PRIVACY POLICY
LAST UPDATED: 17 MARCH 2026
1. WHO WE ARE
FINGAURD (“we”, “us”, “our”) is a regulatory intelligence platform operated by FINGAURD Ltd. We provide AI-assisted compliance analysis for UK financial services firms. We are the data controller for personal data collected through our platform and website.
Data Protection Contact: contact@fingaurd.com
2. DATA WE COLLECT
We collect the following categories of personal data:
Contact Form Submissions
- Name, email address, company name, role, and message content
- Collected when you submit our “Request Demo” or contact form
- Legal basis: Legitimate interest (responding to your enquiry) and consent
Compliance Queries
- Questions submitted to the compliance Q&A system
- AI-generated answers, citations, and verification results
- Query metadata (timestamps, processing times, confidence scores)
- Legal basis: Performance of contract and legitimate interest
Technical Data
- IP address, browser type, device information
- Usage data and access logs
- Legal basis: Legitimate interest (security and service improvement)
3. HOW WE USE YOUR DATA
- To respond to your demo requests and enquiries
- To provide compliance analysis and regulatory intelligence services
- To generate and verify AI-assisted answers to compliance questions
- To maintain audit trails as required for FCA compliance (SYSC 9)
- To improve service quality (we do not use your data to train AI models)
- To ensure security and prevent misuse of the platform
4. THIRD-PARTY DATA PROCESSORS
We use the following third-party services to deliver our platform:
- OpenAI — LLM provider for generating compliance answers and embeddings. Query text is sent to OpenAI's API for processing. Data is processed in accordance with OpenAI's data processing agreement and is not used to train their models.
- Pinecone — Vector database for storing and searching regulatory text embeddings. Stores anonymised regulatory content, not personal data.
- Vercel — Hosts our landing page and frontend application. May process IP addresses and technical data.
- Railway — Hosts our backend API. Processes API requests including compliance queries.
All third-party processors are contractually required to handle data securely and in compliance with applicable data protection laws. Data transfers outside the UK/EEA are covered by appropriate safeguards including Standard Contractual Clauses.
5. DATA RETENTION
- Contact form submissions: Retained for 24 months from the date of submission, or until you request deletion.
- Compliance queries and audit trails: Retained for a minimum of 5 years in line with FCA record-keeping requirements (SYSC 9.1), or longer if required by regulation.
- Technical logs: Retained for 12 months for security and debugging purposes.
- Account data: Retained for the duration of your subscription plus 6 months, unless regulatory retention obligations require longer.
6. YOUR RIGHTS
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- Access — Request a copy of the personal data we hold about you
- Rectification — Request correction of inaccurate personal data
- Erasure — Request deletion of your personal data (subject to regulatory retention obligations)
- Restriction — Request restriction of processing in certain circumstances
- Data portability — Receive your data in a machine-readable format
- Objection — Object to processing based on legitimate interest
- Withdraw consent — Where processing is based on consent, withdraw at any time
To exercise any of these rights, contact us at contact@fingaurd.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
7. COOKIES AND ANALYTICS
Our website uses essential cookies and privacy-focused analytics:
- Session cookies: Required for authentication and maintaining your session. Expire when you close your browser.
- Preference cookies: Store your UI preferences. Expire after 12 months.
- Vercel Analytics: We use Vercel Analytics and Vercel Speed Insights for privacy-focused performance monitoring. These collect anonymised page view and performance data. No advertising cookies, no cross-site tracking, no personally identifiable information is collected by these tools. See Vercel's privacy policy for details.
We do not use Google Analytics, Facebook Pixel, or advertising-based tracking technologies.
8. DATA SECURITY
We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security reviews, and secure development practices. Our platform architecture uses namespace-based tenant isolation to ensure data segregation between organisations.
9. CHANGES TO THIS POLICY
We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The “Last Updated” date at the top of this page indicates when the policy was last revised.
10. CONTACT US
If you have any questions about this privacy policy or our data practices, contact us at: