Privacy Policy

1. Scope

This Policy applies to personal information processed by Finbar in connection with the Services, including our website, web application, browser extensions, APIs, SDKs, and integrations.

2. Information we collect

• Account data. Name, email, password hash, company, and role.
• Billing data. Billing address, VAT/GST (processed by our payment provider).
• Usage data. App interactions, API requests (endpoints, headers, time, IP), device/browser info.
• Content you provide. Messages, notes, uploads, and configuration data.
• Support. Helpdesk conversations, bug reports, and related diagnostics.
• Cookies. Session cookies and analytics cookies (see "Cookies & analytics").

3. How we use information

• Provide, operate, and improve the Services.
• Authenticate users and secure the platform.
• Process payments and manage subscriptions.
• Respond to inquiries and provide support.
• Monitor usage, prevent abuse, and enforce policies.
• Send transactional emails; send product updates where permitted.
• Comply with legal obligations.

4. Legal bases (EEA/UK)

• Contract. To provide the Services you request.
• Legitimate interests. To secure and improve the Services, prevent fraud, and understand usage.
• Consent. For optional cookies/marketing where required.
• Legal obligation. For compliance (e.g., tax, accounting, KYC where applicable).

5. Cookies & analytics

We use necessary cookies for core functionality (authentication, preferences) and optional analytics cookies to understand product usage. Where required, we will present a consent banner. You can manage preferences in the cookie settings.

6. Payments

Payments are processed by a PCI-DSS compliant provider (e.g., Stripe). We do not store full card numbers. Your payment data is handled under the provider's privacy policy.

7. Sharing & disclosures

• Vendors. Service providers who process data on our behalf under contract.
• Compliance. To comply with law, protect rights, or respond to lawful requests.
• Business transfers. In connection with a merger, acquisition, or asset sale.
• With your direction. When you connect third‑party integrations.

8. Data retention

We retain personal information for as long as necessary to provide the Services and for legitimate business or legal purposes. Retention periods vary by data type and obligations.

9. Security

We implement administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit, access controls, and monitoring. No method of transmission or storage is 100% secure.

10. International transfers

Where personal data is transferred internationally, we use appropriate safeguards such as Standard Contractual Clauses or other transfer mechanisms as required by law.

11. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal information, and to object to certain processing. You may also withdraw consent where processing is based on consent.

To exercise rights, contact us at privacy@finbar.pro. We may verify your identity before responding.

12. CCPA/CPRA (California)

California residents have the right to know, delete, correct, and opt‑out of certain sharing. We do not "sell" personal information as defined by the CCPA. To submit a request, email privacy@finbar.pro.

13. Children

The Services are not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children.

14. Changes

We may update this Policy from time to time. Material changes will be notified via email or in‑app notice. The "Effective date" above reflects the latest version.

15. Contact

Appendix: Sub‑processors

We use trusted vendors to provide infrastructure, analytics, and communications. An illustrative list:

• Cloud hosting & database (e.g., AWS, GCP, or Azure)
• Payments (Stripe)
• Crash reporting & analytics
• Email delivery & customer support tools

We will update this list as vendors change.