Privacy Policy

Finovi (“we”, “us”, “our”) operates the AI portfolio analytics service available at finovi-ai.com. This policy explains what personal data we collect, how we use it, who we share it with, and what rights you have.

For privacy questions or to exercise the rights described below, contact: privacy@finovi-ai.com.

We collect only what we need to operate the service:

• Account data: email address, password (stored hashed), display name, locale preference, subscription tier, account creation timestamp.
• Portfolio data: tickers, share quantities, cost basis, purchase dates, currency, manual notes, and watchlist entries — exactly what you import or enter.
• Usage data: AI request counts (briefings, chat messages, comparisons) for tier-limit enforcement, anonymized page-view telemetry, and feature-flag state.
• Billing data: if you subscribe to a paid tier, billing is processed by Lemon Squeezy. We receive subscription status and the last four digits of your card; we do NOT receive or store full payment instruments.
• Operational logs: error traces and request logs retained for up to 30 days for debugging.

We do not collect biometric data, government identifiers, health data, or precise location.

We use your data to:

• Provide the analytics, briefings, and chat features you signed up for.
• Send you transactional emails (account verification, password resets, billing receipts, briefing notifications you opted into).
• Enforce subscription tier limits and prevent abuse.
• Investigate and fix bugs, performance issues, and security incidents.
• Comply with legal obligations (tax, anti-fraud, court orders).

We do not sell your data, share your portfolio holdings with advertisers, or use your portfolio data to train machine-learning models.

To deliver the service we share specific data with a limited set of processors. Each operates under a contractual obligation to handle your data only as instructed and to apply appropriate security measures.

AI processing — Anthropic (Claude API). Portfolio summaries (holdings, weights, P&L, sectors) and your chat questions are sent to Anthropic's Claude API to generate briefings and answers. Anthropic operates under a zero-data-retention agreement: prompts and responses are not retained beyond the request, and your data is not used to train any model. See Anthropic's privacy policy for details. Anthropic is the only processor that receives the substantive content of your portfolio or chat questions.

Subscription billing — Lemon Squeezy. Lemon Squeezy is our merchant of record for paid subscriptions. They handle payment processing, billing, tax compliance, and refunds, and receive your email and billing address. Card details are entered directly into Lemon Squeezy and are never stored on our systems.

Service infrastructure (categories of processors). We use established sub-processors for the following supporting functions, each under a data processing agreement:

• Cloud hosting and database — to operate the application and store account, portfolio, and briefing data with row-level access controls and encryption at rest.
• Transactional email delivery — to send account verifications, password resets, billing receipts, and briefings you have opted into.
• Market data providers — consulted for live prices, fundamentals, dividends, and news. We send only the ticker symbol you query — never your portfolio composition, account identifier, or personal information.
• Analytics and error monitoring — aggregated, anonymized telemetry for performance, debugging, and feature-usage measurement; no portfolio content is transmitted.

We will provide the specific identity of any sub-processor on request to privacy@finovi-ai.com, and we will notify users of material changes to our sub-processor list before they take effect.

Account and portfolio data are stored on managed cloud infrastructure in the United Kingdom (London region). All data is encrypted in transit (TLS 1.2+) and at rest, with backups encrypted at rest.

A limited set of supporting processors operate from the United States, including AI processing (Anthropic), subscription billing (Lemon Squeezy), error monitoring, and hosting platform telemetry. Where these services receive personal data, transfers from the EEA, UK, or Israel to the United States are covered by Standard Contractual Clauses, the EU-US Data Privacy Framework, or equivalent safeguards as required by applicable law.

We retain account and portfolio data for as long as your account is active. After you delete your account, we erase personal and portfolio data within 30 days, except where we are legally required to retain transaction records (typically up to 7 years for tax purposes).

Operational logs are retained for up to 30 days. Anonymized and aggregated usage statistics may be retained indefinitely.

Under the EU General Data Protection Regulation (GDPR), the UK GDPR, the Israeli Protection of Privacy Law (5741-1981), and similar regimes, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (“right to be forgotten”).
• Export your portfolio data in a portable format (CSV).
• Withdraw consent for non-essential processing.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@finovi-ai.com. We respond within 30 days. We may verify your identity before fulfilling a request.

We use a small number of cookies, all strictly necessary:

• Authentication cookies: keep you signed in between sessions.
• Preference cookies: remember your locale, theme, and active portfolio.

We do not use advertising or cross-site tracking cookies. Performance and analytics tools collect aggregated, anonymized telemetry without setting persistent identifiers.

We protect your data with industry-standard measures: TLS 1.2+ for all traffic, encrypted database storage, row-level security on every user-owned table, and least-privilege access for our team. No system is perfectly secure — if you believe an account has been compromised, contact us immediately.

Finovi is not directed at children under 18. We do not knowingly collect data from minors. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy as the service evolves. Material changes will be communicated by email and surfaced in-app before they take effect. The “Last updated” date at the top indicates the most recent revision.

Privacy questions, data subject requests, and complaints:

privacy@finovi-ai.com

For terms of service, see the Terms of Service.