Data Processing Agreement
Last updated: May 2026
1. Scope and Purpose
This Data Processing Agreement ("DPA") applies between Finsights AI ("Processor") and the customer entity ("Controller") that has agreed to our Terms of Service. It governs the processing of personal data by Finsights AI on behalf of the customer in connection with the provision of our platform services.
2. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws including GDPR and CCPA. "Processing" means any operation performed on personal data, including collection, storage, use, and disclosure.
3. Nature and Purpose of Processing
Finsights AI processes personal data solely to provide the services described in the Terms of Service, including operating the platform, generating AI-powered analysis, and maintaining service functionality. We process data only on documented instructions from the Controller.
4. Types of Personal Data
Data processed may include: account credentials (name, email address), usage and activity data, portfolio and financial data submitted by the customer, and any other personal data the customer inputs into the platform.
5. Sub-processors
Finsights AI uses the following categories of sub-processors: cloud infrastructure providers (database, hosting), AI model providers (for generating analysis and responses), and analytics services. We maintain a current sub-processor list and will notify customers of material changes. Customers may request the current list by contacting support@finsights.ai.
6. Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure — including encryption in transit and at rest, access controls, and regular security reviews.
7. Data Subject Rights
Finsights AI will assist the Controller in fulfilling obligations to respond to data subject requests (access, correction, deletion, portability) to the extent technically feasible. Controllers are responsible for communicating these rights to their own data subjects.
8. Data Retention and Deletion
Upon termination of the service relationship, Finsights AI will delete or return all personal data within 30 days, unless retention is required by applicable law. Customers may request earlier deletion by contacting support.
9. Contact
For questions about this DPA or to request a signed copy for your compliance records, contact us at support@finsights.ai.