Privacy Policy

1. Personal Data Collection

We collect only the personal data you voluntarily provide: your first name, last name, email address, and phone number. This data is used solely to communicate with you and deliver the services you request. Processing is carried out in compliance with the General Data Protection Regulation (GDPR) and applicable privacy laws in the United States and other jurisdictions.

2. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

• Consent - When you voluntarily submit your information.
• Contractual necessity - To provide the services you've requested.
• Legitimate interest - For analytical and security purposes that do not override your rights.

You may withdraw consent at any time.

3. Analytics and Advertising

We use third-party services to improve user experience, analyze traffic patterns, and measure the performance of our marketing campaigns. These services may include:

• Google Analytics - for behavior insights and audience analysis.
• Meta Pixel (Facebook) - to measure conversions and optimize ad delivery.
• LinkedIn Insight Tag - for retargeting and campaign reporting.
• X Ads (Twitter Pixel) - to monitor engagement and track conversions.
• Clarity (Microsoft) - to analyze user interactions such as clicks, scrolls, and navigation patterns, helping us improve usability and design.

Clarity may record anonymized session data, including mouse movements, page views, and engagement metrics. It does not collect personally identifiable information (PII), and all data is processed in accordance with applicable privacy laws.

These tools may collect anonymized or pseudonymized data such as browser type, referral sources, session duration, and interactions with ads or site elements. We do not share personal data with unauthorized third parties, nor do we allow usage beyond the intended purposes defined by each platform's policies.

You can manage your tracking preferences using our Cookie Settings and may opt out of targeted advertising through mechanisms provided by each platform or via browser-based tools.

When you use our analysis tools with Analytics cookies enabled, we may collect usage metrics (such as file metadata and processing results) linked to your account to improve service quality. This is referred to as "personal analytics" and requires your consent via cookie preferences.

In addition, we collect anonymous technical analytics data to understand how users interact with our analysis tools and improve their usability. This data includes: device category (desktop, tablet, or mobile), a random session identifier stored in your browser's session storage (automatically cleared when you close the tab), interaction events (such as page views, button clicks, scrolls, and input focus), and associated non-identifying metadata (e.g., which button was clicked or which section was scrolled). This data does not contain personally identifiable information and cannot be used to identify you. It is collected under our legitimate interest in improving service quality (GDPR Article 6(1)(f)) and does not require cookie consent, as it does not use cookies or persistent storage.

4. Marketing Communications

We may occasionally send you promotional emails or SMS messages about new features, updates, or services you might find valuable. These communications are delivered only:

• With your prior consent
• In compliance with the CAN-SPAM Act (for email) and TCPA (for SMS), where applicable
• With clear opt-out options in every message

Each marketing email contains an unsubscribe link, and SMS messages include instructions to opt out (e.g., reply "STOP"). You may also manage your communication preferences at any time through our website or by contacting us.

Transactional Communications: We may send service-related messages such as order confirmations, account updates, or critical notifications. These communications are not promotional in nature and do not require prior consent.

5. Cookies

Our website uses cookies in four main categories:

• Strictly Necessary Cookies

  These cookies are essential for the website to function and cannot be disabled in our systems. They are required for secure login, session management, and to protect against unauthorized actions.

  • We use a device identifier cookie to manage active sessions, enabling users to log out from specific devices and enhancing session control across multiple devices.
  • We implement CSRF protection using secure cookies to prevent unauthorized cross-site request submissions. These cookies do not store personal information and are used solely to validate request integrity.
• Analytics Cookies

  Help us understand how visitors interact with the site so we can improve functionality.

• Advertising Cookies

  Allow us to show you relevant ads and evaluate the success of marketing efforts.

• Personalization Cookies

  Store your preferences to provide a customized user experience on future visits.

Please note that our anonymous technical analytics (described in Section 3) uses your browser's session storage rather than cookies. Session storage data is isolated to a single browser tab and is automatically cleared when the tab is closed. It is not sent to the server with each request and is not subject to cookie consent requirements.

Manage Cookie Preferences:

• We use cookies to enhance your experience and analyze site usage. Your preferences are saved only after confirmation.
• You can manage your cookie preferences at any time via our cookie settings tool and must confirm consent upon your first visit, in compliance with the GDPR and ePrivacy Directive.

6. Authentication Tokens

To ensure secure login and user sessions, we use JWT (JSON Web Tokens) and refresh tokens.

• The JWT token verifies your identity during active sessions.
• The refresh token allows you to maintain access without re-entering login credentials, ensuring secure and seamless experience.

7. Your GDPR Rights

Under the GDPR, you have the right to:

• Access - Request a copy of the personal data we hold about you.
• Rectification - Request corrections to any inaccurate or incomplete data.
• Erasure - Request deletion of your personal data ("right to be forgotten").
• Restriction of Processing - Request that we limit the processing of your personal data under certain circumstances.
• Data Portability - Receive your personal data in a structured, commonly used, machine-readable format, and transmit it to another controller.
• Object - Object to processing of your personal data, particularly for direct marketing purposes.
• Withdraw Consent - Revoke your consent for data processing at any time.
• Lodge a Complaint - File a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us via the details provided on our website. We respond to all valid requests free of charge and in accordance with GDPR timelines.

