Sign in Subscribe
FINANCIAL INTELLIGENCE

FinNotes

Legal

Privacy Policy

FinNotes Privacy Policy. We explain what information we collect, how we use it, what we share, how long we keep it, and the rights you have over your data.

Last updated: 2026-05-28

FinNotes ("FinNotes", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our platform and use our financial information services.

1. Information we collect

We collect information you provide directly when you create an account, subscribe, or contact us:

  • account details (email, display name) — collected via Google sign-in or a password account you create;
  • subscription and billing identifiers held by our payment processor (Stripe) — we never see your card number;
  • content you create on the platform (notes, reading lists, bookmarks, follows);
  • messages you send through support or editorial contact channels.

2. Automatically collected information

When you access the Service we may automatically collect:

  • browser type, language, and operating system;
  • IP address, location at a country/region level, and approximate session timing;
  • pages viewed and articles opened (for editorial analytics and personalisation);
  • device identifiers necessary for security (rate limiting and abuse detection).

We hash IP addresses for rate-limit and abuse logs rather than storing them in plaintext. Editorial analytics is anonymous unless you've opted into personalised analytics in your account settings.

3. How we use information

We use the information we collect to:

  • provide and maintain the Service (account state, subscription state, content delivery);
  • improve editorial coverage (which articles are read, what data series readers consult);
  • detect, investigate, and prevent fraudulent or abusive activity;
  • respond to your requests, support tickets, and corrections.

4. Sharing and disclosure

We do not sell your personal information. We share information only:

  • with service providers who help us run the platform under contract (Stripe for billing, Google for sign-in, our hosting provider for infrastructure);
  • when required by law (court order, regulator request, civil legal process);
  • to protect our rights, property, or safety, or that of our users, when we believe disclosure is necessary;
  • with your explicit consent, when you share content publicly through the Service.

5. Data security

We implement technical and organisational measures appropriate to the sensitivity of the data — TLS in transit, encrypted backups, principle-of-least-privilege access control to production systems, and audit logging of administrative actions. No method of transmission over the internet is 100% secure; we do not and cannot guarantee absolute security.

6. Your rights and choices

Depending on your location, you may have rights to:

  • access the personal information we hold about you;
  • request correction of inaccurate information;
  • request deletion of your account and associated data;
  • opt out of non-essential analytics (toggle in the account console);
  • export your data in a portable format.

Most of these rights are exercisable directly from your account console. For anything you can't do from there, email [email protected].

7. Retention

Account data is retained while your account is active. After you delete your account, primary identifiers are anonymised within 30 days, and historical editorial records (notes, reading lists, bookmarks) are dissociated from your identity. Aggregate, anonymised analytics may be retained indefinitely. Backups cycle out within 30 days.

8. Cookies

FinNotes uses a small number of cookies. The finnotes_auth cookie carries your session token and is essential for signed-in features. We do not currently use third-party advertising cookies. Any new cookie category will be announced here before it is rolled out.

9. International transfers

Our infrastructure may process data in the United States and other jurisdictions. Where required, we use safeguards consistent with applicable law (e.g. standard contractual clauses).

10. Children

The Service is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes are noted on this page and via an account email where appropriate, with the "Last updated" date refreshed.

12. Contact

Questions or concerns about this Privacy Policy can be sent to our Privacy Team at [email protected].