Privacy Policy

Last updated: March 15, 2026

1. Introduction

Finleg ("we," "our," or "us") describes how it collects, uses, discloses, and protects personal information when you use finleg.net and related services.

Finleg implements a privacy-first architecture. We minimize what we keep, encrypt sensitive data at rest and in transit, and only decrypt when needed in authorized server paths.

2. Description of Service

Finleg is a financial and legal document management platform enabling users to organize, track, and analyze financial statements, legal documents, and bookkeeping data using artificial intelligence for document processing and extraction.

3. Information We Collect

Collected

• Account information (email address for login and recovery)
• Financial data (statements, balances, transactions)
• Uploaded documents (financial statements, legal documents, stored in isolated per-user storage)
• Brokerage connections (encrypted OAuth tokens, where applicable)
• Essential cookies for session and preference maintenance

Not Collected

• Social Security numbers, dates of birth, or government IDs
• Brokerage passwords (industry-standard OAuth used instead)
• Browsing history, device fingerprints, or analytics cookies
• Data is never sold or shared with advertisers

4. How We Use Your Information

• Provide, maintain, and improve the Service
• Process and display financial and legal document data
• Extract financial data from uploaded documents using AI/LLM services
• Authenticate identity and secure accounts
• Communicate about the Service
• Comply with legal obligations

5. How We Process Your Documents

When you upload documents:

1. Upload — Files stored in encrypted, per-user cloud storage
2. AI Extraction — Files sent to AI model to extract structured data
3. Data Storage — Only structured output saved; raw AI responses discarded immediately
4. Confirmation — Data written to your account after extraction

AI providers (Anthropic Claude, Google Gemini) see uploaded document content during processing. Per their API terms, data is not used for model training.

6. How We Protect Your Data

• Encryption — Sensitive fields use AES-256-GCM encryption (same standard as banks and governments)
• Row-Level Security — Every database table enforces user-only data access
• Data Isolation — Uploaded files stored in per-user folders with access policies
• Log Redaction — Sensitive fields automatically redacted from all server-side logging
• Transit Security — All data transmitted over HTTPS

7. Data Retention

Users can delete any upload and associated data anytime. Account deletion permanently removes all associated data.

8. Third-Party Services

• Supabase — Database, authentication, file storage (hosted on AWS)
• Anthropic (Claude) — AI document extraction; data not used for training
• Google (Gemini) — AI document extraction; data not used for training
• Intuit (QuickBooks) — Bookkeeping data sync via OAuth
• Cloudflare (R2) — Document storage

No other third parties receive your data.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — View all your data in the dashboard anytime
• Delete — Delete individual uploads, accounts, or your entire account
• Export — Your financial data belongs to you; data export is supported
• Request correction of inaccurate data
• Object to or restrict certain processing

Texas residents have additional rights under the Texas Data Privacy and Security Act (TDPSA). Contact privacy@finleg.net to exercise any rights.

10. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically, notifying users of material changes by posting the updated policy on this page with a revised "Last updated" date.

12. Contact Us

For questions about this Privacy Policy or data handling, contact: privacy@finleg.net

© 2026 Finleg. All rights reserved.