Quick Summary

FINAPOLIS INC.

PRIVACY POLICY

QUICK REFERENCE SUMMARY

This table is a summary only. Please read the full policy below for complete details.

Who we are

Finapolis Inc., a Delaware corporation operating a financial information and research platform.

What we collect

Account/identity data, financial data you input, usage and behavioral data, device/technical data, communications, and payment records (not raw card numbers — Stripe handles those).

Why we collect it

To operate and improve the Services, process payments, prevent fraud, comply with law, and (with your consent) send marketing communications.

Who we share it with

Service providers (Stripe, analytics, hosting), data vendors, legal/compliance parties. We do not sell your personal information.

How long we keep it

As long as your account is active and as required by law or legitimate business need. See Section 8.

Your rights

Access, correction, deletion, opt-out of sale/sharing, portability (where applicable). See Section 10.

Contact

support@finapolis.com

1. Introduction and Scope

This Privacy Policy (“Policy”) describes how Finapolis Inc. (“Finapolis,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with our websites, mobile applications, content, tools, data, and services (collectively, the “Services”). It applies to all users of the Services, including registered account holders, trial or beta users, and visitors who have not created an account.

This Policy is incorporated into and forms part of our Online User Agreement. By creating an account, accessing, or using the Services, you acknowledge that you have read and understood this Policy and consent to the practices described herein. If you do not agree, please do not use the Services.

California residents: Please also see Section 10 for your specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

2. Information We Collect

We collect personal information in the following categories:

2.1 Information You Provide Directly

(a) Account and Identity Data. When you register for the Services, you provide your name, email address, username, password, and, if applicable, your state of residence. If you access the Services on behalf of a company, you may also provide company name and your role.

(b) Financial Preferences and Inputs. To use certain tools and features, you may voluntarily provide information about your investment interests, portfolio parameters, risk tolerance inputs, and financial goals. This information is used to power features such as screeners, watchlists, and model portfolio tools. This is information you choose to input; we do not receive your actual brokerage account data unless you separately authorize a data connection.

(c) Communications. If you contact us for support, submit feedback, respond to surveys, or communicate with us by email or through the Services, we collect the content of those communications and any information you include.

(d) Beta Program Participation. If you participate in a beta or early-access program, we may collect additional information related to your testing activities, bug reports, and feedback, subject to the confidentiality terms in our Online User Agreement.

2.2 Information Collected Automatically

(a) Usage and Behavioral Data. We automatically collect information about how you use the Services, including pages and features accessed, search queries, content viewed, tools used, time spent, navigation paths, clicks, and interactions with data and analytical outputs.

(b) Device and Technical Data. We collect information about the device and software you use to access the Services, including IP address, browser type and version, operating system, device identifiers, screen resolution, language settings, time zone, and referring URLs.

(c) Cookies and Tracking Technologies. We use cookies, web beacons, pixels, SDKs, and similar technologies to collect information about your interactions with the Services. Please see our Cookie Policy (Section 24 of the Online User Agreement) for details on the types of cookies we use and your choices.

(d) Log Data. Our servers automatically record information when you access the Services, including access times, duration of sessions, error logs, and API calls.

2.3 Payment Information

If you purchase a paid subscription, payment processing is handled by Stripe, Inc. (“Stripe”), a third-party payment processor. Finapolis does not receive, store, or process your payment card number, CVV, or full banking credentials. Stripe’s collection and use of your payment information is governed by Stripe’s Privacy Policy, available at https://stripe.com/privacy. Finapolis receives from Stripe only limited billing information necessary to manage your account: subscription tier, billing status, last four digits of your card (for display purposes), billing address, and transaction history.

2.4 Information from Third Parties

(a) Market Data and Content Providers. Our Services incorporate data from third-party financial data vendors (such as market data providers, news services, and analytics providers). These providers may collect certain technical information in connection with delivering their data to the Services. We do not control their data collection practices.

(b) Authentication Providers. If you choose to sign in using a third-party authentication service (e.g., Google Sign-In or Apple Sign-In), we receive the information you authorize that provider to share with us, typically your name, email address, and a unique identifier.

