Privacy Policy

Account Data

When you create an account, we collect your name and email address. We do not store payment card details.

Usage Data

• Search history: Company names and numbers you have searched, stored to power your recent searches and usage limits
• Watchlist: Companies you have saved to your watchlist and the alert rules you have configured
• API keys: Keys you generate for API access, stored encrypted at rest
• Report data: Any reports or saved searches you create within the platform

Technical Data

We collect standard server logs, anonymised product analytics; does not include personal identifiers.

• Service delivery: Powering your searches, watchlist, alerts, and reports
• Billing: Managing your subscription
• Security: Detecting and preventing abuse, fraud, and unauthorised API access
• Product improvement: Anonymised usage analytics to understand which features are used
• Communications: Transactional emails (alert notifications, billing receipts) and marketing emails

AES-256 Encryption at Rest

Sensitive fields — encrypted at rest, tenant-isolated: no other user can access your searches, watchlists, or alerts.

Infrastructure

• Authentication: — SOC 2 Type II certified identity provider with MFA support
• Real-time database: — end-to-end encrypted, enterprise-grade provider
• Relational database provider: — data encrypted at rest and in transit
• Hosting: — global edge network provider with DDoS protection
• Payments: — PCI DSS Level 1 certified provider, card data never touches our servers
• Finsbury Intelligence: — company data is transmitted to Anthropic to generate Finsbury Intelligence narratives and summaries. No personal account data is included in these requests. Anthropic's data processing agreement is in place. See Anthropic's Privacy Policy.

In Transit

All communication between your browser and Finsbury Suite uses HTTPS with strict security headers. API keys are transmitted only over TLS.

Finsbury Suite is operated from the United Kingdom and complies with the UK GDPR and the EU GDPR. Our lawful basis for processing your personal data is:

• Contract performance (Article 6(1)(b)): Processing your account data and usage data to deliver the service you have subscribed to
• Legitimate interest (Article 6(1)(f)): Security logging, fraud prevention, and anonymised product analytics
• Legal obligation (Article 6(1)(c)): Retaining billing records as required by HMRC and applicable tax law

Data Minimisation

We collect only what is necessary to provide the service. We do not ask for your phone number, date of birth, or any other personal data beyond name, email, and billing information.

Retention

Account data is retained for the duration of your subscription. Upon account deletion, personal data is purged within 30 days. Anonymised usage aggregates may be retained for product analytics. Billing records are retained for 7 years as required by law.

The company data displayed on Finsbury Suite — including company filings, officer appointments, financial accounts, and PSC registers — is sourced from Companies House and is published under the Open Government Licence v3.0. This is public record data.

Officer names, registered addresses, and appointment dates are part of the statutory public register maintained by Companies House under the Companies Act 2006. Individuals appearing in this data do so as a consequence of their statutory filing obligations, not as a result of any data collection by Finsbury Suite.

If you are an individual who appears in Companies House data and have a concern about its accuracy, please contact Companies House directly. Finsbury Suite reflects the public register as filed.