Finbase Privacy Policy

Version: v1
Effective date: June 5, 2026
Last updated: June 5, 2026

1. Overview

This Privacy Policy explains how Finbase LLC ("Finbase," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our websites, account portal, identity portal, APIs, documentation, support, billing, emails, and related services (collectively, the "Services").

This Privacy Policy applies to personal information we process as a business or controller for our own Services, websites, accounts, billing, support, security, and operations.

If you use Finbase on behalf of an organization, your organization may also control certain information about its users, administrators, billing contacts, invited users, and Service usage. Please contact that organization for questions about its own privacy practices.

For purposes of this Privacy Policy, "personal information" means information that identifies, relates to, describes, can reasonably be associated with, or can reasonably be linked to an individual, subject to applicable law.

2. At-a-Glance Notice

This section summarizes the personal information Finbase collects and why. The rest of this Privacy Policy provides more detail.

Category Examples Primary purposes
Account and user information Name, email address, organization, user role, login identifiers Account creation, authentication, user administration, support, legal acceptance records
Organization and billing information Billing name, billing address, tax information, subscription and invoice metadata Subscription management, billing, tax calculation, payment status, entitlements, account support
Authentication and security information IP address, user agent, session metadata, login attempts, MFA and SSO metadata Login, fraud prevention, security monitoring, abuse prevention, access control
Service usage and API information API key metadata, request timestamps, route/status metadata, query metadata, usage counters API operation, entitlement enforcement, usage tracking, troubleshooting, billing, security, rate limiting
Support and communications Support requests, billing questions, tax exemption communications, email delivery metadata Customer support, account administration, operational communications
Website and technical information Pages visited, browser/device information, cookies or similar technologies Website operation, security, diagnostics, performance, service improvement

Finbase does not sell customer data. Finbase does not store raw payment credentials such as full card numbers, CVC values, or bank login credentials.

3. Business Service

Finbase is intended for United States-based businesses, organizations, professionals, and individuals using the Services for business, professional, commercial, research, analytical, or similar purposes. The Services are not intended for personal, household, family, or consumer-purpose use unrelated to those purposes.

4. Information We Collect

We may collect the following categories of information.

Account and user information

  • name;
  • email address;
  • phone number, if provided;
  • organization name;
  • user role, permissions, invite status, and account status;
  • login identifiers;
  • password authentication metadata, where applicable;
  • MFA configuration metadata, where applicable;
  • SSO / Custom IdP configuration metadata, where applicable.

Organization and billing information

  • billing legal name;
  • billing address;
  • tax jurisdiction information;
  • tax exemption request information;
  • contact email;
  • subscription plan, billing cadence, invoice status, and entitlement information;
  • billing-processor customer, subscription, invoice, payment-method metadata, and payment status information.

Finbase does not store raw payment credentials such as full card numbers, CVC values, or bank login credentials. Payment information is processed by Stripe and related payment services.

Authentication and security information

  • login attempts;
  • OAuth or SSO provider identifiers;
  • session metadata;
  • IP address;
  • user agent;
  • device/browser metadata;
  • security events;
  • password reset and verification events;
  • account lockout, throttle, or override events;
  • legal acceptance records, including document versions, timestamp, IP address, user agent, and acceptance context.

Service usage and API information

  • API key identifiers and metadata;
  • request timestamps;
  • route, endpoint, status, response metadata, and usage counters;
  • source IP address and user agent;
  • rate-limit, throttling, blocking, and abuse-prevention events;
  • entitlement checks;
  • data-set, datasource, query, and release metadata;
  • logs needed for security, debugging, support, billing, service stability, and operations.

Support and communications

  • support requests;
  • billing questions;
  • tax exemption communications;
  • account administration messages;
  • email delivery metadata;
  • customer feedback;
  • information you choose to send to Finbase by email or other support channels.

Website and technical information

  • pages visited;
  • referring URLs;
  • browser and device information;
  • IP address;
  • cookie or similar technology information;
  • approximate location inferred from IP address;
  • website diagnostics, performance, and security information.

5. Information We Do Not Intend to Collect

The Service API is intended for financial data set lookups. It is not intended for storing borrower files, consumer credit reports, protected health information, cardholder data, bank login credentials, full government identification numbers, or other sensitive personal records.

Unless Finbase expressly agrees in writing, you should not submit sensitive personal information or regulated customer files to the Services.

6. How We Use Information

We use information to:

  • provide, operate, maintain, and secure the Services;
  • create and manage accounts, organizations, users, roles, invites, and sessions;
  • authenticate users and support OAuth, MFA, and SSO / Custom IdP features;
  • provide API access and enforce entitlements, usage limits, and plan permissions;
  • process subscriptions, invoices, taxes, payment status, billing history, and payment-related events;
  • provide customer support and respond to requests;
  • send operational, billing, support, tax-exemption, invite, security, maintenance, legal, and account communications;
  • detect, prevent, investigate, and respond to abuse, fraud, unauthorized access, credential compromise, excessive traffic, platform attacks, and security incidents;
  • debug, monitor, improve, and develop the Services;
  • maintain audit records, legal acceptance records, and operational logs;
  • comply with law, legal process, tax obligations, accounting obligations, and enforceable requests;
  • enforce our Terms of Service and other agreements;
  • protect the rights, property, safety, availability, and security of Finbase, customers, users, and third parties.

7. Data Sources, Public Data, and API Metadata

Finbase compiles, normalizes, and provides access to financial data sets from government agencies, public sources, or other sources selected by Finbase.

Those source data sets are generally not Customer personal information submitted by you and are not treated as personal information about you merely because you access them through the Services. Some source data may be publicly available, government-issued, agency-published, or otherwise obtained from sources selected by Finbase.

Your account activity, API usage, query metadata, API key metadata, and support communications associated with use of those data sets may be tied to your account, organization, API key, or subscription and may be processed as described in this Privacy Policy.

Finbase does not intend for customers to submit borrower files, consumer records, or sensitive personal records through API queries. Finbase may retain API usage logs, query metadata, and operational metadata for security, abuse prevention, billing, troubleshooting, service improvement, and compliance purposes, but the Service API is not designed as a customer data-storage system.

8. How We Share Information

Finbase does not sell customer data.

We may share information with:

  • service providers and subprocessors that help us provide the Services;
  • payment processors, including Stripe, for checkout, subscriptions, invoices, payment methods, tax calculation, payment status, receipts, refunds, dunning, and payment-related emails;
  • cloud infrastructure providers, including Amazon Web Services, for hosting, storage, networking, logging, monitoring, email delivery, and security;
  • identity providers, such as Google, Microsoft, or customer-configured SSO / Custom IdP providers, where needed for authentication;
  • email, support, documentation, tax, security, monitoring, analytics, or operational tooling providers;
  • your organization administrators or authorized support contacts, where appropriate for account administration;
  • professional advisors, auditors, insurers, accountants, and legal counsel;
  • law enforcement, regulators, courts, government authorities, payment networks, tax authorities, or other parties where required by law or where disclosure is reasonably necessary to protect rights, safety, security, or the Services;
  • counterparties in connection with a merger, acquisition, financing, corporate transaction, reorganization, or sale of assets.

We may share aggregated, de-identified, or anonymized information that does not identify you or your organization.

9. Payment Processing and Stripe

Finbase uses Stripe and related payment services for payment processing, subscription billing, invoices, automatic tax, payment method updates, receipts, refunds, failed-payment handling, ACH/bank payment workflows, and related payment communications.

When you enter payment information, Stripe may collect and process payment details directly. Finbase may receive payment-related metadata, including customer ID, subscription ID, invoice ID, payment status, payment method type, billing address, tax amounts, and transaction status.

Stripe's processing of personal information is governed by Stripe's own terms and privacy policy where Stripe acts independently or as required by its services.

10. Emails and Operational Communications

Finbase and its service providers may send:

  • account and invite emails;
  • verification, password reset, authentication, and security emails;
  • billing, subscription, payment, invoice, receipt, failed-payment, renewal, and payment-method update emails;
  • tax exemption and support emails;
  • maintenance, service, legal, and policy update emails;
  • data-set, subscription-management, scheduled-change, cancellation, and grandfather/legacy-pricing emails where applicable.

Some billing and payment emails may be sent by Stripe using Finbase branding or billing email domains.

Operational emails are part of the Services and may not include the same unsubscribe options as marketing emails.

11. Cookies and Similar Technologies

Finbase may use cookies, local storage, session storage, and similar technologies to:

  • keep users signed in;
  • route users between account, identity, and operations portals;
  • remember session and security state;
  • support authentication, CSRF protection, and fraud prevention;
  • understand website and application performance;
  • improve the Services.

If Finbase later uses marketing, advertising, or non-essential analytics cookies on public websites, the public website should provide any consent or preference controls required by applicable law.

