Privacy Policy

1. Scope

This Policy applies to information we process as a controller for our website and Service. If your organization uses Finovia, your organization may also be a data controller for personal data stored in the Service.

2. Information we collect

We may collect the following categories of information:

• Account information: name, email, password (stored as a hash), role and authentication details.
• Organization and business information: tenant/company name, settings, and configuration.
• Business records you upload or create: invoices, customers/vendors, inventory items, journal entries, documents, and other operational data ("Customer Content").
• Usage and device data: log data, approximate location derived from IP, browser type, pages viewed, and performance metrics.
• Support communications: messages and attachments you send to support.
• Cookies and similar technologies: used to keep you signed in, remember preferences, and measure performance.

3. How we use information

We use information to:

• Provide and maintain the Service (authentication, access control, features).
• Secure the Service (fraud prevention, abuse detection, auditing).
• Process transactions you initiate and provide customer support.
• Improve the Service (debugging, analytics, product development).
• Communicate with you about the Service (service notices, updates).
• Comply with legal obligations and enforce our terms.

4. Legal bases (where applicable)

Depending on your location, we rely on legal bases such as performance of a contract, legitimate interests (e.g., securing and improving the Service), compliance with legal obligations, and consent where required (e.g., certain cookies).

5. How we share information

We may share information with:

• Service providers that help us operate the Service (hosting, email, monitoring, payment processing). They are authorized to process data only as needed to provide services to us.
• Your organization: administrators of your tenant may access and manage user accounts and data within your tenant.
• Legal and compliance: if required by law, regulation, or valid legal process, or to protect rights, safety, and security.
• Business transfers: in connection with a merger, acquisition, or sale of assets.

6. Data retention

We retain personal data for as long as necessary to provide the Service and for legitimate and essential business purposes (e.g., security, dispute resolution, and compliance). Retention of business records may be controlled by your organization.

7. Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information. No system is completely secure, and we cannot guarantee absolute security.

8. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict certain processing. You can also update some information through your account settings.

If your request relates to data stored within an organization tenant, we may direct you to the tenant administrator.

9. Cookies

We use cookies and similar technologies for authentication, preferences, and analytics. You can control cookies through your browser settings. Disabling cookies may affect some features of the Service.

10. International transfers

Your information may be processed in countries other than where you live. Where required, we use appropriate safeguards for cross-border data transfers.

11. Children’s privacy

The Service is not directed to children under 13 (or a higher age where required by law). We do not knowingly collect personal data from children.

12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice in the Service or by other appropriate means.

13. Contact

Questions about privacy? Contact us at support@appnovia.com.

See also our Terms of Service.