Privacy Policy

    Finlyst Privacy Policy

    Finlyst, Inc. ("Finlyst", "we", "us") provides AI-powered financial data tools and MCP integrations (including ChatGPT). This policy explains how we collect, use, share, and protect information when you use finlyst.co, our APIs, and our MCP/agent integrations. By using our services, you agree to this policy.

    Effective date: January 5, 2025

    Information We Collect

    • Account & Contact: name, email, password hash, organization (if provided), and subscription details.
    • Billing: payment method details are handled by our payment processor; we store limited billing metadata (e.g., last 4 digits, expiration month/year) and transaction history.
    • Usage & Device: logs of API/MCP requests (timestamps, endpoints, parameters, error codes), IP address, browser/device type, OS, referral URL, and coarse location derived from IP.
    • Content You Provide: prompts, queries, uploaded or input text, settings, and feedback. For MCP/ChatGPT use, we receive request/response payloads necessary to fulfill your query.
    • Cookies & Similar Tech: session cookies, authentication tokens, analytics cookies (where allowed), and preference cookies.
    • Public & Third-Party Data: publicly available company filings and financial data; limited enrichment (e.g., firmographics) where permitted by law.

    How We Use Data

    • Provide and secure the service, respond to requests, deliver MCP/ChatGPT results, and generate charts and reports.
    • Manage trials, subscriptions, invoicing, and support.
    • Improve quality, performance, and reliability; troubleshoot and prevent abuse/fraud.
    • Analytics and product usage insights; develop new features.
    • Communicate about service updates, security, billing, and—with your consent—marketing.

    Legal Bases (EEA/UK)

    • Performance of contract (providing the service).
    • Legitimate interests (security, fraud prevention, product improvement).
    • Consent (cookies/marketing where required).
    • Legal obligations (tax/accounting).

    Sharing

    • Service Providers: hosting, payment processing, logging/monitoring, analytics, email/support, and customer success—bound by confidentiality and data protection terms.
    • AI/LLM Providers: prompts and necessary context (e.g., query text, selected financial symbols/parameters) are sent to model providers to generate responses.
    • Corporate Events: merger, acquisition, financing, or asset sale, subject to customary safeguards.
    • Legal & Safety: to comply with law, enforce terms, protect rights, security, and prevent fraud/abuse.
    • No Sale: we do not sell personal information.

    Data Retention

    • Account, billing, and transaction records retained as needed for service delivery and legal obligations.
    • Logs and request payloads kept for a limited period for security, debugging, and quality; aggregated/irreversible statistics may be retained longer.
    • You may request deletion of your account; some records may be retained where legally required.

    Security

    • Encryption in transit; restricted access; monitoring and logging; least-privilege practices; periodic reviews.
    • No system is 100% secure; notify us promptly of any suspected issue at privacy@finlyst.co.

    Your Choices & Rights

    • Access, correct, or delete your account information; request data portability where applicable.
    • Opt out of marketing communications; essential service communications will continue.
    • Control cookies via browser settings and, where provided, consent tools.
    • EEA/UK: right to object or restrict certain processing and to lodge a complaint with a supervisory authority.

    Cookies & Tracking

    • Essential cookies for authentication and session continuity.
    • Analytics/performance cookies (where permitted) to understand usage and improve reliability.
    • You can disable non-essential cookies via browser settings; this may affect functionality.

    International Transfers

    • Data may be processed in the United States and other countries.
    • Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

    Children

    • The service is not directed to children under 16. Do not use the service if you are under the applicable age threshold.

    MCP/Agent-Specific Notes

    • When you use Finlyst via ChatGPT or other MCP agents, your prompts, retrieved financial data, and generated outputs are processed to fulfill your request and may be logged for a limited time for security, reliability, and quality.
    • Avoid sharing sensitive personal data in prompts. We rely on the model provider's terms and security for its processing; their policies apply in addition to this one.

    Third-Party Links

    • External links or integrations are governed by their own policies; review them separately.

    Changes

    • We may update this policy to reflect changes to our practices or for legal reasons. Material changes will be posted with an updated effective date.

    Contact

    • For questions, requests, or privacy inquiries (including EEA/UK rights), contact privacy@finlyst.co.