Privacy Policy
Last updated: August 2, 2025
1. Introduction
Fintune ("we", "us", "our") is committed to protecting personal data and complying with the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, disclose, and protect personal data in relation to our SaaS application available at https://www.fintune.app/.
2. Data Controller
Fintune is the data controller for personal data collected from users of our application.
3. Personal Data We Collect
- Account registration data (e.g. name, email).
- Usage analytics, performance metrics (if consented).
- Support correspondence.
4. Purpose and Legal Basis
We process personal data to:
- Provide, maintain, and improve the service;
- Respond to user inquiries;
- Collect analytics, only with explicit user consent.
The legal bases include: performance of contract, consent, and legitimate interests (such as service maintenance).
5. Sub‑Processors
We engage the following subprocessors to handle personal data in compliance with GDPR Article 28:
- Cloudflare – provides CDN, security and traffic management. Cloudflare is certified under the EU Cloud Code of Conduct and the EU‑U.S. Data Privacy Framework, and uses EU Standard Contractual Clauses where applicable Cloudflare SCC
- Neon – provides Postgres hosting services, we use their EU hosted instances.
- PostHog – provides product analytics. We only use PostHog Cloud EU (hosted in Frankfurt) or apply anonymization if outside the EU; users must consent before tracking events, and we honour the right to be forgotten, details here.
We have data processing agreements with each subprocessor. They are bound by the same data protection obligations that we uphold.
6. Data Transfers
Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), or frameworks like the EU‑U.S. Data Privacy Framework. Cloudflare is certified under such frameworks.
7. Data Retention
We retain personal data only as long as necessary to fulfill the purposes described, comply with legal obligations, and allow storage deletion by user request.
8. Data Subject Rights
Under the GDPR, you have the right to:
- Access and obtain a copy of your personal data;
- Rectify inaccuracies;
- Erase (right to be forgotten);
- Restrict or object to processing;
- Withdraw consent at any time (where processing is based on consent).
You can exercise these rights by contacting us at the address below.
9. Security Measures
We employ industry‑standard organizational and technical measures to secure personal data, including encrypted transmission (HTTPS), access controls, and regular audits.
10. Cookies & Tracking
Fintune uses cookies to provide essential functionality and improve user experience. The following cookies are set when you use our service:
| Cookie Name | Purpose | Domain | Expires | Type |
|---|---|---|---|---|
| auth_session | Login Session Cookie | fintune.app | 1 year | Essential |
| cookie_consent | Consent Cookie | .fintune.app | 1 year | Essential |
| ft-branch | Selected Branch | fintune.app | 1 month | Functional |
| ft-org | Selected Organisation | fintune.app | 1 month | Functional |
| ph_phc_*_posthog | Product Analytics Cookie | .fintune.app | 1 year | Analytics |
| ph_current_instance | Posthog Configuration Cookie | .posthog.com | 1 year | Analytics |
| ph_current_project_name | Posthog Configuration Cookie | .posthog.com | 1 year | Analytics |
| ph_current_project_token | Posthog Configuration Cookie | .posthog.com | 1 year | Analytics |
Cookie Categories:
- Essential Required for the website to function properly and cannot be disabled.
- Functional Enable enhanced functionality and personalization.
- Analytics Help us understand how visitors interact with our website. Disabled if you decline the cookie consent.
Cloudflare may also set cookies for CDN or bot‑protection purposes, these are necessary to operate the service and so we do not ask for consent.
11. Breach Notification
In case of a personal data breach, we will notify affected individuals and supervisory authorities within 72 hours, unless encryption or other safeguards render the data unintelligible.
12. Contact Information
If you have questions or requests regarding your data or this policy, please contact us at:
Fintune
Email: [email protected]
13. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes and update the "Last updated" date above.