Skip to content

Privacy Policy

Last updated: 2026-04-22

1. Data Controller

Finny (operated by Strategoo BV, Belgium) is the data controller for your personal data. Contact: info@strategoo.be.

2. Data We Collect

We collect the following categories of personal data:

  • Account dataName, email address, organisation membership.
  • Financial plan dataRevenue projections, cost structures, stakeholder details, and other data you enter into your financial plans.
  • Payment dataProcessed by Stripe. We do not store card numbers.
  • Technical dataIP address, browser type, timestamps for security and debugging.

3. Purpose & Legal Basis

  • Contract performance (Art. 6(1)(b) GDPR) Providing the financial planning service, managing your account, processing payments.
  • Legitimate interest (Art. 6(1)(f) GDPR) Security, fraud prevention, service improvement, audit logging.
  • Legal obligation (Art. 6(1)(c) GDPR)Tax and accounting record-keeping as required by Belgian law.

4. Data Retention

We retain your data as follows:

  • Active account data: retained while your account is active.
  • Deleted accounts: personal data erased within 30 days of deletion, except where legal retention applies.
  • Audit logs: active entries retained for 3 days, archived entries for up to 1 year.

5. Sub-processors

We share data with the following service providers, all of which are GDPR-compliant:

  • Supabase Inc.Authentication and database hosting (EU region).
  • Stripe Inc.Payment processing.
  • Google Cloud (Google LLC)Application hosting (Cloud Run, europe-west1).
  • Cloudflare Inc.CDN, DNS, and DDoS protection.
  • Resend Inc.Transactional email delivery.

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of access, request a copy of your personal data.
  • Right to rectification, correct inaccurate data.
  • Right to erasure, delete your account and data.
  • Right to data portability, export your data in a structured format.
  • Right to object, object to processing based on legitimate interest.
  • Right to lodge a complaint with the Belgian Data Protection Authority (GBA/APD).

To exercise your rights, email info@strategoo.be or use the account deletion feature in your dashboard settings.

7. Cookies & Local Storage

We use only strictly necessary storage:

  • x-org-slugSession cookie to identify your active organisation. Strictly necessary for functionality.
  • localStorageAuthentication tokens managed by Supabase. Strictly necessary for login.

We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Security

All data is encrypted in transit (TLS) and at rest. We use row-level security, rate limiting, and regular security reviews. See our Security documentation for details.

9. Contact

For privacy inquiries: info@strategoo.be. Strategoo BV, Belgium.

← Back to home