Privacy Policy

Effective 11 June 2026 · Contact: mujibur.rahman@mr-accountants.com · Privacy Policy · Terms of Service

Who we are

Finninza Analyst ("Finninza", "we") is an AI financial-analysis service: it reads the financial data sources a customer connects, computes analysis in an isolated environment, and produces management reports in which every figure is verified back to its source.

Data we collect

• Account data — your work email address and your role in your organization's workspace, used for sign-in (magic-link) and access control.
• Connected financial data — only what you explicitly connect, and only with read access: accounting reports and transactions from QuickBooks Online (via Intuit's API), files in the specific Google Drive folders you choose, and balance/transaction data from Stripe (via a read-only restricted key you create). We never request write access to your accounting system; the service cannot modify, create, or delete anything in a connected platform.
• Service telemetry — operational events (e.g. a report run started/finished, a connection failed) used to operate and support the service, attributed to your organization.

How we use it

• To produce the analysis and reports you request — that is the only purpose.
• Connected data is processed in a per-job, isolated environment. Reports are grounded: a figure that cannot be re-derived from your source data is withheld, not published.
• We do not sell your data, use it for advertising, or train AI models on it.

Where it lives and how it's protected

• Data is stored on our hosting provider's infrastructure (Fly.io, United States region).
• OAuth tokens and connection credentials are encrypted at rest.
• Every organization's workspace is isolated: users of one organization can never access another organization's projects, files, connections, or reports — enforced centrally on the server.
• Access is gated by magic-link email sign-in; roles (Owner / Admin / Full / Guest) are enforced server-side, and view-only guests cannot run analysis or change data.
• Staff actions and customer-affecting events are recorded in an audit log.

Sharing and subprocessors

We share data only with the service providers required to operate Finninza Analyst:

• Fly.io — application hosting and storage.
• Supabase — sign-in (magic-link email authentication).
• Anthropic — AI model processing. Relevant excerpts of your connected data are sent to the model to perform the analysis you request; Anthropic's API terms do not permit it to train on this data.
• Intuit, Google, Stripe — only as the platforms you connect; data flows from them to us at your instruction, under each platform's own terms.

We disclose data if required by law. We never sell it.

Google API Services — Limited Use disclosure

Finninza Analyst's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google Drive data is accessed read-only, used solely to provide the analysis features you request, and is never used for advertising or transferred except as needed to provide those features.

Retention and deletion

• Disconnect a source (in Settings) and the files it brought into your project are deleted and, where it was the last source of that platform, its access token is revoked with the platform and removed from our systems.
• Saved reports and share links can be revoked by you at any time.
• To delete your organization's workspace and data entirely, contact us at the address above — we action deletion requests within 30 days.

Your rights

Depending on your jurisdiction (including the UK/EU GDPR), you may have rights to access, correct, export, or erase personal data we hold, and to object to or restrict processing. Contact us at the address above to exercise them. If you are in the UK/EU you may also lodge a complaint with your supervisory authority.

Changes

If we make material changes to this policy we will update this page and its effective date, and notify workspace owners by email.