Privacy Policy

1. Introduction

Fincast Inc. ("Fincast," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial document intelligence platform.

2. Information We Collect

Account Information

• Name and email address
• Organization name and billing information
• Account credentials (securely hashed)

Financial Data

• Documents you upload (invoices, receipts, bills, statements)
• Bank account data accessed via Plaid (account balances, transactions)
• Accounting software data accessed via OAuth (QuickBooks, Xero)
• Extracted data from documents (vendor names, amounts, dates, line items)

Usage Data

• Device and browser information
• IP address and approximate location
• Pages visited and features used
• Error logs and performance metrics

3. How We Use Your Information

We use your data to:

• Provide and maintain our services
• Extract and process financial document data using AI
• Match documents with accounting entries and bank transactions
• Improve our AI models and extraction accuracy
• Send service-related communications
• Detect and prevent fraud or security issues
• Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

• Service Providers: Cloud infrastructure (Google Cloud Platform), payment processing (Stripe), error tracking (Sentry)
• Integration Partners: Plaid (banking data), QuickBooks/Xero (with your explicit authorization)
• Legal Requirements: When required by law or to protect our rights

5. Data Security

We implement industry-standard security measures:

• 256-bit AES encryption for data at rest
• TLS 1.2+ encryption for data in transit
• SOC 2 Type II certified infrastructure (Google Cloud)
• Regular security audits and penetration testing
• Role-based access controls

6. Data Retention

We retain your data for as long as your account is active. After account deletion:

• Account data is deleted within 30 days
• Uploaded documents are deleted within 30 days
• Aggregated, anonymized analytics may be retained indefinitely
• Legal and compliance records may be retained as required by law

7. Your Rights and Choices

You have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data in a portable format
• Opt out of marketing communications
• Revoke third-party integrations at any time

To exercise these rights, contact us at privacy@fincast.ca.

8. Data Location

All customer data is stored in Canada (Google Cloud Platform, Montreal region: northamerica-northeast1) to comply with Canadian data residency requirements.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

10. Children's Privacy

Fincast is not intended for users under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

12. Contact Us

If you have questions about this Privacy Policy, contact us at: