SECTION IScope of this Policy
This Privacy Policy applies to all FinHelm products and services, including FinHelm Clarity (our QuickBooks Online–connected SMB FP&A product), FinHelm Platform (our mid-market and enterprise FP&A product), the FinHelm MCP connector for AI clients, and marketing pages and demo tools at finhelm.ai. Where MCP connector–specific terms apply, they are noted in the relevant section.
SECTION IIWho we are
FinHelm Corp is a Tennessee C-Corporation, founded MMXXVI. Our principal place of business is in Tennessee, U.S.A. For data protection purposes, FinHelm Corp is the data controller for marketing and authentication data, and a data processor for ERP analysis data on behalf of our customers.
Contact: privacy@finhelm.ai.
SECTION IIIData we collect
FinHelm collects only what is necessary to operate the product and meet legal obligations.
- Account & authentication data: Email address (required for account creation); password hash (managed by AWS Cognito; FinHelm does not see plaintext); OAuth tokens for connected ERP providers (encrypted at rest with AWS KMS); sign-in metadata (timestamp, IP address, user-agent).
- ERP data — read in transient memory only: When you invoke an authenticated tool, FinHelm fetches only the slice of your ledger required to compute the requested output. This data is processed in volatile memory on the FinHelm compute layer and is discarded at the end of the request. We do not persist raw transactions, customer or vendor names, or account-level details.
- Analysis outputs (retained): UES™ scores and band classifications; Monte Carlo distribution summary statistics (P10/P50/P90, mean, standard deviation); AI-generated narratives describing variance drivers; Reflection Engine™ fidelity scores.
- Audit metadata (retained): Tool name invoked, timestamp, response status (success or failure); user identifier and connected entity identifier.
FIG. III.a · The custody doctrine is structural. Data we never have, we cannot lose.
SECTION IVHow we use data
We use data only for the purposes listed below and only on the legal basis indicated.
| Data category | Purpose | Legal basis |
|---|---|---|
| Email & password hash | Account creation, authentication, password reset | Contract |
| OAuth tokens | Read-only access to connected ERP on user’s instruction | Contract |
| ERP transaction data (transient) | Compute UES™, Monte Carlo, variance, runway, narratives | Contract |
| Analysis outputs | Display in AI client; Reflection Engine™ fidelity scoring | Contract |
| Audit metadata | Operational integrity, security incident response, billing | Legitimate interest |
| Sign-in metadata | Account security, fraud prevention | Legitimate interest |
| Marketing email (opt-in only) | Product updates and educational content | Consent |
We do not sell, rent, or trade personal information. We do not use ERP data or analysis outputs to train third-party AI models. AI models accessed via our MCP connector are invoked ephemerally per request; outputs are returned and not pooled into a training set.
SECTION VData retention
| Data category | Retention period |
|---|---|
| Raw ERP transaction data | Not retained — transient memory only |
| OAuth tokens (active) | Until you revoke access or close your account |
| OAuth tokens (revoked) | Deleted within 24 hours of revocation |
| Analysis outputs | 13 months from generation, then deleted |
| Audit metadata | 13 months from event, then deleted |
| Account data (active) | Until you close your account |
| Account data (closed) | 30 days, then deleted (legal-hold exceptions noted) |
| Marketing consent records | Until you withdraw consent, plus 24 months evidence |
SECTION VIThird-party services & sub-processors
FinHelm contracts the sub-processors below to operate the product. The canonical list is mirrored on finhelm.ai/security/.
| Sub-processor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Compute, storage, KMS, Cognito, networking | U.S. — us-east-1 |
| Anthropic, PBC | AI model invocation (ephemeral, per-request) | U.S. |
| Stripe, Inc. | Payments processing (when paid tiers enforced) | U.S. |
| Sentry | Application error monitoring (no ERP data sent) | U.S. |
| Postmark | Transactional email (sign-in, password reset) | U.S. |
| Vercel | Frontend hosting | Standard web logs |
| PostHog | Product analytics | Anonymized usage events |
FinHelm provides 30 days’ notice before adding a new sub-processor that processes customer ERP data. Subscribe to sub-processor change notifications at privacy@finhelm.ai.
SECTION VIIYour data rights
Depending on your jurisdiction, you have the following rights:
- Access — receive a copy of your account data and analysis outputs.
- Rectification — correct inaccurate data we hold.
- Erasure — delete your account and associated data (subject to legal-hold exceptions).
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — for any consent-based processing (such as marketing email).
To exercise any of these rights, email privacy@finhelm.ai. We respond within 30 days.
SECTION VIIISecurity
FinHelm implements industry-standard technical and organizational measures:
- TLS 1.2+ for data in transit.
- AES-256 encryption at rest, AWS KMS customer-managed keys.
- OAuth 2.0 + PKCE authentication via AWS Cognito.
- Read-only ERP scopes; no write access requested or granted.
- Principle of least privilege for internal access.
- Dependabot security updates and code review on every commit.
Detailed security architecture is documented at finhelm.ai/security/.
SECTION IXChildren’s privacy
FinHelm is a B2B finance product and is not directed to individuals under 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it.
SECTION XInternational data transfers
FinHelm’s primary infrastructure is hosted in the U.S. (AWS us-east-1). For customers outside the U.S., this constitutes a cross-border transfer. Where required (for example, EEA and UK customers), we rely on Standard Contractual Clauses and equivalent transfer mechanisms. Contact privacy@finhelm.ai for the applicable transfer mechanism documentation.
SECTION XIChanges to this policy
We will notify customers of material changes by email and by updating the “Last updated” date at the top of this page at least 14 days before changes take effect. Non-material edits (typo fixes, link updates) take effect on publication. The previous version (March MMXXVI) is available on request.