Legal

Privacy & Data Policy

Last updated: 17 April 2026

1. Who we are

Finsait ("we", "us", "our") is an AI-powered treasury intelligence platform developed and operated by Finsait Ltd. Our registered address and data controller contact is: marcus@finsait.com.

We are committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

2. What data we collect and why

Data Purpose Legal basis
Name, work email, role, company, country (trial form) Follow-up on your trial, send product updates if consented Consent (Art. 6(1)(a) GDPR)
Uploaded CSV file (trial forecast) Run the forecasting model and return results to you Consent (Art. 6(1)(a) GDPR)
Contact form submissions (name, email, message) Respond to your enquiry Legitimate interests (Art. 6(1)(f) GDPR)
IP address (pseudonymised hash) Rate limiting and abuse prevention Legitimate interests (Art. 6(1)(f) GDPR)
Server access logs Security monitoring and diagnostics Legitimate interests (Art. 6(1)(f) GDPR)

3. How we use your uploaded data

When you upload a CSV file to the forecasting trial, the file is transmitted securely to our API, processed in memory to generate your forecast, and the result is returned to your browser. We do not permanently store the contents of your uploaded file unless you have explicitly consented to data sharing for model improvement purposes. If you have not checked the consent box, your file data is discarded immediately after the forecast is computed.

4. Data retention

  • Trial contact details (name, email, company): retained for up to 24 months or until you request deletion.
  • Uploaded file contents (where no consent to retain): deleted immediately after forecast computation.
  • Pseudonymised IP hashes: retained for 90 days for abuse prevention.
  • Server logs: retained for 30 days.

5. Who we share data with

We do not sell your data. We may share it with the following processors under GDPR-compliant agreements:

  • Google Cloud Platform — cloud infrastructure and database hosting (EU region)
  • Formspark (submit-form.com) — contact form delivery
  • Firebase (Google) — website hosting

We will disclose data to law enforcement or regulatory authorities only where required by law.

6. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Data portability — receive your data in a machine-readable format

To exercise any of these rights, email us at privacy@finsait.com. We will respond within 30 days.

You also have the right to lodge a complaint with your national data protection authority. In the EU, find your authority at edpb.europa.eu. In the UK: the ICO.

7. Cookies

This website uses no third-party tracking or advertising cookies. We use a single session-scoped cookie to remember that you have viewed the intro animation on the homepage. No analytics, advertising, or cross-site tracking is performed.

8. Security

All data is transmitted over HTTPS/TLS. Our API enforces file size limits, rate limiting, and input sanitisation. Personal data at rest is stored in encrypted Google Cloud SQL instances located in the EU (europe-west1). Access is restricted to authorised personnel only.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of our services after a change constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, contact our data controller at:
privacy@finsait.com