Home How It Works Live Demo Pricing About Contact Login Get Started →

Legal

GDPR Compliance

Last updated: June 2026

Our commitment to protecting your rights under the General Data Protection Regulation

Contents
  1. 1. Our Commitment
  2. 2. Who We Are
  3. 3. Legal Basis for Processing
  4. 4. Your Rights Under GDPR
  5. 5. How to Exercise Your Rights
  6. 6. Data Transfers
  7. 7. Data Retention
  8. 8. Complaints
  9. 9. Data Protection Contact

1. Our Commitment

FinSight is committed to full compliance with the General Data Protection Regulation (GDPR) for all EU and UK users. We believe privacy is a fundamental right and design our systems accordingly.

This page explains our GDPR obligations, your rights, and how we fulfil them. For a full overview of how we handle your data, see our Privacy Policy.

2. Who We Are

FinSight operates as a data controller under the GDPR. We determine the purposes and means of processing your personal data.

3. Legal Basis for Processing

We only process your personal data when we have a lawful basis to do so. The bases we rely on are:

  • Contract performance — processing your data is necessary to provide the FinSight service you subscribed to (Article 6(1)(b)).
  • Legitimate interests — we process usage data to improve the product and protect against fraud (Article 6(1)(f)).
  • Legal obligation — retaining billing records for 7 years as required by financial regulations (Article 6(1)(c)).
  • Consent — where we send optional marketing communications, you can withdraw consent at any time (Article 6(1)(a)).

4. Your Rights Under GDPR

As an EU or UK data subject, you have the following rights:

  • Right of access — you can request a copy of all personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure (right to be forgotten) — you can request deletion of your personal data where we no longer have a lawful basis to hold it.
  • Right to restriction — you can ask us to restrict processing of your data in certain circumstances.
  • Right to portability — you can receive your personal data in a machine-readable format and transfer it to another service.
  • Right to object — you can object to processing based on legitimate interests or direct marketing.
  • Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you. Our AI analysis is always reviewed by you and does not constitute automated decision-making under Article 22.

5. How to Exercise Your Rights

To exercise any of your rights under GDPR:

  • Email us at [email protected] with the subject line "GDPR Request".
  • Clearly describe the right you wish to exercise and the data it relates to.
  • We will respond within 30 days of receiving your request.
  • We may ask you to verify your identity before processing your request to protect your privacy.
  • This service is free of charge for one request per 12-month period.

6. Data Transfers

FinSight uses third-party services to deliver its platform. Your data may be processed outside the EU/EEA by the following providers:

  • Anthropic (USA) — AI analysis engine
  • Supabase (USA) — database hosting
  • Resend (USA) — transactional email delivery
  • Stripe (USA) — payment processing
  • Railway (USA) — application hosting

All transfers to these providers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives equivalent protection regardless of where it is processed.

7. Data Retention

We only retain personal data for as long as necessary:

  • Active accounts — retained while your account is active and the service is in use.
  • Cancelled accounts — personal data deleted within 30 days of cancellation.
  • Financial documents — deleted immediately after analysis is complete. We do not store your uploaded files.
  • Analysis reports — retained for 12 months then permanently deleted.
  • Billing records — retained for 7 years as required by financial regulations.

8. Complaints

You have the right to lodge a complaint with your national Data Protection Authority (DPA) if you believe we have processed your data unlawfully.

  • UK users: Contact the Information Commissioner's Office (ICO) at ico.org.uk.
  • EU users: Contact the DPA in your country of residence.

We would appreciate the opportunity to address your concerns before you contact the DPA — please reach out to us first at [email protected].

9. Data Protection Contact

FinSight is not required to appoint a Data Protection Officer (DPO) under the GDPR given the nature and scale of our processing activities. However, all data protection enquiries are handled with the same rigour.

For any GDPR-related questions, contact us at [email protected].

← Back to Home View Privacy Policy →