Privacy Policy
Last updated: 11 July 2026
This policy explains what personal data we process, why, and how we protect it. Controller: PROACTIVE SHIPPING S.R.L., VAT no. RO49176949, Trade Registry no. J2023022378407, registered office at Str. Ion Țuculescu no. 42, Bl. P3, Sc. C, 3rd floor, Ap. 47, District 3, Bucharest, Romania. Contact: contact@finur.io.
1. Data we process
- Account data: name, email, password (encrypted), optional phone, billing details.
- Content you upload: accounting documents, data of the companies and employees in your portfolio, messages to the agent.
- Technical data: IP address, browser type, access and audit logs.
- Communication data: messages sent via the contact form or email.
2. Purposes and legal bases
- Providing the service (performance of contract): account, document processing, generating returns.
- Billing and legal obligations (legal obligation): tax records, invoice retention.
- Security and abuse prevention (legitimate interest): logs, rate limiting, audit.
- Product communications (legitimate interest / consent, as applicable).
3. Sub-processors
We use infrastructure and service providers that process data on our behalf under data processing agreements (DPAs):
- Supabase (database and authentication, EU hosting)
- Anthropic (AI processing of documents and conversations)
- OpenAI (AI processing: image extraction, classification)
- Vercel (website and web app hosting)
- Railway (backend services hosting)
- Paddle (payment processing, merchant of record)
- Resend (transactional email delivery)
- Meta Platforms (WhatsApp Business API, for communicating with your clients)
- Cloudflare (DNS, CDN and anti-abuse protection, processes IP addresses)
4. We do not sell your data
We do not sell your personal data and we do not use it for third parties' marketing purposes. The sub-processors above process it exclusively to provide the Finur service, under the data processing agreements (DPAs) signed with each of them.
5. International transfers
Data is stored in the European Union. Some sub-processors (Anthropic, OpenAI, Meta) may process data outside the EU; in those cases transfers rely on the Standard Contractual Clauses approved by the European Commission or the EU-US Data Privacy Framework.
6. How long we keep data
Account data: for the duration of the contract and up to 90 days after closure (the export window), after which it is deleted in cascade from all systems: database, file storage and search index.
Our own billing documents: 10 years, as required by tax law. Technical logs: up to 12 months.
7. Your rights
You have the rights of access, rectification, erasure, restriction, portability and objection, as well as the right to lodge a complaint with the Romanian supervisory authority ANSPDCP (dataprotection.ro). Full details on the GDPR page. You can write to us at contact@finur.io.
8. Security
Data is encrypted in transit and at rest, isolated per firm at database level, and access is protected by two-factor authentication. Internal access to production data is restricted and logged.