PersonaFin

Privacy Policy

Last updated: October 2, 2025

2.1 Scope

This Privacy Policy explains how PersonaFin AI, Inc. and affiliates (collectively, "PersonaFin") collect, use, disclose, and secure information when you visit the Site. It also describes regional rights for EU/UK and Canada.

2.2 Summary

  • We collect limited device, usage, and preference data to operate and improve the Site.
  • Where implemented, you can opt in/out of personalization on the Site.
  • We do not use customer interaction data to train third‑party large language models.
  • We align our program with ISO 27001 practices and apply appropriate technical and organizational measures.

2.3 Information We Collect

1. Directly Provided Data

Contact details (e.g., name, email) if you request a demo, download content, or subscribe.

2. Automatic Data

Device identifiers, IP address, browser type, pages viewed, referring/exit pages, timestamps, and approximate location (derived from IP).

3. Cookies/Similar Tech

See Cookies Policy for details and choices.

4. Demo Interactions (If Enabled)

Inputs and clicks within demo environments; we minimize retention and may aggregate or de‑identify for product analytics.

We do not intentionally collect sensitive personal information via the Site. Please do not submit sensitive data (e.g., financial account numbers, health data) through general web forms.

2.4 How We Use Information

  • Operate, maintain, and secure the Site;
  • Measure and improve performance and content;
  • Respond to inquiries and provide demos;
  • Detect, prevent, and investigate fraud, abuse, security incidents;
  • Comply with legal obligations.

2.5 Legal Bases (EU/UK)

Where GDPR/UK GDPR applies, our processing bases include:

  • Legitimate interests (e.g., Site security, analytics, product improvement, basic personalization with user controls);
  • Consent (e.g., non‑essential cookies, marketing subscriptions);
  • Contract (e.g., responding to demo requests);
  • Legal obligation (e.g., compliance, record‑keeping).

2.6 Sharing & Disclosures

We share with:

  • Vendors/Processors providing hosting, analytics, security, communications, and support, bound by appropriate contracts;
  • Affiliates for Site operations and product analytics;
  • Legal/Compliance recipients where required by law, to protect rights, or in corporate transactions.

We do not sell personal information and do not permit third parties to use Site data for their own advertising without consent.

2.7 International Transfers

We may transfer information to countries with different data protection laws (e.g., U.S., UK, EU, Canada). Where required, we use appropriate safeguards such as Standard Contractual Clauses or UK Addendum.

2.8 Retention

We retain personal information only as long as necessary for the purposes described or as required by law, then delete or de‑identify it.

2.9 Security

We maintain administrative, technical, and physical safeguards aligned with ISO 27001 practices. No system is 100% secure; please use caution online.

2.10 Your Choices

  • Cookies & Tracking: Manage preferences via our cookie banner or browser settings. See Cookies Policy.
  • Marketing Communications: Opt out via unsubscribe links or by contacting us.
  • Personalization Controls: Where provided, toggle on/off. Opting out limits personalized experiences but not basic Site functionality.

2.11 Your Rights (EU/UK)

Where GDPR/UK GDPR applies, you may request: access, rectification, erasure, restriction, portability, and objection; and to withdraw consent at any time. You can also lodge a complaint with your local supervisory authority.

2.12 Your Rights (Canada)

Subject to exceptions, you may request access to and correction of your personal information. You may also withdraw consent to non‑essential processing. Contact details below.

2.13 Children

The Site is not directed to children. Do not provide personal information of children through the Site.

2.14 Changes

We may update this Policy; the "Last Updated" date will reflect changes, and additional notice may be provided where required.

2.15 Contact

PersonaFin AI, Inc. — Privacy
Email: privacy@personafin.ai

2.A EU/UK Privacy Supplement

  • Controller: PersonaFin AI, Inc. (and relevant affiliate).
  • Representative/DPO: If designated, details above.
  • Transfers: We rely on SCCs/UK Addendum as applicable.
  • Automated Decision‑Making: The Site does not perform solely automated decisions with legal or similarly significant effects.
  • Supervisory Authorities: You may lodge complaints with your local authority (e.g., ICO in the UK, CNIL in France, etc.).

2.B Canada Privacy Supplement

  • Legal Framework: PIPEDA and substantially similar provincial laws may apply.
  • Consent: We obtain consent for non‑essential cookies/marketing and rely on implied consent or legitimate interests for strictly necessary functions, subject to your rights.
  • Access & Correction: Contact privacy@personafin.ai to request access or correction.
  • Language: You may request this Policy in French. / Vous pouvez demander cette Politique en français.