(c) Analytics Providers. We use third-party analytics services (including Google Analytics) that collect information about your use of the Services. See Section 5 for details on third-party service providers.

2.5 Information We Do Not Collect

We do not intentionally collect the following categories of sensitive personal information: Social Security numbers or government-issued identification numbers; full payment card or bank account numbers (see Section 2.3); precise geolocation data (we may derive approximate location from IP address); biometric data; health or medical information; or personal information from individuals we know to be under 13 years of age. If you believe we have inadvertently received any such information, please contact us at support@finapolis.com.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

(a) Providing and Operating the Services. To create and manage your account; deliver the features and functionality of the Services; process subscription payments through Stripe; authenticate your identity; and provide customer support.

(b) Personalizing Your Experience. To tailor content, tools, alerts, and recommendations to your stated interests and usage patterns; remember your preferences and settings; and enable saved watchlists, screeners, and other personalized features.

(c) Improving the Services. To analyze usage patterns, performance, and user behavior; conduct research and analytics; test new features; diagnose technical issues; and improve the quality, accuracy, and usability of the Services.

(d) Beta Program Management. To administer beta or early-access programs; collect and act on feedback; monitor platform performance during testing; and communicate with beta participants about program updates.

(e) Communications. To send transactional communications (account confirmations, password resets, billing notices, security alerts); send service-related announcements; and, where you have opted in or where permitted by applicable law, send marketing communications about the Services, new features, or related offerings. You may opt out of marketing communications at any time; see Section 9.

(f) Safety, Security, and Fraud Prevention. To detect, investigate, and prevent unauthorized access, fraud, abuse, and other harmful or illegal activity; enforce our Online User Agreement; and protect the rights, property, and safety of Finapolis, our users, and others.

(g) Legal Compliance and Dispute Resolution. To comply with applicable laws, regulations, and legal obligations; respond to lawful requests from government authorities; enforce our legal rights; and resolve disputes.

(h) Business Operations. To conduct internal audits and reporting; evaluate and complete mergers, acquisitions, financing, or other business transactions; and manage our business generally.

We do not use personal information to make automated decisions that produce legal or similarly significant effects on users without human review.

For users in the United States, we rely on your consent (where required), contractual necessity (to provide the Services you have requested), legitimate business interests (such as improving the Services, fraud prevention, and security), and legal compliance as the bases for collecting and using your personal information, consistent with applicable U.S. state privacy laws.

If Finapolis expands its Services to users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with comprehensive privacy frameworks, we will update this Policy to address the applicable legal bases under those frameworks (e.g., GDPR Article 6 lawful bases) and will provide jurisdiction-specific notices as required. As of the date of this Policy, the Services are directed at U.S. users only.

5. How We Share Your Information

We do not sell your personal information to third parties. We do not share your personal information with third parties for their own independent marketing purposes without your consent. We share personal information only in the following circumstances:

5.1 Service Providers

We share personal information with vendors and service providers that perform functions on our behalf, including:

Payment processing: Stripe, Inc. (payment processing for subscriptions)

Cloud infrastructure and hosting: Third-party cloud hosting providers that store and process data on our behalf

Analytics: Google Analytics and similar providers that help us understand usage patterns

Email and communications: Email service providers used to deliver transactional and marketing communications

Security and fraud prevention: Vendors providing identity verification, bot detection, and security monitoring services

Customer support: Help desk and support tools used to manage user inquiries

Service providers are permitted to use personal information only as necessary to perform services for us and are contractually required to protect your information consistent with this Policy.

5.2 Market Data and Content Providers

The Services incorporate Third-Party Content (as defined in our Online User Agreement), including real-time and delayed market data, news, research, and analytics. In connection with delivering this content, our data providers may receive certain technical information (such as IP address and usage logs) as part of normal data delivery operations. This is governed by our agreements with those providers.

5.3 Legal and Compliance Disclosures

We may disclose personal information if we believe in good faith that disclosure is necessary or appropriate to: (a) comply with applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Online User Agreement or other legal rights; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Finapolis, our users, or the public.

