Last Updated: March 20, 2026
This Privacy Policy (hereinafter "Policy") outlines how Finovexis Limited, a company registered in the Republic of Cyprus, collects, uses, processes, and protects your personal data when you visit our website (finovex.io), request a product demo, register for our services, or interact with our marketing materials.
We are committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services. This Policy is designed to be transparent about our data practices and compliant with the General Data Protection Regulation (GDPR), the Data Protection Law (Cap. 125), and other applicable privacy laws.
Please read this Policy carefully. If you do not agree with our data practices, please do not provide us with your information or use our services.
Finovexis Limited is the Data Controller for personal data collected through our website and from prospective clients. We are responsible for determining how and why your personal data is processed.
Company Name: Finovexis Limited
Jurisdiction: Republic of Cyprus
Website: finovex.io
Privacy Inquiries: privacy@finovex.io
General Inquiries: info@finovex.io
Registered Address: Registered in Cyprus
Supervisory Authority: Office of the Commissioner for Personal Data Protection, Cyprus
We collect personal data in various ways, depending on how you interact with us. Below is a detailed breakdown of the information we collect:
We process your personal data for specific purposes, each supported by a lawful basis under GDPR Article 6. The table below outlines our data processing purposes and the corresponding legal basis:
| Purpose | GDPR Legal Basis (Article 6) | Description |
|---|---|---|
| Provide and maintain services | Performance of contract (Art. 6(1)(b)) | To deliver the platform and support services you have contracted for. |
| Process payments and billing | Performance of contract (Art. 6(1)(b)) | To process transactions, send invoices, and manage billing relationships. |
| Send service notifications | Performance of contract (Art. 6(1)(b)) | To send account alerts, system updates, security notifications, and service announcements. |
| Respond to inquiries and support requests | Legitimate interest (Art. 6(1)(f)) | To respond to your questions, provide customer support, and resolve issues. |
| Improve our services | Legitimate interest (Art. 6(1)(f)) | To analyze usage patterns, identify features to enhance, and optimize platform performance. |
| Analytics and usage patterns | Legitimate interest (Art. 6(1)(f)) | To understand how users interact with our website and services for improvement purposes. |
| Marketing communications | Consent (Art. 6(1)(a)) | To send marketing emails, newsletters, and promotional content (only with your explicit consent). |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) | To comply with regulatory requirements, law enforcement requests, and statutory obligations. |
| Prevent fraud and maintain security | Legitimate interest (Art. 6(1)(f)) | To detect, prevent, and address fraud, security issues, and abuse of our services. |
| Establish and defend legal claims | Legitimate interest (Art. 6(1)(f)) | To establish, exercise, or defend legal claims or in connection with legal proceedings. |
We process your data only for the purposes specified above and do not use your information for purposes incompatible with these stated objectives.
It is important to understand Finovexis Limited's role as both a Data Controller and, in certain contexts, a Data Processor:
Finovexis Limited acts as a Data Controller for:
In this capacity, we determine the purposes and means of data processing and are responsible for protecting your rights under the GDPR.
Finovexis Limited acts as a Data Processor for:
In this capacity, we process data according to the instructions provided by our clients (the Data Controllers) through our Data Processing Agreements (DPAs). End users' rights and privacy protections are governed by their respective client's privacy policy and terms of service.
All clients who use Finovexis's platform to process personal data must enter into a Data Processing Agreement with us. Our DPA includes:
Finovexis may engage third-party sub-processors to assist in delivering services. A current list of our sub-processors is maintained and updated regularly. Clients are notified of any changes to our sub-processor list in advance.
Finovexis uses cookies and similar tracking technologies to enhance your user experience, analyze website usage, and deliver targeted content.
Essential cookies are necessary for the website to function properly. These include:
Essential cookies are deployed without requiring your consent, as they are necessary for service delivery.
We use Google Analytics (GA4) to understand how visitors interact with our website. Analytics cookies collect:
Google Analytics data is anonymized and aggregated. We do not track individual users across websites. You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.
Marketing and targeting cookies are deployed only with your explicit consent. These cookies help us:
Marketing cookies are only placed after you affirmatively consent through our cookie consent banner.
You can manage your cookie preferences in the following ways:
Please note that disabling certain cookies may affect the functionality of our website.
Finovexis Limited does not sell, rent, lease, or trade your personal data to third parties for their marketing purposes. However, we may share your information in limited circumstances:
We share data with third-party service providers who help us deliver our services:
We may share information with our professional advisors, including:
All professional advisors are bound by confidentiality obligations and non-disclosure agreements.
We may disclose your personal data when required by law or when we believe in good faith that disclosure is necessary to:
In the event of a merger, acquisition, bankruptcy, or sale of substantially all of Finovexis's assets, your personal data may be transferred as part of that transaction. We will provide notice of such change and any choices you may have regarding your personal data.
All third-party recipients of personal data are bound by Data Processing Agreements or other contractual commitments that require them to protect your information in accordance with this Policy and applicable privacy laws.
