When you create an FinApex account, we collect basic information necessary to provide our services:

  • Name and email address
  • Company name and business information
  • Phone number (optional)
  • Billing and payment information
  • Profile picture (optional)

Financial Data

To provide accounting and financial management services, we process:

  • Transaction records and receipts
  • Bank account connections (read-only access through secure third-party providers)
  • Invoice and expense data
  • Tax-related information
  • Financial reports and categorizations

Security Note: All financial data is encrypted using AES-256 encryption and stored in SOC 2 Type II certified data centers.

Usage Information

We collect information about how you interact with our service to improve functionality:

  • Log data (IP address, browser type, pages visited)
  • Device information (operating system, device identifiers)
  • Usage patterns (features used, time spent, click data)
  • Performance data (load times, error reports)

2. How We Use Your Data

Service Provision

  • • Process and categorize financial transactions
  • • Generate reports and analytics
  • • Provide AI-powered insights
  • • Enable data synchronization
  • • Facilitate tax preparation

Product Improvement

  • • Enhance AI categorization accuracy
  • • Develop new features based on usage patterns
  • • Improve system performance and reliability
  • • Conduct security monitoring
  • • Perform quality assurance testing

Communication

  • • Send important account notifications
  • • Provide customer support
  • • Share product updates and tips
  • • Deliver educational content
  • • Process feedback and surveys

Legal Compliance

  • • Meet regulatory requirements
  • • Comply with tax reporting obligations
  • • Respond to legal requests
  • • Prevent fraud and abuse
  • • Maintain audit trails

3. Data Sharing & Disclosure

What We Don't Do

We never sell, rent, or trade your personal data to third parties for marketing purposes. Your financial information is never shared with advertisers or data brokers.

Service Providers

We work with trusted third-party service providers who help us deliver our service:

Cloud Infrastructure

AWS and Google Cloud for secure data storage and processing

Payment Processing

Stripe for secure payment and billing management

Bank Connections

Plaid and Yodlee for secure bank data synchronization

Analytics

Privacy-focused analytics tools for product improvement

All service providers sign strict data processing agreements and are subject to the same privacy and security standards we maintain.

Legal Requirements

We may disclose your information when required by law or to protect our rights:

  • In response to legal process (subpoenas, court orders)
  • To comply with government requests or regulatory requirements
  • To protect against fraud, abuse, or illegal activity
  • To enforce our Terms of Service
  • In connection with a business transfer or acquisition

4. Data Security Measures

Bank-Grade Security

Your data is protected with the same level of security used by major financial institutions, including 256-bit encryption and continuous monitoring.

Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit

Access Controls

Multi-factor authentication and role-based access with principle of least privilege

Infrastructure Security

SOC 2 Type II certified data centers with 24/7 physical and network security

Monitoring

Real-time security monitoring and automated threat detection systems

Incident Response

Dedicated security team with established incident response procedures

Regular Audits

Third-party security audits and penetration testing conducted quarterly

Security Certifications & Compliance

SOC 2
Type II
GDPR
Compliant
CCPA
Compliant
ISO 27001
Certified

5. Your Privacy Rights

You're in Control

Your data belongs to you. We provide comprehensive tools and rights to help you manage your privacy preferences and data usage.

Access & Portability

You can access and download all your data at any time through your account dashboard.

  • • Export all financial data in multiple formats
  • • Download account information and settings
  • • View data processing activity logs

Correction & Updates

Keep your information accurate and up-to-date with our self-service tools.

  • • Edit personal and company information
  • • Correct financial data and categorizations
  • • Update communication preferences

Deletion Rights

Delete your data permanently from our systems when you're ready to leave.

  • • Delete individual transactions or records
  • • Close account with full data deletion
  • • 30-day recovery window before permanent deletion

Communication Control

Manage how and when we communicate with you.

  • • Opt out of marketing communications
  • • Choose notification frequency and types
  • • Set communication channel preferences

Processing Restrictions

Limit how we process your data for specific purposes.

  • • Restrict data processing for marketing
  • • Limit AI model training on your data
  • • Object to automated decision-making

Support & Assistance

Get help with any privacy-related questions or requests.

  • • Contact our privacy team anytime
  • • Request assistance with data exercises
  • • File complaints or concerns
Contact Privacy Team

6. Cookies & Tracking

Our Approach to Cookies

We use cookies and similar technologies to improve your experience and provide essential functionality. We're transparent about what we collect and give you control over optional tracking.

Essential Cookies

Required for login, security, and core functionality

Analytics Cookies

Help us understand usage patterns and improve our service

Preference Cookies

Remember your settings and personalization choices

Cookie Management

You can manage cookie preferences through your browser settings or our cookie preference center. Note that disabling essential cookies may affect core functionality.

Manage Cookie Preferences →

7. International Data Transfers

Global Service, Local Protection

FinApex serves customers worldwide while maintaining the highest standards of data protection regardless of where your data is processed.

Data Residency

  • • Primary data centers in the United States and European Union
  • • Customer data stored in region of account creation
  • • Backup systems maintain regional data residency
  • • No data transfer without adequate protections

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs) for EU data
  • • Adequacy decisions where available
  • • Additional security measures for sensitive data
  • • Regular review of transfer mechanisms

Regional Compliance

We comply with local privacy laws in all regions where we operate

8. Contact Information

Questions About Your Privacy?

Our dedicated privacy team is here to help with any questions, concerns, or requests about your data and privacy rights.

Email Privacy Team Live Chat Support

Mailing Address

FinApex Privacy Team
123 Tech Plaza, Suite 500
San Francisco, CA 94105
United States

Response Time

We respond to privacy inquiries within 48 hours and resolve most requests within 30 days as required by applicable privacy laws.

Data Protection Officer

Our certified Data Protection Officer oversees all privacy matters and can be reached at FinApex.so@gmail.com