Privacy Notice
Your privacy is important to us, and we take our responsibility of caring for it seriously. This Privacy Notice describes what information Finoptics collects and how we use, disclose, transfer, and store it.
1 - What data we collect
- No personal data collection by default: Our public website does not collect or store personal information from visitors for marketing or profiling purposes. If you interact with us directly (for example by emailing us or submitting information as part of onboarding), those communications may include personal data see Section 2.
- RFP submission form: Our website provides an online form for submitting a Request for Proposal (RFP). Information provided through this form (such as your name, company, email address, project details, or other business-related information) is collected solely for the purpose of evaluating and responding to your RFP. All RFP submissions are treated confidentially and are not shared with any third party without your consent.
- If we ever add contact forms, analytics or other tracking to the site in the future, this Notice will be updated accordingly.
2 - Client project data (what we receive and why)
- What we receive: When engaged by a client, we may receive personal data necessary to perform project services (for example: names, contact details, account identifiers, transaction or operational data, or other client-supplied content).
- Purpose: We use client-supplied data solely to perform the contracted services (project delivery, analysis, reporting, support, and related tasks).
- Legal basis / contractual basis: Processing is performed under our contractual relationship with the client and as necessary to provide the agreed services.
3 - Storage, security, and audits
- Cloud hosting: Project and client data are stored on Microsoft Azure. Microsoft Azure provides mechanisms for customers to choose data residency and to manage where customer data is stored and processed.
- Security controls & attestations: Finoptics maintains contractual and technical controls over client data. Microsoft publishes SOC audit reports and the Service Trust Portal which describe independent third-party attestations (SOC 2 Type 2) for Microsoft cloud services; these reports are available to customers through Microsoft's compliance/Service Trust resources. Finoptics maintains SOC-level security controls and follows security practices aligned to SOC 2 Type 2 requirements in our handling of client data.
- What SOC 2 means: SOC 2 Type 2 is an independent attestation of controls relevant to security, availability, processing integrity, confidentiality and privacy; a Type 2 report assesses operating effectiveness over a period (not just design).
4 - Data residency and transfers
Where possible, we will respect client preferences for storing data in particular cloud regions. Microsoft Azure enables customers to select the Azure geography/region where data is stored; in some cases, Microsoft may replicate data within the selected geography for resiliency. Details on residency options and controls are available from Microsoft.
5 - Third-party processors
Microsoft Azure is our primary cloud service provider and acts as a data processor for client data stored on Azure. We will only engage other third-party processors when necessary for project delivery and under contract requiring confidentiality and appropriate security measures. Where applicable, sub processors and vendor names will be provided to clients in contractual documentation.
6 - Retention and deletion
- Retention: We retain client project data only for as long as necessary to perform the contracted services and to meet any legal, regulatory, or contractual obligations.
- Deletion / destruction: After a project ends, we will securely delete or destroy client data on request and in accordance with the terms of our contract. If you request deletion, we will act on that request subject to any legal or contractual retention obligations.
7 - User & data subject rights
For data provided to us by clients, data subjects or client representatives may, to the extent permitted by law and contract, request:
- Access to the personal data we hold about them
- Correction or update of inaccurate data
- Deletion of data (subject to contractual or legal retention requirements)
- Objection to certain processing activities where applicable
Requests should be sent to info@finoptics.io and will be handled in accordance with applicable law and contractual obligations.
8 - Security measures (high-level)
We implement organizational, technical and contractual measures appropriate to the risk and the nature of the data, including (where applicable): access controls, encryption in transit and at rest (as supported by Azure services), role-based access management, monitoring/logging, and incident response processes. We maintain practices consistent with recognized frameworks and attestations (e.g., SOC 2 Type 2) to demonstrate control effectiveness.
9 - Children
Our services are business focused. We do not knowingly collect personal data from children under applicable thresholds; if we become aware that such data was provided, we will take steps to delete it if required.
10 - Changes to this Notice
We may update this Privacy Notice from time to time. The “Effective date” at the top will be revised when changes are published.
11 - Contact
For privacy questions, data requests, or to exercise rights concerning data you provided via a client engagement, contact:
Email: info@finoptics.io
Address: Finoptics LLC
535 5th Ave 4th Flr
New York, NY 10017
United States