Privacy Policy

Effective Date: August 15, 2025

Finrite is committed to protecting the privacy and security of your data. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.

This policy applies to all users of the Finrite platform and any associated products or services (collectively, the "Services").

1. Who We Are

Finrite is a financial data management platform that helps businesses track, manage, and analyse their subscriptions, invoices, and financial operations. We act as a data processor on behalf of our business customers (the data controllers) when handling their data.

Company (referred to as "the Company", "We", "Us", or "Our" in this Policy) refers to SaaSery LLC., trading as Finrite (Finrite.co).

For questions about this policy, contact us at: contact@finrite.co

2. What Data We Collect

2.1 Data You Provide

• Account information: name, email address, company name, and role
• API keys and webhook configurations: stored encrypted at rest, never logged in plain text
• Billing and payment information: processed via Stripe; the Company does not store full payment card details

2.2 Financial and Operational Data

To provide our core services, we process financial data you share with our platform, including:

• Subscription and customer data: customer names, customer address, tax IDs, billing amounts, renewal dates, and plan details
• Account identifiers associated with connected third-party services

2.3 Usage and Technical Data

• Device information: operating system and browser version
• Usage patterns: feature interactions and session data used to improve the platform

2.4 Data We Do Not Collect

We follow a data minimisation and least privilege model — we do not collect data beyond what is necessary to deliver our services. We do not collect:

• Personal financial data of individual consumers (we serve businesses, not individuals)
• Sensitive personal data such as health, biometric, or government ID information
• Payment card data is never stored or processed by Finrite — all payment transactions are handled directly by Stripe and subject to their PCI-DSS compliance

3. How We Use Your Data

We use the data we collect to:

• Provide, maintain, and improve the Finrite platform and services
• Authenticate users and manage account access
• Process and display your financial and subscription data as instructed
• Send transactional communications (e.g. onboarding, product updates, security alerts)
• Comply with legal obligations and enforce our terms
• Detect and prevent fraud, abuse, or security incidents

We do not use your data for advertising purposes and do not sell your data to third parties.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data on the following legal bases:

• Contract performance: processing necessary to deliver the services you have contracted with us
• Legitimate interests: for security monitoring, fraud prevention, and platform improvement
• Legal obligation: where required by applicable law or regulation
• Consent: where you have explicitly provided consent, which may be withdrawn at any time

5. How We Share Your Data

5.1 Sub-processors

We engage third-party sub-processors to help deliver our services. All sub-processors are contractually bound to protect your data and are SOC 2 compliant.

We will notify customers of any material changes to our sub-processor list with at least 30 days prior written notice.

5.2 Legal Disclosures

We may disclose your data if required to do so by law, court order, or government authority, or where necessary to protect the rights, property, or safety of the Company, our customers, or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice prior to any such transfer.

5.4 No Sale of Data

We do not sell, rent, or trade your personal data to third parties for marketing or commercial purposes.

6. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• Encryption of all data at rest using AES-256
• Encryption of all data in transit via TLS 1.2 or higher
• Encrypted storage of all API keys, secrets, and webhook credentials — never stored or logged in plain text
• Two-factor authentication (2FA) enforced for all internal access to production systems
• Least privilege access controls limiting data access to authorised personnel only

In the event of a personal data breach, we will notify affected customers within 72 hours of becoming aware, in accordance with applicable law.

7. Data Retention

You may request deletion of your data at any time by contacting contact@finrite.co. We will confirm in writing when deletion is complete.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate or incomplete data
• Erasure: request deletion of your data (subject to legal retention requirements)
• Portability: request your data in a structured, machine-readable format
• Restriction: request that we limit how we process your data
• Objection: object to processing based on legitimate interests
• Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at contact@finrite.co. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

Our services are operated primarily from the United States. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data transfer restrictions, your data may be transferred to and processed in the US.

A Data Processing Agreement (DPA) is available upon request for customers requiring one.

10. Cookies and Tracking

We use essential cookies to operate our platform (e.g. session management and authentication). We do not use third-party advertising or tracking cookies.

You can control cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at contact@finrite.co.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this document and notify customers of material changes via email or in-platform notice.

Your continued use of our services after any changes constitutes your acceptance of the updated policy.