Privacy Policy
How we collect, use, and protect your data
Last updated: March 2026
Quick Navigation
What We Collect
We collect only what is necessary to provide the service
Account Data
When you create an account, we collect your name and email address via Clerk (our authentication provider). We do not store payment card details — these are handled entirely by Stripe.
Usage Data
- Search history: Company names and numbers you have searched, stored to power your recent searches and usage limits
- Watchlist: Companies you have saved to your watchlist and the alert rules you have configured
- API keys: Keys you generate for API access, stored encrypted at rest
- Report data: Any reports or saved searches you create within the platform
Technical Data
We collect standard server logs (IP address, browser type, pages accessed) for security and abuse prevention. We use PostHog for product analytics — this is anonymised and does not include personal identifiers.
How We Use Your Data
Your data is used solely to provide and improve Finsbury Suite
- Service delivery: Powering your searches, watchlist, alerts, and reports
- Billing: Managing your subscription via Stripe
- Security: Detecting and preventing abuse, fraud, and unauthorised API access
- Product improvement: Anonymised usage analytics to understand which features are used
- Communications: Transactional emails (alert notifications, billing receipts). We do not send marketing email without explicit opt-in
We do not use your data to train AI models, build advertising profiles, or share it with third parties for commercial purposes.
Data Encryption & Security
Enterprise-grade encryption protects your data at rest and in transit
AES-256 Encryption at Rest
Sensitive fields — including API keys and personal identifiers — are encrypted at rest using AES-256 encryption. Your data is tenant-isolated: no other user can access your searches, watchlists, or alerts.
Infrastructure
- Authentication: Clerk — SOC 2 Type II certified identity provider with MFA support
- Real-time database: Convex — end-to-end encrypted, enterprise-grade
- Relational database: Neon (PostgreSQL) — data encrypted at rest and in transit
- Hosting: Vercel — global edge network with DDoS protection
- Payments: Stripe — PCI DSS Level 1 certified, card data never touches our servers
In Transit
All communication between your browser and Finsbury Suite uses HTTPS with strict security headers (HSTS, CSP, X-Frame-Options). API keys are transmitted only over TLS.
Zero Data Selling Guarantee
Your data is never sold, shared, or monetised
Finsbury Suite will never sell your account data, search history, or usage patterns to third parties. Our business model is subscription revenue — your data is not the product.
What We Don't Do
- No data selling: Your searches, watchlists, and account data are never sold or shared for commercial purposes
- No advertising: No banner ads, no retargeting, no advertising networks
- No behavioural profiling: We do not build profiles for resale or targeting
- No training data: Your data is not used to train AI or machine learning models
CCPA/CPRA: Under California law, you have the right to opt out of data selling. At Finsbury Suite this right is built in — we never sell data, so there is nothing to opt out of.
GDPR Compliance
Full compliance with UK and European data protection regulation
Finsbury Suite is operated from the United Kingdom and complies with the UK GDPR and the EU GDPR. Our lawful basis for processing your personal data is:
- Contract performance (Article 6(1)(b)): Processing your account data and usage data to deliver the service you have subscribed to
- Legitimate interest (Article 6(1)(f)): Security logging, fraud prevention, and anonymised product analytics
- Legal obligation (Article 6(1)(c)): Retaining billing records as required by HMRC and applicable tax law
Data Minimisation
We collect only what is necessary to provide the service. We do not ask for your phone number, date of birth, or any other personal data beyond name, email, and billing information.
Retention
Account data is retained for the duration of your subscription. Upon account deletion, personal data is purged within 30 days. Anonymised usage aggregates may be retained for product analytics. Billing records are retained for 7 years as required by law.
Your Privacy Rights
Full control over your personal data
Right to Access
Export all your data (search history, watchlist, alert rules, reports) in JSON or CSV format via Settings → Data Export.
Right to Rectification
Update your name, email, and profile information directly via Settings → Profile.
Right to Erasure
Delete your account and all associated data via Settings → Account → Delete Account. Deletion is permanent. We purge personal data within 30 days.
Right to Data Portability
Export your watchlist, saved searches, and reports in machine-readable formats (JSON, CSV) via Settings → Data Export.
Right to Object
Object to specific data processing by contacting us at privacy@finsburysuite.co.uk. You may also disable optional features or delete your account at any time.
Company Data & Open Government Licence
The company intelligence data we display is public record
The company data displayed on Finsbury Suite — including company filings, officer appointments, financial accounts, and PSC registers — is sourced from Companies House and is published under the Open Government Licence v3.0. This is public record data.
Officer names, registered addresses, and appointment dates are part of the statutory public register maintained by Companies House under the Companies Act 2006. Individuals appearing in this data do so as a consequence of their statutory filing obligations, not as a result of any data collection by Finsbury Suite.
If you are an individual who appears in Companies House data and have a concern about its accuracy, please contact Companies House directly. Finsbury Suite reflects the public register as filed.
Questions about privacy?
Contact us at privacy@finsburysuite.co.uk