5.4 Business Transfers

If Finapolis is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Services before your personal information becomes subject to a materially different privacy policy as a result of such a transaction.

5.5 With Your Consent

We may share your personal information with third parties in ways not described above when we have your affirmative consent to do so.

5.6 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other purposes. We do not attempt to re-identify de-identified data.

6. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, SDKs, and similar technologies to collect information about your interactions with the Services. A full description of the types of cookies we use, the purposes for which they are used, and your choices for managing them is set forth in our Cookie Policy, which is incorporated into the Online User Agreement as Section 24. Please review that section for complete information.

Key points: we use Strictly Necessary cookies (required for the Services to function), Functional cookies (preferences and personalization), Analytics cookies (usage and performance data), and Targeting/Advertising cookies (interest-based content). You can manage cookie preferences through your browser settings and certain opt-out tools described in the Cookie Policy.

7. Data Retention

We retain personal information for as long as your account is active and as reasonably necessary to provide the Services, comply with our legal obligations, resolve disputes, enforce our agreements, and fulfill the purposes described in this Policy. The following general retention practices apply:

Account data: Retained for the duration of your account and for a period of up to three (3) years following account closure, to allow for dispute resolution and legal compliance.

Financial inputs and preferences: Retained while your account is active. You may delete saved watchlists, screeners, and similar inputs at any time through your account settings.

Usage and behavioral data: Generally retained in identifiable form for up to two (2) years, after which it may be aggregated or de-identified for longer-term analytics.

Payment and billing records: Retained for a minimum of seven (7) years as required for tax and accounting compliance.

Communications: Support communications and feedback retained for up to two (2) years following resolution.

Legal hold: If personal information is subject to a legal hold, litigation, or regulatory investigation, we will retain it for the duration of that matter regardless of the above schedules.

When personal information is no longer required, we delete or de-identify it in accordance with our data retention procedures.

8. Data Security

We implement technical, administrative, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (TLS) and at rest, access controls and authentication requirements for internal systems, regular security assessments, and vendor security requirements.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you have reason to believe that your account credentials have been compromised, please notify us immediately at support@finapolis.com and change your password.

In the event of a data breach that is reasonably likely to result in risk of harm to affected individuals, we will notify affected users and relevant authorities as required by applicable law.

9. Your Choices and Controls

9.1 Account Information

You may review and update your account profile information at any time by logging into your account settings. You may also request correction of inaccurate information by contacting us at support@finapolis.com.

9.2 Marketing Communications

You may opt out of receiving marketing emails from us by clicking the “unsubscribe” link in any marketing email or by contacting us at support@finapolis.com. Please note that even if you opt out of marketing communications, we will continue to send you transactional and service-related messages (such as account confirmations, billing notices, and security alerts) as long as you have an active account.

9.3 Cookies

You may manage cookie preferences through your browser settings or through the opt-out tools described in our Cookie Policy (Section 24 of the Online User Agreement). Note that disabling certain cookies may affect the functionality of the Services.

9.4 Account Deletion

You may request deletion of your account by contacting us at support@finapolis.com. Upon verified request, we will delete or de-identify your personal information consistent with Section 7 (Data Retention), except where retention is required by law or legitimate business need (such as billing records or pending legal matters).

9.5 Do Not Track

The Services do not currently respond to Do Not Track (DNT) browser signals. Please see Section 24.5(c) of the Online User Agreement for additional information.

10. California Privacy Rights

This Section 10 applies to California residents and supplements the rest of this Policy. It is provided pursuant to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), and related regulations.

10.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined under the CCPA:

Identifiers (name, email address, IP address, account username, device identifiers)

Commercial information (subscription tier, billing and transaction history)

Internet or other electronic network activity information (browsing history within the Services, search queries, usage data)

Geolocation data (approximate location derived from IP address)

Inferences (user profiles derived from usage data to personalize the Services)

Professional or employment-related information (if provided voluntarily, e.g., if accessing on behalf of a company)

Sensitive Personal Information (account login credentials; we do not collect other categories of sensitive personal information as defined by the CPRA)

10.2 Purposes for Collection

We collect the categories of personal information described above for the business and commercial purposes set forth in Section 3 of this Policy.

