Privacy Policy
Last updated: 14 January 2026
1. Introduction
FinqChat ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our invoice processing and accounting automation service.
We are the Data Controller for the personal data we process. We are registered in the United Kingdom and can be contacted at privacy@finqchat.com.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, password
- Invoice Data: Invoices you upload, including supplier names, amounts, dates, and line items
- Payment Information: Billing details for paid subscriptions (processed by our payment provider)
- Communications: Messages you send us via support channels
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on the service
- Device Information: Browser type, operating system, IP address
- Cookies: See our Cookie Policy for details
2.3 Information from Third Parties
- Xero/QuickBooks: When you connect your accounting software, we receive organisation name, chart of accounts, and invoice/payment data
- Connected Apps: If you connect other applications (Slack, Google Drive, etc.), we receive data necessary to provide the integration
3. How We Use Your Information
We process your data based on the following lawful bases under GDPR:
Contract Performance
- Processing your invoices and extracting data
- Syncing data with your accounting software
- Providing customer support
- Managing your account and subscription
Legitimate Interests
- Improving our service and developing new features
- Preventing fraud and ensuring security
- Analysing usage patterns (anonymised)
Consent
- Marketing communications (you can opt out anytime)
- Optional analytics and improvement programs
Legal Obligation
- Retaining financial records as required by law
- Responding to legal requests from authorities
4. Who We Share Your Data With
We share your data with the following categories of recipients:
| Recipient | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | EU/US |
| Google Cloud | OCR processing | EU/US |
| Anthropic | AI processing | US |
| Xero/QuickBooks | Accounting sync | Various |
| Make.com | Third-party integrations | EU |
| Vercel | Application hosting | US/EU |
All our processors have signed Data Processing Agreements (DPAs) and comply with GDPR requirements.
5. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until deletion requested | Service delivery |
| Invoice data | 7 years | UK legal requirement |
| Processing logs | 2 years | Support & debugging |
| Analytics data | 26 months | Service improvement |
| Deleted accounts | 30 days (backup) | Recovery grace period |
6. Your Rights
Under GDPR, you have the following rights:
π Right to Access
Request a copy of all data we hold about you
βοΈ Right to Rectification
Correct any inaccurate personal data
ποΈ Right to Erasure
Request deletion of your personal data
βΈοΈ Right to Restrict
Limit how we process your data
π¦ Right to Portability
Receive your data in a portable format
π« Right to Object
Object to certain processing activities
To exercise any of these rights, go to Settings β My Data or contact us at privacy@finqchat.com.
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
7. International Data Transfers
Some of our service providers are located outside the UK/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- UK International Data Transfer Agreement (IDTA)
- Adequacy decisions where applicable
8. Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption in transit (TLS/HTTPS) and at rest
- Row Level Security ensuring users only access their own data
- Regular security assessments and updates
- Access controls and authentication
- Audit logging of data access
9. Children's Privacy
Our service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our service. Your continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@finqchat.com
Data Protection Officer: privacy@finqchat.com
Address: United Kingdom