Privacy Policy

1. Introduction

FinTrakker ("we," "us," or "our") is operated by Firmhound LLC. This Privacy Policy explains how we collect, use, share, and protect information in connection with our fintech licensing compliance platform at fintrakker.com.

By using FinTrakker, you agree to the collection and use of information described in this policy. If you do not agree, do not use the service.

2. Information We Collect

We collect information you provide directly and information generated by your use of the service.

• Account information: Email address, company name, NMLS ID (optional), and password when you create an account.
• Billing information: Payment method details processed by Stripe. We do not store full card numbers or CVVs.
• Preferences: Notification settings, alert thresholds, timezone, and delivery preferences you configure.
• Webhook endpoints: URLs you register to receive compliance alerts.
• Usage data: Pages visited, features used, session duration, and actions taken within the platform.
• Technical data: IP address, browser type, device type, referrer URL, and operating system.
• Communications: Emails or messages you send to our support team.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the FinTrakker service
• Deliver compliance alerts, renewal notices, and regulatory change notifications
• Process payments and manage your subscription
• Send transactional emails including receipts, alerts, and digest reports
• Respond to your questions and support requests
• Monitor for fraud, security incidents, and platform abuse
• Analyze aggregate usage to improve product features
• Comply with legal obligations and enforce our Terms of Service

We do not sell your personal information to third parties.

4. Third-Party Service Providers

We share information with third parties only as necessary to operate the service:

• Stripe: Payment processing and billing management. Stripe's privacy policy governs their handling of your payment data.
• Resend: Transactional email delivery for compliance alerts and account notifications.
• Hetzner: Infrastructure hosting for our platform servers and database.
• Anthropic Claude: AI-assisted enrichment of publicly available regulatory data. We do not share your personal account information with Anthropic.
• Cloudflare: DNS, CDN, and network security services.

These providers are contractually bound to use your data only to perform services on our behalf and in compliance with applicable law.

5. Data Sources and Public Records

FinTrakker aggregates publicly available information from government databases including NMLS Consumer Access, state financial regulator portals, FinCEN's MSB Registrant Search, and state legislative and regulatory publication feeds. This information is public record. We do not access, store, or process any non-public regulatory examination information.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide the service. After account cancellation, we delete personal data within 90 days, except as required for legal compliance, fraud prevention, or tax records (typically 7 years for financial records).

Compliance alert history and scrape run data are retained for 12 months from the date of collection, then purged from our active systems.

7. Security

We implement industry-standard security measures including TLS encryption for all data in transit, bcrypt password hashing, JWT-based authentication with short expiry windows, and strict internal access controls. Payment data is handled exclusively by Stripe and is never stored on our servers.

No method of transmission over the internet is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your personal data
• Export your data in a portable format
• Opt out of non-transactional communications
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking

We use minimal, functional cookies required for authentication and session management. We do not use advertising cookies or cross-site tracking. Our analytics are server-side and do not use third-party JavaScript trackers. We do not serve ads.

10. Children's Privacy

FinTrakker is a business-to-business compliance service not directed at children. We do not knowingly collect personal information from persons under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and notify active subscribers via email for material changes. Continued use of the service after notice constitutes acceptance of the updated policy.

12. Contact

Questions or concerns about this Privacy Policy should be directed to:

Firmhound LLC
[email protected]