At Finstory, we respect your privacy and handle your information with care. This Privacy Policy explains what data we collect during onboarding, how we use it, and your rights under applicable data protection laws (GDPR and CCPA).
Contents
1. Data Controller & Contact Information
Finstory, Inc. is the data controller for all information collected during onboarding and prototype testing.
Entity: Finstory, Inc. – 1445 Woodmont Ln NW #1641, Atlanta, GA 30318, USA
Email: info@finstory.ai
If you are located in the European Union or the United Kingdom, Finstory will appoint a local representative and Data Protection Officer (DPO) once personal data from EU or UK individuals is processed.
2. Information We Collect
- Your name, email address, and company details
- Files or data you upload for testing
- Technical information such as browser type, IP address, and timestamps
3. Purpose and Legal Basis for Processing
We process your data only to:
- Provide onboarding and prototype testing access
- Communicate about your onboarding process
- Improve our early-stage product experience
Legal Basis: Processing is based on your explicit consent given when submitting onboarding information or uploading data. We do not process data for marketing without your separate consent.
4. Sub-Processors and Data Transfers
Finstory uses trusted third-party service providers (“sub-processors”) to securely host and process data. Currently, these include:
- Google Cloud Platform (United States) — secure hosting and storage provider
- Other vendors may be added
If data originates from the EU or UK, it may be transferred to the United States under the EU Standard Contractual Clauses (Controller–Processor) as the transfer mechanism.
5. Data Security & Confidentiality
All uploaded information is handled in accordance with our Non-Disclosure Agreement (NDA). We apply encryption in transit and at rest, enforce multi-factor authentication, restrict internal access, and monitor system activity. Your data is never used for demo, marketing, or external purposes.
6. Data Retention
Uploaded data is retained for a maximum of 90 days after the end of the prototype or onboarding project, unless you request earlier deletion. Backup copies containing your data are automatically purged within 60 days.
7. Data Subject Rights (GDPR/CCPA)
You have the right to:
- Access, correct, or delete your data
- Request data portability
- Withdraw consent at any time
- File a complaint with your local supervisory authority if you believe your rights have been violated
Requests can be sent to info@finstory.ai.
8. Breach Notification Procedure
If a data breach occurs that may affect your personal data, Finstory will notify affected users and relevant authorities within 72 hours of becoming aware of the breach, in line with GDPR requirements.
9. Updates
We may update this policy periodically to reflect operational or legal changes.
If you need this policy in another format (PDF) or have questions, contact info@finstory.ai.