Privacy Policy

Last Updated: July 28, 2025
Company: Finsi (finsi.ai)
Service: Automated Marketing Analytics and Reporting Platform

Overview

At Finsi, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our marketing analytics platform that integrates with Facebook, Google Ads, Slack, and other third-party services to provide automated advertising performance reports.

Information We Collect

Personal Information

  • Name, email address, business information
  • Account credentials and authentication tokens
  • Payment and billing information
  • Communication preferences

Platform Data We Access

Facebook Platform Data

When you connect your Facebook advertising account through our OAuth integration, we access:

Business Management Data (business_management permission):

  • Facebook Business Manager account information
  • Business account names, IDs, and hierarchical relationships
  • Associated ad account lists under business management
  • Business-level settings (currency, timezone, permissions)

Advertising Insights Data (read_insights permission):

  • Campaign performance metrics (spend, impressions, clicks, conversions)
  • Daily and historical advertising insights
  • Cost efficiency metrics (CPM, CPC, CTR)
  • Revenue and return on ad spend (ROAS) data

Campaign and Ad Data (ads_read permission):

  • Campaign names, status, and configuration details
  • Ad creative names and identifiers
  • Campaign structure and organization
  • Ad account information and settings

Attribution Data (attribution_read permission):

  • Conversion events with attribution windows
  • Purchase events and attributed revenue
  • Action values for ROAS calculations
  • Attribution window performance data

Google Platform Data

  • Google Ads campaign performance data
  • Account information and settings
  • Campaign structure and ad group details

Slack Data

  • Workspace information for report delivery
  • Channel access for automated reporting
  • User identification for authentication

How We Use Your Information

Core Service Functionality

Automated Reporting Service:

  • Collect daily advertising performance data from connected platforms
  • Generate comprehensive performance reports combining multiple data sources
  • Deliver automated reports to designated Slack channels
  • Provide historical performance tracking and trend analysis

Business Intelligence Analytics:

  • Calculate key performance indicators (ROAS, CAC, LTV)
  • Perform comparative analysis across accounts and time periods
  • Generate AI-powered optimization recommendations
  • Create strategic insights for advertising budget allocation

Multi-Platform Integration:

  • Consolidate data from Facebook, Google Ads, and e-commerce platforms
  • Provide unified reporting across all advertising channels
  • Enable cross-platform performance comparison and optimization

Specific Facebook Data Usage

Business Management (business_management):

  • Display business account hierarchy in account selection interface
  • Include business context in reports (e.g., "GlobalRetail Inc - Electronics Division")
  • Support multi-account reporting for agencies and enterprise businesses
  • Enable business-level performance aggregation and analysis

Performance Insights (read_insights):

  • Collect yesterday's advertising performance data daily at 9:00 AM EST
  • Calculate advertising efficiency metrics and ROAS
  • Generate automated daily and weekly performance reports
  • Track performance trends and identify optimization opportunities

Campaign Structure (ads_read):

  • Include campaign and ad names in performance reports
  • Provide campaign-level performance breakdowns
  • Enable identification of top and bottom performing campaigns
  • Support creative performance analysis and optimization

Attribution Tracking (attribution_read):

  • Calculate accurate ROAS using attributed conversion data
  • Track conversion events within specified attribution windows
  • Provide conversion performance insights and trends
  • Support revenue attribution analysis for business intelligence

Facebook Platform Data - Sharing and Disclosure

Data Sharing Policy

We do not sell, rent, or share your Facebook advertising data with third parties, except in these limited circumstances:

Service Providers:

  • Cloud infrastructure providers (AWS, Google Cloud) for secure data processing
  • Analytics services for platform improvement and optimization
  • These providers are contractually bound to protect your data and use it only for specified purposes

Legal Requirements:

  • When required by law, court order, or government regulation
  • To protect our rights, property, or safety, or that of our users

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, subject to the same privacy protections

Your Explicit Consent:

  • With your specific consent for purposes clearly explained at the time

Data Processing Safeguards

  • All Facebook platform data is encrypted in transit and at rest
  • Role-based access controls limit data access to authorized personnel only
  • Comprehensive audit trails track all data access and usage
  • Regular security audits and penetration testing
  • SOC 2 Type II certified infrastructure

Facebook Platform Data - Retention and Deletion

Data Retention Schedule

Campaign Performance Data:

  • Retained for up to 24 months to provide historical reporting and trend analysis
  • Used for performance benchmarking and strategic planning
  • Enables year-over-year performance comparisons

Business Account Information:

  • Retained while your account is active and connected
  • Automatically deleted 30 days after account disconnection
  • Used solely for account identification and report context

Generated Reports:

  • Report archives retained for 12 months for reference
  • Include aggregated insights from Facebook platform data
  • Support historical analysis and performance tracking

Data Deletion Options

User-Initiated Deletion: You can request deletion of your Facebook platform data at any time by:

  • Disconnecting your Facebook account from our platform settings
  • Contacting us at privacy@finsi.ai with a deletion request
  • Using the "Delete Account Data" option in your account dashboard
  • Revoking our app's access through Facebook's App Settings

Automatic Deletion:

  • Campaign data older than 24 months is automatically purged
  • Account data is deleted 30 days after account disconnection
  • Report archives are deleted after 12 months
  • All associated Facebook platform data is permanently removed

Complete Data Deletion: Upon request, we will delete all your Facebook platform data within 30 days, except where retention is required by law. This includes:

  • All collected campaign performance data
  • Business account information and settings
  • Generated reports containing your Facebook data
  • Associated analytics and insights

Data Portability

  • Export your data and reports anytime through your account dashboard
  • Data exports include all Facebook advertising performance data
  • Reports provided in standard formats (CSV, JSON, PDF)
  • No restrictions on downloading or transferring your data

Privacy Controls and User Rights

Account Management

  • Connect/Disconnect: Link or unlink Facebook accounts at any time
  • Selective Access: Choose which Facebook ad accounts to include in reporting
  • Permission Control: Manage which data types we can access
  • Report Preferences: Customize what data appears in your reports

Data Access Rights

  • Access: Request a copy of all Facebook platform data we've collected
  • Correction: Request correction of any inaccurate data
  • Deletion: Request deletion of specific data or your entire account
  • Portability: Export your data in machine-readable formats
  • Objection: Object to certain types of data processing
  • Restriction: Request limitation of data processing under certain circumstances

Privacy Preferences

  • Control which team members can access Facebook advertising data
  • Set data retention preferences within our policy limits
  • Manage notification preferences for privacy policy updates
  • Configure audit logs and data access monitoring

Data Security

Technical Safeguards

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Controls: Multi-factor authentication and role-based permissions
  • Network Security: Firewall protection and intrusion detection systems
  • Monitoring: 24/7 security monitoring and incident response procedures

Organizational Safeguards

  • Privacy by Design: Privacy considerations built into all system designs
  • Employee Training: Regular privacy and security training for all staff
  • Data Minimization: Collection limited to data necessary for service functionality
  • Audit Procedures: Regular security audits and compliance assessments

Compliance Certifications

  • SOC 2 Type II certified infrastructure
  • GDPR compliance with appointed Data Protection Officer
  • Regular third-party security assessments
  • Incident response and breach notification procedures

Third-Party Integrations

Facebook Integration

  • Purpose: Automated advertising performance reporting and analytics
  • Data Collected: As detailed in the Facebook Platform Data section above
  • Privacy Policy: This policy governs all Facebook data usage
  • User Control: Full control over connection and data access permissions

Google Ads Integration

  • Purpose: Multi-platform advertising performance comparison
  • Data Collected: Campaign performance, account structure, billing data
  • Privacy Policy: Subject to Google's privacy policies and this policy
  • Data Usage: Combined with Facebook data for comprehensive reporting

Slack Integration

  • Purpose: Automated report delivery to your team
  • Data Collected: Workspace information, channel access permissions
  • Privacy Policy: Subject to Slack's privacy policies and this policy
  • Report Control: Choose which channels receive reports

International Data Transfers

Data Processing Locations

  • Primary data processing occurs in the United States
  • Backup systems located in secure facilities in the EU
  • All international transfers comply with applicable privacy laws
  • Appropriate safeguards in place for cross-border data transfers

Transfer Safeguards

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions where applicable
  • Binding Corporate Rules for internal data transfers
  • Regular compliance monitoring and auditing

Children's Privacy

Our service is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor, we will take steps to delete such information promptly.

Privacy Policy Updates

Notification Process

When we make changes to this Privacy Policy:

  • We will post the updated policy at this URL
  • Update the "Last Updated" date at the top of the policy
  • For material changes, notify you via email or platform notification
  • Provide 30 days notice before material changes take effect

Your Consent

Continued use of our services after privacy policy updates constitutes acceptance of the revised terms. If you disagree with changes, you may disconnect your accounts and request data deletion.

Compliance Framework

Regulatory Compliance

  • GDPR: European General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • PIPEDA: Canadian Personal Information Protection and Electronic Documents Act
  • Facebook Platform Policy: Full compliance with Facebook's developer policies
  • Google API Services User Data Policy: Compliance with Google's data usage requirements

Industry Standards

  • SOC 2 Type II: Security and availability controls
  • ISO 27001: Information security management
  • NIST Cybersecurity Framework: Comprehensive security practices
  • Privacy Shield: Data transfer framework compliance (where applicable)

Contact Information

General Privacy Inquiries

  • Email: privacy@finsi.ai
  • Response Time: Within 30 days for all privacy requests

Facebook Data Specific Inquiries

  • Email: facebook-privacy@finsi.ai
  • Scope: Questions about Facebook platform data usage, deletion, or access

Data Protection Officer

  • Email: dpo@finsi.ai
  • Role: GDPR compliance and data protection oversight

Customer Support

  • Email: support@finsi.ai
  • Scope: General platform support and technical assistance

Business Address

Finsi Inc.
40 W 25th St, Floor 9 New York, NY 10001

Effective Date and Legal Information

This Privacy Policy is effective as of July 28, 2025, and governs your use of our services from that date forward. This policy may be updated periodically, and your continued use of our services constitutes acceptance of any modifications.

For questions about this Privacy Policy or our privacy practices, please contact us using the information provided above. We are committed to addressing your privacy concerns promptly and transparently.

Last Reviewed: July 28, 2025
Next Scheduled Review: January 28, 2026