12. Retention

We retain information for as long as reasonably necessary to provide the Services, maintain accounts, process billing, support customers, comply with legal/tax/accounting obligations, resolve disputes, enforce agreements, maintain audit logs, prevent abuse, and protect the Services.

Retention periods vary by information type. For example:

  • account and organization records are generally retained while the account is active and for a reasonable period afterward for account administration, audit, legal, and support purposes;
  • billing, invoice, tax, and payment records are generally retained as needed for tax, accounting, audit, chargeback, dispute, and legal obligations;
  • legal acceptance records are generally retained to demonstrate agreement to applicable terms and policy versions;
  • API usage, security, and operational logs are generally retained for security, abuse prevention, billing, troubleshooting, service operation, and audit purposes;
  • support communications are generally retained while useful for account support, continuity, dispute resolution, and operational history.

Finbase may retain information longer where required or permitted by law, where needed to resolve disputes, where relevant to security or abuse investigations, or where preserved in backups, audit records, or legal holds. Finbase may also delete or de-identify information when it is no longer needed.

13. Security

Finbase uses commercially reasonable administrative, technical, physical, and organizational safeguards designed to protect personal information.

Finbase's safeguards are designed to include appropriate access controls, monitoring, vendor oversight, secure configuration, backup and recovery practices, data disposal practices, and other measures appropriate to the nature of the information and the Services.

No system is perfectly secure. You are responsible for maintaining the security of your users, passwords, API keys, SSO / Custom IdP configuration, devices, network, and integrations.

If you believe your account or API credentials have been compromised, contact support@finbaseco.com promptly.

14. United States Use

Finbase is operated from the United States. Information may be processed in the United States or other locations where Finbase or its service providers operate.

Finbase's product and billing workflows are designed for, and intended to be used by, customers with United States billing addresses. The Services are targeted to United States-based businesses, organizations, professionals, and individuals.

15. Privacy Rights and Choices

Depending on where you are located and the laws that apply, you may have rights to request access, correction, deletion, portability, restriction, objection, appeal, or withdrawal of consent for certain personal information. You may also have the right to opt out of certain processing activities, such as sale, sharing, targeted advertising, or profiling, where those concepts apply under applicable law.

To make a privacy request, contact privacy@finbaseco.com.

We may need to verify your identity and authority before responding. If your account is controlled by an organization, we may direct your request to that organization, require the organization to process the request, or coordinate with the organization before responding.

Finbase will respond to privacy requests within the time required by applicable law. Some requests may be limited or denied where permitted by law, including where information must be retained for security, billing, tax, legal, fraud prevention, dispute, operational, or audit purposes.

We do not sell customer data. If Finbase later uses personal information in a way that is considered "sale" or "sharing" under applicable privacy laws, Finbase will update this Privacy Policy and provide required opt-out mechanisms where required by applicable law.

16. U.S. State Privacy Disclosures

Depending on applicable law, the categories of personal information Finbase may collect include:

  • identifiers, such as name, email address, phone number, IP address, and account identifiers;
  • commercial information, such as subscription, invoice, payment status, and billing records;
  • internet or electronic network activity, such as login, session, API usage, device, browser, and log data;
  • professional or employment-related information, such as organization name, role, and business contact information;
  • geolocation information inferred from IP address or billing address;
  • inferences or derived operational information, such as entitlement state, usage patterns, and security risk indicators.

We collect and use these categories for the purposes described in this Privacy Policy.

We disclose these categories to service providers and other parties as described in this Privacy Policy.

We do not knowingly sell customer personal information.

17. Children's Privacy

The Services are not directed to children and are not intended for individuals under 18. Finbase does not knowingly collect personal information from children.

18. Marketing Communications

If Finbase sends marketing emails, you may opt out using the unsubscribe mechanism in the email or by contacting Finbase.

Even if you opt out of marketing communications, Finbase may still send operational, transactional, billing, legal, support, security, and account-related communications.

19. Third-Party Links and Services

The Services may link to or integrate with third-party websites, services, identity providers, payment processors, documentation tools, support tools, or infrastructure providers.

This Privacy Policy does not govern third-party privacy practices. Review the privacy policies of those third parties for more information.

20. Changes to This Privacy Policy

Finbase may update this Privacy Policy from time to time. The updated version will be posted at https://finbaseco.com/privacy or another location Finbase designates.

For material changes, Finbase may provide notice by email, account message, website notice, or other reasonable means. Finbase may review this Privacy Policy periodically and update it when privacy practices, legal requirements, or Services change.

21. Contact

For privacy questions or requests, contact:

privacy@finbaseco.com