Skip to main content

Privacy Policy

How we collect, use, and protect your information.

Last updated: March 23, 2026

Fiinsyt ("we," "us," or "our") operates the fiinsyt.com website and the Fiinsyt platform (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

This policy applies to all visitors of fiinsyt.com and users of the Fiinsyt platform, regardless of location. If you are a resident of Texas, California, or another state with specific privacy rights, please see Section 11: State-Specific Privacy Rights for additional information about your rights.

1. Information We Collect

Information You Provide

  • Account information: Name, email address, organization name, role, and contact details when you create an account or request a demo.
  • Financial information: Business financial data, tax returns, bank statements, and other documents you upload to the platform for loan readiness assessment and packaging.
  • Communication data: Messages, form submissions, and correspondence you send to us.
  • Profile data: Professional qualifications, business details, and other information you provide to complete your platform profile.

Information Collected Automatically

  • Usage data: Pages visited, features used, session duration, and interaction patterns within the platform.
  • Device information: Browser type, operating system, device type, and screen resolution.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Cookies and similar technologies: See Section 6: Cookies and Tracking Technologies for details.

Information from Third Parties

  • Financial data integrations: With your authorization, we connect to third-party services (such as Plaid, Codat, and iSoftpull) to verify financial information and generate your Fiinsyt Score.
  • Referral information: If you are referred to the platform by a counselor or organization, we may receive your name and contact information from the referring party.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide, maintain, and improve the Fiinsyt platform and its features
  • Generate and maintain your Fiinsyt Score based on the 5 C's of Credit
  • Facilitate loan packaging, matching, and lending processes
  • Enable counselor-borrower workflows and SMART goal tracking
  • Generate compliance reports (TABLE 5, IDIS, AMIS, CRA) for operators and funders
  • Communicate with you about your account, updates, and support requests
  • Generate anonymized benchmarks and aggregate analytics
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and regulatory requirements

3. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We share information only in the following circumstances:

  • Within the platform ecosystem: When you use Deal Flow, your loan package information is shared with lending partners according to the blind/reveal matching process you consent to.
  • With your organization: If you are a borrower working with a TA provider or counselor, your readiness data is shared with your assigned counselor and their organization.
  • Service providers: We use third-party service providers to operate the Service. These providers process your data on our behalf and are contractually bound to protect it. See Section 4: Third-Party Service Providers for a list of categories.
  • Compliance and legal: We may disclose information when required by law, regulation, legal process, or governmental request.
  • Aggregated data: We may share anonymized, aggregated data for industry benchmarking and research purposes. This data cannot identify individual users or organizations.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Third-Party Service Providers

We share information with the following categories of third-party service providers:

  • Hosting and infrastructure: Cloudflare (CDN, security, bot protection), Vercel (frontend hosting), Supabase (database and authentication)
  • Analytics: Cloudflare Web Analytics (cookieless, privacy-focused website analytics)
  • Translation: Google Translate (client-side translation widget). When you use the translation feature, Google may collect browsing data including pages visited and language preferences. Google's use of this data is governed by Google's Privacy Policy.
  • Form processing: Formspree (processes contact form submissions on our behalf)
  • Bot protection: Cloudflare Turnstile (verifies human visitors without invasive tracking)
  • Payment processing: Stripe (subscription billing and payment processing)
  • Email delivery: SendGrid (transactional and operational email)
  • Financial data integrations: Plaid (bank verification), Codat (accounting sync), iSoftpull (credit data), Didit (KYC identity verification)
  • Error monitoring: Sentry (application error tracking)

Each provider processes data only as necessary to perform their specific function and is bound by contractual data protection obligations.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication
  • Row-Level Security (RLS) for multi-tenant data isolation
  • Regular security audits and penetration testing
  • SOC 2 Type II compliance (in progress)
  • Automated monitoring and anomaly detection

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Cookies and Tracking Technologies

We use the following cookies and similar technologies:

Strictly Necessary

These cannot be disabled as they are required for the Service to function.

  • Session cookies: Authentication and session management
  • Cloudflare security cookies (__cf_bm, __cflb): Bot detection, load balancing, and DDoS protection
  • Cloudflare Turnstile: Human verification on forms

Analytics

  • Cloudflare Web Analytics: Cookieless, privacy-focused analytics. Does not use cookies or track individual visitors. Collects aggregate page view and performance data only.

