Privacy Policy

1. Introduction

Finance IQ ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and share your data when you use our website at tryfinanceiq.com and our AI-powered financial reporting platform (collectively, the "Service").

By using our Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information you provide

• Account registration details (name, email address, company name)
• Billing information (processed securely by Stripe — we do not store card data)
• Communications you send us (support requests, feedback)
• NetSuite OAuth credentials (access tokens used solely to retrieve your financial data)

2.2 Information collected automatically

• Usage data (pages visited, features used, session duration)
• Device and browser information (IP address, browser type, operating system)
• Cookies and similar tracking technologies (see Section 6)
• Log data (server logs, error reports)

2.3 Financial data

When you connect your NetSuite account, we access financial data (reports, dashboards, transactions) solely to provide the Service. We do not sell or share this data with third parties for their own purposes.

3. How We Use Your Information

• To provide, operate, and improve our Service
• To process payments and manage your subscription
• To send transactional communications (receipts, account alerts)
• To send product updates and marketing communications (you can opt out at any time)
• To provide customer support
• To monitor and analyse usage to improve performance and security
• To comply with legal obligations
• To detect and prevent fraud, abuse, or security incidents

4. Third-Party Service Providers

We share your data with trusted third parties only as necessary to provide the Service:

• Supabase — authentication and database hosting (EU and US regions)
• Stripe — payment processing
• Google (GTM / Analytics) — website analytics (only with your cookie consent)
• Anthropic / Google Gemini — AI model providers that process prompts and financial data to generate insights (subject to their data processing agreements)
• Oracle NetSuite — data source accessed via OAuth on your behalf

All providers are contractually bound to process your data only as instructed and in accordance with applicable data protection laws.

5. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Portability — receive your data in a machine-readable format
• Objection / Restriction — object to or restrict certain processing activities
• Withdraw consent — withdraw marketing or cookie consent at any time

To exercise any of these rights, contact us at privacy@tryfinanceiq.com. We will respond within 30 days.

6. Cookies

We use cookies and similar technologies to operate the Service and analyse usage. You can manage your cookie preferences via the consent banner shown on your first visit, or by visiting our Cookie Policy.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. We may also retain data to comply with legal obligations, resolve disputes, and enforce agreements.

Upon account deletion, we will delete or anonymise your personal data within 90 days, except where retention is required by law.

8. International Data Transfers

Our infrastructure is primarily hosted in the United States and European Union. If you are located outside these regions, your data may be transferred to and processed in countries with different data protection laws. We rely on standard contractual clauses and other appropriate safeguards for such transfers.

9. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice in the Service. Continued use after changes take effect constitutes acceptance of the updated policy.