Legal

Privacy Policy

Last updated: 1 June 2026

Draft for review. This policy is a working draft. It must be reviewed and finalised with legal counsel, and the registered company details and Data Protection contact completed, before public launch.

This Privacy Policy explains how FINSIMUL ("FINSIMUL", "we", "us") collects, uses, shares and protects personal data when you visit finsimul.com, use the customer portal at portal.finsimul.com, or otherwise engage with our services. We are committed to handling personal data in accordance with the UK GDPR, the EU GDPR and applicable data-protection law.

1. Who we are

FINSIMUL provides FinOps-as-a-Service: we ingest cloud cost and usage data and deliver AI-analysed cost reports. For the personal data described in this policy, the data controller is [registered legal entity name — to be confirmed], registered at [registered office address — to be confirmed]. You can contact us about privacy matters at privacy@finsimul.com.

2. The data we collect

  • Contact & enquiry data — name, work email, company, and any message you send us via our contact channels or early-access enquiries.
  • Account data — name, email and role of authorised portal users, established through Google sign-in.
  • Customer cloud-cost data — billing and usage exports you connect (e.g. AWS Cost and Usage Reports, Azure and GCP billing exports, SaaS billing data). This is processed on your organisation's behalf — see our Data Processing Addendum.
  • Technical data — limited server logs (such as IP address and request metadata) generated when you use our sites and portal, for security and operational purposes.

3. How and why we use it (legal bases)

  • To respond to enquiries and manage early access — on the basis of our legitimate interests in handling your request, or steps taken at your request prior to entering a contract.
  • To provide, secure and operate the platform for our customers — on the basis of contract performance.
  • To meet legal, accounting and security obligations — on the basis of legal obligation and legitimate interests.
  • To send service or, where permitted, occasional product communications — on the basis of consent or legitimate interests, with an opt-out always available.

4. How long we keep it

We retain personal data only as long as necessary for the purposes above. Enquiry data is retained for up to [default retention period — to be confirmed]; account data for the life of the customer relationship plus a reasonable archival period; customer cloud-cost data per the terms of the DPA. Audit records are retained as required by law.

5. Who we share it with

We share personal data with vetted sub-processors who help us run the service — including our cloud hosting provider and the AI provider that analyses cost data. A current list is maintained in our Sub-processor list. We do not sell personal data.

6. International transfers

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses. Details of our hosting region are set out on our Security page.

7. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. You may also lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office). To exercise any right, contact privacy@finsimul.com.

8. Cookies

See our Cookie Policy for details of the cookies and similar technologies we use.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the "last updated" date above and, where appropriate, notified to customers.

10. Contact

Questions about this policy or your data can be sent to privacy@finsimul.com.