8. U.S. Privacy Compliance

In addition to our compliance with the General Data Protection Regulation (GDPR), we also comply with applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA).

California (CCPA/CPRA)

If you are a California resident, you have the following specific rights:

• Right to Know what personal information we collect, use, disclose, or sell.
• Right to Access your personal data in a portable format.
• Right to Delete your personal data (with certain exceptions).
• Right to Correct inaccurate personal data.
• Right to Opt-Out of:
  • The sale or sharing of your personal information.
  • The use of your personal data for cross-context behavioral advertising.
• Right to Limit Use and Disclosure of Sensitive Personal Information, such as precise geolocation, financial account numbers, etc.
• Right to Non-Discrimination for exercising any of your CCPA/CPRA rights.

We do not sell or share your personal information. We also do not use sensitive personal information for purposes other than those permitted by law.

Virginia (VCDPA)

If you are a Virginia resident, you have the following rights under the VCDPA:

• Right to access and confirm whether we are processing your personal data.
• Right to correct inaccuracies in your personal data.
• Right to delete personal data provided by or obtained about you.
• Right to data portability.
• Right to opt out of:
  • Targeted advertising.
  • The sale of personal data.
  • Profiling in furtherance of decisions that produce legal or similarly significant effects.

You may appeal any denial of your rights request by contacting us. We are required to respond within 45 days.

Colorado (CPA)

If you are a Colorado resident, you have similar rights to those in Virginia, with these specific guarantees:

• Right to access, correct, delete, and obtain a copy of your personal data.
• Right to opt out of:
  • Targeted advertising.
  • The sale of personal data.
  • Profiling in automated decision-making processes.

We provide a universal opt-out mechanism, in accordance with CPA requirements. You may also manage your preferences directly on our site.

Children's Data (COPPA)

We fully comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect or store personal information from children under the age of 13. If we become aware of such data being collected without verified parental consent, we will delete it immediately.

"Shine the Light" Law (California Civil Code §1798.83)

We do not share your personal information with third parties for their direct marketing purposes. As required by California law, residents may request a report on such sharing—but we confirm no such sharing takes place.

Legal Basis Clarification

U.S. privacy laws do not require a legal basis for data processing (such as "consent" or "legitimate interest"), as required by GDPR. Nonetheless, we operate transparently and with your privacy in mind.

9. International Compliance

We also aim to comply with international laws such as:

• LGPD (Brazil)
• PIPEDA (Canada)
• Other evolving global regulations

We monitor legal updates to maintain privacy alignment across jurisdictions.

10. Data Security

We implement industry-standard security measures to safeguard your data from unauthorized access, disclosure, or misuse.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws.

• Account Data - Your personal information (name, email, phone number) is retained while your account is active. Upon account deletion, this data is permanently removed within 90 days.
• Third-Party Analytics - Anonymized data collected through services like Google Analytics, Meta, and Microsoft Clarity is retained according to each provider's policies.
• Tool Usage Data - When you use our analysis tools with Analytics cookies enabled, we may collect usage metrics (such as file metadata and processing results) linked to your account to improve service quality. This data is retained while your account is active and deleted upon account removal.
• Anonymous Technical Analytics - Interaction data collected through our analysis tools (such as device category, session events, and UI interaction patterns) is stored in anonymized, aggregated form. Since this data contains no personally identifiable information, it may be retained indefinitely for statistical and service improvement purposes.
• Communication Records - Records of communications may be retained for compliance and support purposes.

You may request deletion of your personal data at any time by contacting us. We will process such requests in accordance with applicable data protection laws.

12. International Data Transfers

Fincontrollex LLC is based in the United States. If you access our services from outside the United States, please be aware that your personal data may be transferred to, stored, and processed in the United States.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that any transfer of personal data is carried out in compliance with applicable data protection laws. Our third-party service providers (including Google, Meta, Microsoft, LinkedIn, and X) utilize approved transfer mechanisms such as Standard Contractual Clauses (SCCs) to protect your data when it is transferred internationally.

By using our services, you acknowledge and consent to the transfer of your data to the United States and other jurisdictions where our service providers operate.

13. Updates to This Policy

We may revise this notice from time to time to reflect changes in legal requirements, business practices, or services we use (including advertising and analytics platforms). Any material updates will be posted here at least 30 days prior to taking effect. Users will be notified via email or through a banner on the site where applicable.

14. Breach Notification

In the event of a data breach, we will promptly notify affected individuals, entities, and relevant supervisory authorities in accordance with applicable data protection laws. Notification will include:

• A description of the nature of the breach
• Categories and approximate number of affected individuals or records
• Potential consequences of the breach
• Measures taken or proposed to address and mitigate its effects
• Contact details for further inquiries

We comply with notification timelines mandated by the customer's home-state laws (e.g., CCPA/CPRA in California, VCDPA in Virginia, GDPR in the EU), and will notify relevant parties without undue delay and, where required, within 72 hours of becoming aware of the breach. Transactional communications regarding breach notices do not require marketing consent and are sent through the most reliable available channels.

15. Contact

For privacy-related questions or to exercise your rights, please contact us:

• Company: Fincontrollex LLC
• Location: Wesley Chapel, FL, USA
• Email: [email protected]
• Website: https://www.fincontrollex.com

All valid requests are handled promptly and free of charge, in accordance with applicable data protection laws.