Finovexis Limited is based in Cyprus and primarily stores data within the European Union. However, your personal data may be transferred to countries outside the EU/EEA in limited circumstances:
The majority of personal data is stored on servers and infrastructure located within Cyprus and other EU member states. This ensures compliance with data residency requirements and the GDPR principles of data protection by design.
If data must be transferred outside the EU/EEA (for example, to certain cloud infrastructure providers), we ensure that appropriate safeguards are in place:
You have the right to be informed about international transfers of your data and the safeguards in place. If you have concerns about a specific transfer, please contact us at privacy@finovex.io, and we will provide detailed information about the transfer mechanisms and protections.
We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law. The table below outlines our retention periods for different categories of data:
| Data Category | Retention Period | Rationale |
|---|---|---|
| Demo request forms | 24 months from submission | Allows follow-up on sales inquiries; deleted after to comply with retention minimization. |
| Client account data (active) | Duration of contract + 5 years | Required for service delivery and potential dispute resolution; extended retention for legal protection. |
| Billing and invoice data | 7 years | Required by Cypriot and EU accounting and tax regulations. |
| Analytics data (Google Analytics) | 14 months | Default Google Analytics retention period; automatically deleted thereafter. |
| Support tickets and communication | 3 years from resolution | Allows for review and dispute resolution; deleted after legal retention period. |
| Marketing consent records | Until withdrawn | Retention necessary to honor your opt-out preferences; deleted upon request. |
| Cookie data | Per cookie specifications (typically 1-2 years) | Session cookies deleted upon browser closure; persistent cookies per standard expiry. |
| Client platform data (upon termination) | 30 days following contract termination | Allows for data export; then permanently deleted. |
After the retention period expires, personal data is either securely deleted or irreversibly anonymized so that it cannot be linked back to any individual. Anonymized data may be retained indefinitely for statistical and analytical purposes.
Upon termination of your service agreement with Finovexis, your account data will be retained for 30 days to allow for export and migration to alternative platforms. After 30 days, all data will be permanently deleted from our servers unless retention is required by law.
Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:
You have the right to request confirmation of whether we are processing your personal data and to obtain a copy of your data in a structured, commonly used, and machine-readable format. We will respond to access requests within 30 days of receipt.
You have the right to request correction of inaccurate or incomplete personal data. If you believe any information we hold about you is incorrect, please contact us, and we will promptly correct it.
You have the right to request deletion of your personal data, subject to certain conditions. We will delete your data upon request unless we are required to retain it for legal, contractual, or legitimate business reasons. Deletion requests will be honored within 30 days where legally permissible.
You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful. During the restriction period, we will store the data but not actively process it.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller. We will provide your data in a portable format (e.g., CSV, JSON) upon request within 30 days.
You have the right to object to processing of your personal data for direct marketing purposes or on grounds relating to your particular situation. If you object, we will cease processing your data for those purposes, except where we have a compelling legitimate interest or legal obligation to continue.
Where we rely on your consent to process personal data (such as for marketing emails or certain cookies), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before withdrawal.
You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects concerning you. Finovexis does not make such decisions, but if you believe you are subject to this, please contact us.
You have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection, Cyprus, if you believe we have violated your privacy rights. You may also lodge a complaint with the data protection authority in your country of residence.
To exercise any of these rights, please send a request to privacy@finovex.io with the following information:
We will respond to all requests within 30 days. If we require additional information to verify your identity or the scope of your request, we may extend this deadline by up to 60 days (90 days total).
Finovexis implements comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
In the event of a suspected data breach, we have established procedures to:
All employees with access to personal data receive regular data protection and security training, including:
Finovexis maintains SOC 2 Type II compliance, demonstrating our commitment to security, availability, and integrity of data processing systems.
We verify the security practices of all third-party service providers through due diligence processes and require them to maintain equivalent security standards through contractual data processing agreements.
Finovexis's services are not directed at individuals under 18 years of age, and we do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete such information and terminate the minor's use of our services.
If you are a parent or guardian and believe your child has submitted personal data to Finovexis, please contact us immediately at privacy@finovex.io.
Finovexis may update this Privacy Policy from time to time to reflect changes in our data practices, regulatory requirements, or other operational considerations. When we make material changes, we will:
Your continued use of our website and services following notification of changes constitutes your acceptance of the updated Policy. If you do not accept the changes, you should discontinue use of our services and contact us to discuss your concerns.
If you have questions about this Privacy Policy, our data practices, or wish to exercise your GDPR rights, please contact us:
Email: privacy@finovex.io
Response time: Within 30 days
Email: info@finovex.io
Website: finovex.io
Authority: Office of the Commissioner for Personal Data Protection
Jurisdiction: Republic of Cyprus
You have the right to lodge a complaint with the Cypriot data protection authority or the authority in your country of residence if you believe we have violated your privacy rights.