Privacy Policy.

1. Introduction

Fintactic OÜ (registry code: 17272582, A. Lauteri tn 3, 10114 Tallinn, Estonia) ("Fintactic", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our financial analytics platform ("Service") in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Estonian Personal Data Protection Act (Isikuandmete kaitse seadus), and other applicable data protection laws.

By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Fintactic OÜ acts as the data controller for personal data processed through our Service. For questions regarding data protection, contact us at:

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Account Information

• Name and surname
• Email address
• Company name and position
• Phone number (optional)
• Password (encrypted)

3.2 Financial Data

• General ledger entries and chart of accounts
• Financial reports and statements
• Budget and forecast data
• Data imported from connected accounting systems

3.3 Technical Data

• IP address and browser type
• Device information and operating system
• Usage logs and interaction data
• Cookies and similar technologies

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide our Service, manage your account, and deliver financial analytics.
• Legitimate interests (Art. 6(1)(f)): Improving our Service, ensuring security, preventing fraud, and conducting analytics on aggregated data.
• Legal obligation (Art. 6(1)(c)): Compliance with Estonian and EU laws, including accounting and tax obligations.
• Consent (Art. 6(1)(a)): Marketing communications and optional cookies, where you have given explicit consent.

5. Purpose of Processing

We process your personal data for the following purposes:

• Providing and maintaining our financial analytics Service
• Creating and managing your user account
• Processing and analyzing your financial data using AI
• Generating reports, forecasts, and insights
• Communicating with you about your account and Service updates
• Providing customer support
• Ensuring the security and integrity of our Service
• Complying with legal obligations
• Improving and developing our Service

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: Retained while your account is active and for 3 years after deletion
• Financial data: Retained while your account is active; deleted within 30 days of account termination unless legally required
• Technical logs: Retained for up to 12 months
• Legal compliance: Data required by Estonian accounting law (Raamatupidamise seadus) is retained for 7 years

7. Data Sharing and Processors

We do not sell your personal data. We may share your data with the following categories of recipients:

• Cloud infrastructure providers: For hosting and data storage (servers located in the EU)
• AI service providers: For processing financial analytics (data is anonymized where possible)
• Payment processors: For subscription billing and payment handling
• Legal and regulatory authorities: When required by law or legal process

All third-party processors are bound by Data Processing Agreements (DPAs) ensuring GDPR compliance.

8. International Data Transfers

Your data is primarily stored and processed within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place:

• EU-approved Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Binding Corporate Rules where applicable

9. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

• Right of access (Art. 15): Request a copy of your personal data
• Right to rectification (Art. 16): Request correction of inaccurate data
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
• Right to restriction (Art. 18): Request limitation of processing
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent (Art. 7): Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at privacy@fintactic.ai. We will respond within 30 days as required by GDPR.

10. Cookies and Tracking

We use the following types of cookies:

• Essential cookies: Required for Service functionality (no consent required)
• Analytics cookies: Help us understand Service usage (consent required)
• Preference cookies: Remember your settings (consent required)

You can manage cookie preferences through your browser settings or our cookie consent banner.

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption at rest and in transit (TLS 1.3, AES-256)
• Access controls and authentication mechanisms
• Regular security audits and penetration testing
• Employee training on data protection
• Incident response procedures

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours as required by GDPR Article 33. If the breach poses a high risk to you, we will also notify you directly without undue delay (Article 34).

13. Children's Privacy

Our Service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our Service at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

15. Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the supervisory authority:

16. Contact Us

For any questions or concerns regarding this Privacy Policy or our data practices: