FA
FinAnomaly
Back to home

Privacy Policy

Last updated: 9 May 2026

In plain English

  • We collect only what we need to run FinAnomaly: your account info, the data you upload for analysis, and basic usage metrics.
  • Production data is hosted in Microsoft Azure's Sydney region.
  • We do not sell your data. We do not use your uploaded transaction data to train AI models.
  • You can request your data, correct it, or delete it at any time by emailing info@finanomaly.cc.

1. Who we are

FinAnomaly is operated by Qadan Analysis Consulting, an Australian consultancy registered in New South Wales. Our registered office is at 275 Alfred St N, North Sydney NSW 2060, Australia. In this policy, "we", "us", or "FinAnomaly" refers to Qadan Analysis Consulting.

For all privacy enquiries, contact info@finanomaly.cc.

2. What information we collect

2.1 Information you provide directly

  • Account information: name, business email, company name, role, password (hashed).
  • Billing information: processed and stored by Stripe; we receive the last 4 digits of your card and a token only.
  • Uploaded data: transaction files (general ledger, accounts payable, journal entries, vendor master, etc.) you upload to FinAnomaly for analysis.
  • Communications: support enquiries, feedback, and other content you send us.

2.2 Information collected automatically

  • Usage data: pages visited, features used, timestamps, IP address, browser, device type.
  • Cookies: session cookies for authentication, plus minimal analytics cookies (see Section 8).

3. How we use your information

We use the information we collect to:

  • Provide, operate, and maintain the FinAnomaly service (run anomaly detection on your uploaded data).
  • Authenticate you and protect your account.
  • Process payments and manage your subscription.
  • Send transactional emails (account confirmations, billing, security alerts).
  • Respond to your support requests and enquiries.
  • Improve the product through aggregated, anonymised usage analysis.
  • Comply with legal obligations (tax, accounting, fraud prevention).

What we do NOT do: we do not sell your personal information, and we do not use your uploaded transaction data to train AI models — neither our own nor any third party's.

4. Subprocessors

We use the following third-party services to run FinAnomaly. Each is contractually bound to handle your data only on our instructions, with appropriate security measures.

ProviderPurposeRegion
SupabaseAuthentication and application databaseUS (us-east-1)
StripePayment processing and subscription billingUS, processing globally
Microsoft AzureFile storage (Azure Blob), application hosting, Postgres, RedisAustralia East (Sydney) for production data
Azure OpenAI ServiceColumn mapping and narrative generation. Your data is NOT used to train models.Australia East / East US
ResendTransactional email (account, billing, security alerts)US
Google Analytics 4Aggregate, anonymised website usage analytics. IP anonymisation enabled.US
LinkedIn Insight TagConversion measurement and retargeting for LinkedIn adsUS/EU

We will update this list when we add or change subprocessors. If you would like to be notified of changes, email us at info@finanomaly.cc.

5. Where your data is stored

FinAnomaly production data — including your uploaded transaction files, analysis results, and account information — is stored in Microsoft Azure's Australia East (Sydney) region. Authentication data is held by Supabase in the United States. Payment data is held by Stripe.

When data is transferred outside Australia (for example, to our US-based authentication or analytics providers), we rely on Standard Contractual Clauses and the providers' certifications under recognised frameworks (SOC 2, ISO 27001).

6. How long we keep your data

  • Account information: retained while your account is active, plus 12 months after closure for legal and audit purposes.
  • Uploaded transaction files: retained for the duration specified in your plan (default 12 months), then automatically deleted from Azure Blob Storage.
  • Analysis results: retained alongside your account; you can delete individual analyses at any time from your dashboard.
  • Billing records: retained for 7 years to satisfy Australian tax and accounting requirements.
  • Backups: rolling 30-day encrypted backups; deletions propagate within 30 days.

7. Your rights

Depending on where you live, you have the following rights:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: ask us to delete your data, subject to legal retention obligations.
  • Portability: receive a copy of your data in a structured, machine-readable format.
  • Objection: object to certain processing (such as marketing).
  • Withdraw consent: where we rely on consent, you may withdraw it at any time.

To exercise any of these rights, email info@finanomaly.cc. We will respond within 30 days. We will not charge you for routine requests.

Australian residents may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. EU/UK residents may lodge a complaint with their local supervisory authority. California residents may exercise CCPA rights, including the right to know, delete, and opt out of any sale of personal information (we do not sell personal information).

8. Cookies and tracking

FinAnomaly uses cookies that are strictly necessary for authentication and core site functionality. We also use a small set of analytics cookies through Google Analytics 4 (with IP anonymisation enabled) to understand how the site is used in aggregate.

On marketing pages, we use the LinkedIn Insight Tag for ad attribution and retargeting. You can control these preferences via your browser's cookie settings or LinkedIn's ad-settings page.

9. Security

We protect your data with:

  • TLS 1.2+ encryption for all data in transit.
  • AES-256 encryption at rest in Azure Blob Storage and Postgres.
  • Role-based access controls; only authorised staff can access production systems.
  • Audit logging of all access to customer data.
  • Regular security reviews and dependency vulnerability scanning.

No system is 100% secure. If we ever experience a data breach affecting your information, we will notify you in line with the Notifiable Data Breaches scheme under the Australian Privacy Act and applicable laws.

10. Children's privacy

FinAnomaly is a B2B product and is not directed at anyone under 18. We do not knowingly collect information from children. If we learn that we have collected information from a child, we will delete it.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the current version. For material changes (for example, new subprocessors handling sensitive data), we will notify account holders by email at least 30 days before the change takes effect.

12. Contact us

For any questions, requests, or complaints about this policy or our handling of your data:

Qadan Analysis Consulting
275 Alfred St N, North Sydney NSW 2060, Australia
Email: info@finanomaly.cc