10.3 Categories of Third Parties with Whom We Share Personal Information

We share personal information with the categories of third parties described in Section 5 of this Policy: service providers (including Stripe), market data providers, and parties involved in legal and business transactions. We do not sell personal information and do not share personal information for cross-context behavioral advertising without first providing a right to opt out.

10.4 Your CCPA/CPRA Rights

California residents have the following rights under the CCPA/CPRA, subject to certain exceptions:

Right to Know. You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for collection, and the categories of third parties with whom we share it.

Right to Delete. You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., where retention is necessary for legal compliance, contractual performance, or other permitted purposes).

Right to Correct. You have the right to request correction of inaccurate personal information we maintain about you.

Right to Opt Out of Sale or Sharing. You have the right to opt out of the “sale” or “sharing” of your personal information as those terms are defined under California law. We do not sell your personal information. To the extent that our use of certain analytics or advertising cookies constitutes “sharing” under California law, you may exercise this right through the cookie controls described in our Cookie Policy.

Right to Limit Use of Sensitive Personal Information. You have the right to limit our use of sensitive personal information (as defined by the CPRA) to uses necessary to provide the Services or other permitted purposes. We do not use sensitive personal information for purposes beyond those permitted without your additional consent.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your privacy rights.

Right to Data Portability. In response to a verified Right to Know request for specific pieces of information, we will provide your information in a portable, readily usable format to the extent technically feasible.

10.5 How to Submit a Request

To exercise your CCPA/CPRA rights, please submit a verifiable consumer request by:

  • Email: support@finapolis.com (subject line: “California Privacy Rights Request”)

We will acknowledge receipt of your request within ten (10) business days and respond within forty-five (45) calendar days. If we require additional time (up to an additional forty-five days), we will notify you of the extension and the reason for it. We will verify your identity before processing requests for specific pieces of personal information. You may designate an authorized agent to make a request on your behalf; the agent must provide written authorization signed by you, and we may also require you to verify your identity directly with us.

We are not required to fulfill more than two Right to Know requests within any twelve-month period.

10.6 Shine the Light (California Civil Code § 1798.83)

California residents may also request information about our disclosure of personal information to third parties for their direct marketing purposes under California’s “Shine the Light” law. We do not disclose personal information to third parties for their own direct marketing purposes. For more information, contact us at support@finapolis.com.

10.7 Minors Under 16

We do not knowingly sell or share the personal information of consumers under 16 years of age. If we learn that we have collected personal information from a consumer under 16 without appropriate consent, we will delete it promptly. As noted in our Online User Agreement, the Services are directed at users 18 years of age and older.

11. Children’s Privacy (COPPA)

The Services are directed at users who are 18 years of age and older and are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided personal information to us, please contact us at support@finapolis.com and we will take steps to delete that information as required by the Children’s Online Privacy Protection Act (COPPA) and applicable law.

The Services may contain links to third-party websites, embedded tools, or other content that is not under our control. This Policy does not apply to third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit. We are not responsible for the privacy practices or content of third-party websites.

13. International Users

The Services are operated in the United States and are directed at U.S. users. If you access the Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Services from outside the United States, you consent to the transfer and processing of your information in the United States.

As noted in Section 4, if Finapolis expands to serve users in the EEA, United Kingdom, or other jurisdictions with comprehensive privacy laws, we will update this Policy and provide jurisdiction-specific disclosures as required.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated Policy on the Services and updating the “Last Updated” date above, and, where required by law or where we deem appropriate, by sending you an email notification. We encourage you to review this Policy periodically. Your continued use of the Services after the effective date of the revised Policy constitutes your acceptance of the changes. If you do not agree to the revised Policy, you must stop using the Services.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: support@finapolis.com

Mail: Finapolis Inc., 4343 Von Karman Ave. 3rd Floor, Newport Beach, CA 92660, Attn: Privacy

For California-specific requests, please use the subject line “California Privacy Rights Request.” We will respond to all inquiries within the timeframes required by applicable law.

© 2026 Finapolis Inc. All rights reserved.