Fincord logoFincord
GET STARTED

Privacy Policy

Last updated: March 6, 2026

This Privacy Policy explains how Fincord ("Fincord", "we", "us", or "our") collects, uses, stores, and discloses information when you use our website and services.

1. Who We Are

Fincord provides software that helps users sync authorized financial data to Notion destinations they configure.

Contact for privacy and security matters: security@fincord.io

2. Information We Collect

We collect only the information required to provide and secure the service.

A. Account and authentication information

  • Account identifiers and email address
  • Authentication provider metadata (for example, Google account linkage data)
  • Session data and login security metadata (such as timestamps, IP, and user agent)

B. Plaid connection information

  • Plaid Item and account identifiers
  • Institution metadata (for example, institution name and ID, and logo where available)
  • Plaid access token in encrypted form

C. Notion connection information

  • Notion workspace and integration identifiers
  • Notion OAuth access and refresh tokens in encrypted form
  • Selected parent pages, data sources, and mapping configuration

D. Sync and operational information

  • Destination setup and mapping configuration
  • Sync status, counters, cursors/checkpoints, and errors
  • Webhook processing records and audit logs

We do not intentionally collect more data than is needed for sync operations, reliability, and security.

3. How We Collect Information

We collect information:

  • Directly from you during signup and setup
  • From services you authorize us to connect (for example, Plaid and Notion)
  • From authentication providers you choose
  • Automatically through service logs and security telemetry

4. How We Use Information

We use information to:

  • Authenticate users and secure accounts
  • Connect financial data sources and sync data to Notion destinations
  • Operate, maintain, and improve the service
  • Detect abuse, investigate incidents, and enforce our terms
  • Provide support and communicate service updates
  • Comply with legal obligations

5. Legal Bases (Where Applicable)

Where required by law, we process personal information under one or more of the following legal bases:

  • Contractual necessity (providing the requested service)
  • Legitimate interests (security, reliability, fraud prevention, and product operations)
  • Consent (where required)
  • Legal obligation

6. How We Share Information

We may share information with:

  • Infrastructure and operational service providers that help us run Fincord
  • Integration platforms you connect, such as Plaid and Notion
  • Authentication providers you choose, such as Google
  • Professional advisors (for legal, compliance, and accounting needs)
  • Government or law enforcement authorities when legally required
  • A successor entity in connection with a merger, acquisition, or asset transfer

We do not sell personal information for money.

7. Third-Party Services

When you use third-party integrations, those providers process data under their own terms and privacy policies:

8. Data Retention

We retain information only for as long as needed for service delivery, security, troubleshooting, compliance, and legal obligations.

Current operational defaults:

  • Webhook logs: up to 30 days
  • Sync logs: up to 180 days
  • Connection and mapping data: retained while the connection or destination is active
  • Encrypted Plaid/Notion tokens: retained while related connections are active, then deleted on disconnect

Backups may retain deleted data for a limited backup lifecycle period.

9. Security

We use reasonable technical and organizational safeguards, including:

  • Encryption in transit using TLS
  • Encryption at rest for sensitive credentials/tokens
  • Access controls and least-privilege access practices
  • Audit logging and monitoring for critical operations

No system is perfectly secure, and we cannot guarantee absolute security.

10. Your Rights

Depending on your location, you may have rights to:

  • Access personal information we hold about you
  • Correct inaccurate data
  • Request deletion of personal data
  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent where processing relies on consent

To make a request, contact security@fincord.io.
We may request verification before fulfilling privacy requests.

11. International Processing

Your information may be processed in jurisdictions outside your country. Where required, we apply appropriate safeguards for cross-border data transfers.

12. Children's Privacy

Fincord is not directed to children under 13 (or higher minimum age where required by local law). We do not knowingly collect personal information from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and provide additional notice when required.

14. Contact

For privacy and security requests, contact: security@fincord.io