Third-Party Scripts

  • Google Translate: Loaded when you use the language translation feature. Google may set cookies and collect usage data. See Google's Privacy Policy for details.

You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent you from using certain platform features.

7. Do Not Track and Global Privacy Control

Do Not Track (DNT): Some browsers send a "Do Not Track" signal to websites. There is no industry standard for how websites should respond to DNT signals. We do not currently alter our data collection practices in response to DNT signals.

Global Privacy Control (GPC): We honor Global Privacy Control signals. When your browser sends a GPC signal, we treat it as a valid opt-out request for the sale or sharing of your personal information, as required by the Texas Data Privacy and Security Act and the California Consumer Privacy Act.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specific retention periods include:

  • Account data: Retained for the duration of your account plus 90 days after deletion request, to allow for account recovery
  • Financial and lending data: Retained for 7 years after the last transaction, in accordance with lending regulations and grant compliance requirements
  • Communication data: Retained for 3 years after last contact
  • Server logs: Retained for 90 days
  • Aggregated analytics: Retained indefinitely (no personal information)

After the applicable retention period, data is securely deleted or anonymized.

9. Do Not Sell or Share My Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising or targeted advertising purposes.

If you believe your information has been shared in a way you did not authorize, or if you wish to submit an opt-out request, contact us at privacy@fiinsyt.com.

10. Your Rights

Regardless of your location, you may exercise the following rights by contacting us at privacy@fiinsyt.com:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Data portability: Export your data in a machine-readable format
  • Opt-out of marketing: Opt out of non-essential communications at any time via the unsubscribe link in any email or by contacting us

We will respond to your request within 45 days. If we need additional time, we will notify you of the extension (up to an additional 45 days) and the reason.

Right to appeal: If we deny your request, you may appeal by responding to our denial email or contacting us at privacy@fiinsyt.com with the subject line "Privacy Request Appeal." We will respond to your appeal within 60 days. If your appeal is denied, you may contact your state's attorney general to file a complaint.

11. State-Specific Privacy Rights

Texas Residents (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act provides you with the following rights:

  • Right to confirm whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to delete your personal data
  • Right to obtain a portable copy of your personal data
  • Right to opt out of the processing of your personal data for targeted advertising, the sale of your personal data, or profiling that produces legal or similarly significant effects

We honor Global Privacy Control (GPC) signals as a valid opt-out of sale and targeted advertising under the TDPSA. We do not sell your personal data or use it for targeted advertising.

To exercise your rights, contact privacy@fiinsyt.com. We will not discriminate against you for exercising your privacy rights.

California Residents (CCPA/CPRA and CalOPPA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) and the California Online Privacy Protection Act provide you with the following rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information held by us and by extension our service providers
  • Right to opt out of the sale or sharing of personal information
  • Right to correct inaccurate personal information
  • Right to limit use and disclosure of sensitive personal information
  • Right to non-discrimination for exercising your rights

Categories of personal information collected in the preceding 12 months: Identifiers (name, email, IP address), professional/employment information (organization, role), internet activity (pages visited, features used), and financial information (if provided through the platform).

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

To exercise your rights, contact privacy@fiinsyt.com. You may also designate an authorized agent to make a request on your behalf.

Residents of Other States with Privacy Laws

If you reside in Virginia, Colorado, Connecticut, Utah, Iowa, Delaware, Oregon, Montana, Maryland, Minnesota, Indiana, Kentucky, Rhode Island, or another state with a comprehensive privacy law, you may have similar rights to access, correct, delete, and port your data, as well as to opt out of targeted advertising and profiling. To exercise any of these rights, contact privacy@fiinsyt.com.

12. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on your consent (where applicable) or our legitimate interest in operating the Service as the legal basis for processing your data. You have the right to withdraw consent at any time, access your data, request correction or deletion, restrict processing, object to processing, and lodge a complaint with your local supervisory authority. Contact privacy@fiinsyt.com to exercise these rights.

13. Children's Privacy

The Fiinsyt platform is designed for business professionals and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, please contact us at privacy@fiinsyt.com and we will promptly delete the information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For platform subscribers, we will also notify you via email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any of your privacy rights, contact us at:

Fiinsyt
Privacy Inquiries
Email: privacy@fiinsyt.com
Houston, TX 77002