Privacy Policy

Effective Date: March 22, 2026
Last Updated: March 24, 2026

FinLoom ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our platform at finloom.io (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address and password when you create an account.
• Business Profile: Business name, address, phone number, tax ID, logo, and invoice settings you optionally provide.
• Financial Data: Revenue, expenses, invoices, proposals, time entries, inventory items, financial models, budgets, and any other data you enter into the Service.
• Client Data: Names, email addresses, and contact information of your clients that you enter into the Service.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and session duration.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, referring URL, and access timestamps for security and debugging purposes.

1.3 Information We Do NOT Collect

• We do not collect payment card numbers, bank account numbers, or Social Security numbers through the Service. Payment processing is handled by our third-party payment processor.
• We do not sell your personal information or financial data to third parties.
• We do not use your financial data for advertising purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Process your account registration and authentication.
• Generate financial reports, projections, and exports that you request.
• Send transactional emails (account verification, password resets, billing receipts).
• Respond to your support requests.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do NOT use your information to:

• Sell or rent your data to third parties.
• Display advertisements.
• Train machine learning models on your financial data. When your data is processed by our AI provider to generate AI-powered features, it is used solely to produce the requested output and is not retained for model training.
• Contact you for marketing purposes without your consent.

3. How We Store Your Data

3.1 Infrastructure

Your data is stored using Supabase, a hosted database platform built on PostgreSQL. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Our infrastructure is hosted in the United States.

3.2 Row-Level Security

We implement row-level security (RLS) policies on all database tables. Each user can only access their own data. Team members can access shared organizational data based on their assigned role and product permissions.

3.3 Retention

We retain your data for as long as your account is active. After account deletion, we may retain your data for operational, legal, or compliance purposes. You may request permanent deletion of your data by contacting us at privacy@finloom.io. We will process deletion requests within 30 days.

4. Data Sharing

We share your information only in the following circumstances:

4.1 Service Providers

We use third-party service providers to operate the Service, including:

• Supabase — Database hosting and authentication.
• Anthropic — AI model provider. When you use AI-powered features (such as competitive pricing estimates, listing description generation, financial forecast narratives, contract analysis, or other AI-assisted outputs), relevant portions of your data are sent to Anthropic's API to generate the requested output. Anthropic processes this data solely to produce the AI response and does not use your data to train its models. See Anthropic's usage policy at anthropic.com/policies for details.
• Payment Processor — Subscription billing (we do not store your payment card details).
• Email Service — Transactional emails only.

These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

4.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email or prominent notice on our website before your data is subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you explicitly direct us to do so (for example, exporting data to your accountant).

5. Team and Multi-User Access

If you are part of an organization on FinLoom:

• Organization owners can invite team members and assign roles (owner, editor, viewer).
• Team members may access organizational data based on their assigned role and product permissions.
• Viewers can see but not modify data. Editors can modify data within assigned products. Owners have full access.
• Organization owners are responsible for managing team member access and ensuring appropriate permissions.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated data.
• Export: Export your data at any time using the built-in export features.
• Objection: Object to certain processing of your data.
• Restriction: Request that we limit how we use your data.

To exercise any of these rights, contact us at privacy@finloom.io. We will respond within 30 days.

7. Cookies and Local Storage

The Service uses minimal browser storage:

• Session Storage: Stores your current navigation state (active page, active product). Cleared when you close the browser tab.
• Local Storage: Stores your tool preferences (which financial templates are enabled). No personal data is stored in local storage.
• Authentication Cookies: Managed by Supabase for session management.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

9. International Users

The Service is operated in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

10. Security

We implement commercially reasonable security measures, including:

• Encryption in transit and at rest.
• Row-level security on all database tables.
• Secure authentication via Supabase Auth.
• Regular security reviews of our codebase and infrastructure.

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 15 days before taking effect. The "Last Updated" date at the top of this policy indicates the most recent revision.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Email: privacy@finloom.io

Address: FinLoom, Philadelphia, PA