Privacy Policy

Last updated: April 2026

Introduction

Finnovia Solutions SAS ("Finnovia", "we", "us") is committed to protecting the personal data of its users. This policy describes how we collect, use, store, and protect your data in accordance with the General Data Protection Regulation (GDPR) and applicable French law.

Data Controller

Finnovia Solutions SAS Registered office: [TO BE COMPLETED] Email: information@finnovia-solutions.com Data Protection Officer: [TO BE COMPLETED]

Data Collected

We collect the following personal data:

  • Identity information: full name, email address
  • Company information: company name, organization
  • Assessment data: responses to cybersecurity compliance questionnaires
  • Technical data: IP address, browser type, connection logs
  • Payment data: processed by our payment provider Stripe (we do not store your bank details)

Purposes and Legal Basis

Your data is processed for the following purposes:

  • Account management and authentication (contract performance)
  • Cybersecurity compliance assessments and FR Rating calculation (contract performance)
  • Billing and payment management (contract performance)
  • Communication about our services (legitimate interest)
  • Platform improvement and analytics (legitimate interest)
  • Legal obligations compliance (legal obligation)

Subprocessors

We use the following subprocessors to provide our services:

  • Supabase Inc. (USA) — Database and authentication
  • Vercel Inc. (USA) — Web hosting and CDN
  • Resend Inc. (USA) — Transactional emails
  • Stripe Inc. (USA) — Payment processing

These providers are located in the United States. Data transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission.

Data Retention

Your personal data is retained for the duration of your account. Upon account deletion, your data is deleted within 30 days, except where retention is required by law (e.g., billing records retained for 10 years).

Your Rights

Under the GDPR, you have the following rights:

  • Right of access — obtain a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to restriction — limit processing of your data
  • Right to data portability — receive your data in a structured format
  • Right to object — object to processing based on legitimate interest

To exercise your rights, contact us at: information@finnovia-solutions.com. You may also lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at www.cnil.fr.

Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), secure authentication, and access controls.