Login Request access
Fyneri / Legal / Privacy Policy

Privacy Policy.

This policy explains what personal information Fyneri LLC collects, why we collect it, how we use it, who we share it with, and the rights you have over your data. We aim for plain language and concrete examples.

Last updated · May 11, 2026 GDPR · CCPA · PIPEDA compliant
i

The short version. We collect what we need to run the Services. We don't sell your data. Card numbers never touch our servers — Stripe handles those directly. You can request a copy or deletion of your data at any time by emailing contact@fyneri.com.

01Who we are

The data controller responsible for your personal information is:

Fyneri LLC
47196 Northgate Dr
Canton, MI 48188-3227
United States
contact@fyneri.com

For questions about this policy or to exercise your data rights, contact us at contact@fyneri.com.

02Information we collect

Information you provide directly

  • Account information: name, email, business name, business address, phone, password hash.
  • Billing information: billing address and last 4 digits of your payment card. Full card details are submitted directly to Stripe and never reach Fyneri's servers.
  • Communications: emails, support tickets, chat messages, and any information you choose to share.

Information collected automatically

  • Usage data: pages visited, features used, requests made to our API, timestamps, IP address, browser user-agent, referrer URL.
  • Device data: operating system, browser version, screen size.
  • Cookies: see Cookie Policy for the full list and purpose of each cookie.

Information from third parties

  • From Stripe: transaction metadata (amounts, statuses, customer IDs) to display in your dashboard.
  • From integration partners: if you connect Shopify, WooCommerce, or other platforms, we receive the data you authorize.

03How we use information

We process personal information for these purposes and legal bases (GDPR Art. 6):

  • To provide the Services (contractual necessity): authenticate you, render dashboards, route API requests, send transactional notifications.
  • To bill you (contractual necessity): calculate and collect fees through Stripe.
  • To improve the Services (legitimate interest): aggregated analytics, bug diagnosis, feature usage.
  • To communicate (legitimate interest / consent for marketing): respond to inquiries, send product updates, marketing emails (opt-out at any time via the link in each email).
  • To prevent fraud and abuse (legitimate interest / legal obligation): detect unusual activity, comply with Stripe's risk programs and applicable laws.
  • To comply with law (legal obligation): respond to lawful requests, retain records for tax and accounting purposes.

We do not engage in automated decision-making with legal or similarly significant effects on you.

04How we share information

We share personal information only with the following categories of recipients, and only as needed:

  • Sub-processors / service providers:
    • Stripe, Inc. (payment processing) — United States & Ireland
    • Amazon Web Services, Inc. (hosting) — United States, primary region us-east-1
    • Cloudflare, Inc. (CDN, DDoS protection) — global edge
    • Postmark / Customer.io (transactional email) — United States
    • Plausible Analytics (privacy-friendly analytics, EU-hosted, no cookies)
  • Professional advisors: lawyers, accountants, auditors, subject to confidentiality obligations.
  • Acquirers or successors: in connection with a merger, acquisition, financing, or sale of assets, subject to notice to you.
  • Law enforcement / regulators: when we are required by valid legal process or to protect rights, safety, and property.

We do not sell or rent personal information.

05Cookies & tracking

We use a minimal set of cookies (strictly necessary + privacy-friendly analytics). See the full Cookie Policy for the list, purpose, and retention of each cookie, and how to control them.

06Data retention

We retain personal information for as long as your account is active, plus a tail required for legal, tax, and accounting obligations:

  • Account & transactional records: 7 years after account closure (IRS & state tax retention).
  • Support tickets: 3 years after closure.
  • Backups: rolling 30 days; deleted data persists in backups up to 30 days after deletion before purge.
  • Marketing communications: until you unsubscribe + 30 days.

We may anonymize data and retain the anonymized form for analytical purposes indefinitely.

07Your rights

For all users

You may request to: (a) access the personal information we hold about you; (b) correct inaccurate information; (c) delete your personal information; (d) export your information in a portable format; (e) restrict or object to certain processing; (f) withdraw consent at any time where processing is based on consent.

Submit requests to contact@fyneri.com. We will respond within 30 days (extendable by 60 days for complex requests, per GDPR Art. 12(3)).

EEA / UK residents (GDPR)

You have the rights listed above, plus the right to lodge a complaint with your local supervisory authority. The lead supervisor for Fyneri customers in the EEA is typically the data protection authority of your country of residence.

California residents (CCPA / CPRA)

You have the right to know what categories of personal information we collect, the categories of sources, the business purposes, and the categories of third parties with whom we share it. You have the right to opt out of "sale" or "sharing" — we do neither. You have the right to request deletion and to non-discrimination for exercising your rights. To exercise these rights, email contact@fyneri.com with subject "CCPA Request".

08International data transfers

Fyneri is established in the United States; our primary hosting region is U.S. (AWS us-east-1). If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S. Where required, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA) for transfers out of the EEA / UK.

09Children

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact contact@fyneri.com and we will delete it.

10Security

We protect personal information with administrative, technical, and physical safeguards including TLS 1.2+ in transit, encryption at rest, role-based access control, audit logging, and quarterly penetration testing once we exit pre-launch. See our Security page for full details. No system is perfectly secure; we will notify affected users without undue delay if a breach occurs, in accordance with applicable law.

11Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email and dashboard notice at least 30 days before the effective date.

12Contact us

Privacy questions or rights requests:

Fyneri LLC · Attn: Privacy
47196 Northgate Dr
Canton, MI 48188-3227
United States
contact@fyneri.com