Privacy & Data Protection
Your financial data is yours. Fintra collects the minimum needed to run the product, keeps it only as long as it serves you or the law requires, never sells it, and never lets AI model providers train on it. Privacy commitments here are contractual - backed by a DPA - not just marketing.
Data minimization and purpose limitation
We collect what the product needs to function - accounting records, payroll data, user account details, usage telemetry - and use it only for the purposes you signed up for. We do not sell customer data, do not use customer financial data for advertising, and do not permit AI model providers to train on customer data (see AI model governance).
Retention windows and deletion
Data lives on a defined clock, not indefinitely.
- Active account data: retained for the life of the subscription.
- Post-termination: customer data is deleted or returned within 30 days of account closure, with encrypted backups aging out within 90 days.
- Financial records: customers can export their books before closure; where law requires longer retention (e.g., tax records), retention is documented and scoped.
- Deletion requests: verified requests for personal data deletion are honored within 30 days, consistent with GDPR and CCPA timelines.
Your rights and how to exercise them
Customers and their end users can exercise data-subject rights - access, correction, export, deletion, and objection - by emailing security@fintrahub.com or through in-product export tools. We verify identity before acting on requests and respond within statutory windows (30 days under GDPR, extendable only as the law allows). For businesses, a signed DPA with Standard Contractual Clauses governs our role as processor.
Subprocessors and transparency
A small, vetted set of subprocessors supports the platform: cloud hosting, managed Postgres (Supabase), transactional email, and AI model providers. Each is reviewed for security posture before onboarding, bound by data-protection terms at least as strict as ours, and listed in our subprocessor register - available on request, with advance notice of material changes so you can object before your data is affected.
Frequently asked questions
Does Fintra sell my data or use it for advertising?
No. We do not sell customer data, and customer financial data is never used for advertising or shared with data brokers. Our revenue comes from subscriptions, not your data.
Is my data used to train AI models?
No. Our agreements with AI model providers prohibit training on customer data, and prompts containing customer data are processed under zero-retention or short-lived retention terms. Details are on the AI model governance page.
What happens to my data if I cancel?
You can export your complete books before closing the account. After termination, customer data is deleted or returned within 30 days, and encrypted backups age out within 90 days, except where law requires specific records to be retained longer.
How do I request deletion of personal data?
Email security@fintrahub.com from the account email (or have your account admin do so). We verify the request and complete deletion within 30 days, confirming when it’s done.
Questions about privacy?
Our security team answers due-diligence questions directly - documentation, DPAs, and evidence available on request.
Talk to our security team