Privacy Policy

Last updated: 2026-05-27

FinComp ("we", "us", "our") is a multi-ERP financial operations platform operated by Priotech. This Privacy Policy describes how we collect, use, store, and protect information when you use the FinComp service at fin-comp.com (the "Service").

1. Information we collect

• Account information. Your name, email address, organization name, and authentication credentials.
• Financial data from connected systems. When you authorize FinComp to connect to your ERP or accounting system (e.g. QuickBooks Online, QuickBooks Desktop via QODBC, Priority ERP, SAP Business One), we receive and store: invoices, bills, bank accounts, balances, transactions, customers, vendors, journal entries, profit-and-loss reports, and other accounting records you authorize.
• Uploaded files. PDFs and images you upload for OCR processing.
• Usage data. Pages viewed, API endpoints used, timestamps, IP address, browser and device metadata.
• Communication. Support emails and in-app messages.

2. How we use the information

• Provide the Service: sync data from your ERPs, render dashboards, run forecasts, produce reports.
• Authenticate users and enforce access control.
• Improve and debug the Service through aggregate, de-identified analytics.
• Send service announcements, security alerts, and support replies.
• Comply with legal obligations.

3. How we store and protect information

• Data is stored on Amazon Web Services (AWS) infrastructure in the United States (us-east-1 region).
• All web traffic is encrypted in transit using TLS 1.2+ (Let's Encrypt).
• ERP OAuth tokens and database credentials are encrypted at rest with AES-256-GCM using per-deployment key encryption keys.
• Tenant data isolation is enforced at three layers: application code, foreign-key constraints, and PostgreSQL row-level security (RLS).
• VPN tunnels (WireGuard) are used for QuickBooks Desktop integrations and are point-to-point encrypted with ChaCha20-Poly1305.
• Access to production systems is restricted to authorized Priotech engineers, audited, and uses short-lived credentials.

4. Third parties we share data with

We do not sell your data. We share information only with the providers required to operate the Service:

• Amazon Web Services — infrastructure (compute, storage, network)
• Intuit — when you authorize FinComp to connect to QuickBooks Online, Intuit is the source of your QuickBooks data
• OpenAI (optional, only if you enable the AI Finance Agent) — natural-language queries you submit are sent to OpenAI to generate responses. No financial data is stored by OpenAI.
• Let's Encrypt — TLS certificate issuance

We will disclose information if required by a valid legal process (subpoena, court order), and will notify the affected tenant unless prohibited by law.

5. Data retention and deletion

You can request deletion of your account and all associated data at any time by emailing privacy@fin-comp.com. We will delete your data within 30 days, except where retention is required by law (e.g. financial audit retention periods).

When you disconnect an ERP integration, the access tokens are revoked immediately. Historical data already synced is retained until you request deletion.

6. Your rights

Depending on your jurisdiction (GDPR, CCPA), you may have rights to access, correct, delete, or export your data, and to object to certain processing. Contact privacy@fin-comp.com to exercise these rights.

7. Children's privacy

FinComp is a B2B service intended for use by businesses. We do not knowingly collect personal information from children under 16.

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via in-app notice or email at least 14 days before they take effect.

9. Contact

For privacy questions, data requests, or to report a concern:
privacy@fin-comp.com

Operator: Priotech
Tel Aviv, Israel