Version francaise

Privacy Policy — Finaxis Inc.

Last updated: January 7, 2026

This Privacy Policy (the "Policy") explains how Finaxis Inc. ("Finaxis," "we," "us") collects, uses, stores, protects, and discloses information when you use the Finaxis platform (the "Service"), including when you connect a Google Workspace/Gmail or Microsoft 365/Outlook mailbox.

This Policy applies to our Service and websites that link to it. It does not apply to third-party services (e.g., Google, Microsoft), which are governed by their own policies.

1) Who is responsible?

Finaxis Inc. (Quebec, Canada) is responsible for personal information processed in connection with the Service.

Privacy Officer / Contact:
[email protected]

2) Roles: Customer vs Authorized Users

The Service is provided to organizations (the "Customer"). Employees/agents of the Customer who use the Service are "Authorized Users."

  • The Customer typically controls tenant settings and user permissions.
  • Authorized Users may connect their mailboxes individually (subject to the organization's SSO/security configuration).

3) Information we collect

We may collect the following categories:

A) Account and usage data

  • identifiers (name, business email, role);
  • account settings and preferences;
  • usage logs (in-app actions, timestamps, technical identifiers);
  • security information (e.g., authentication logs, IP addresses for security purposes).

B) Accounts receivable data

business information entered/imported by the Customer (e.g., customer accounts, invoices, statuses, notes, action history).

C) Connected mailbox data (Google / Microsoft)

When you connect a mailbox, depending on permissions granted and options enabled, we may process:

  • Sending: information required to send emails from your mailbox (recipients, subject, content, and attachments if applicable).
  • Reading (optional): if enabled, Finaxis may read email limited to threads managed by the Service in order to:
    • display communication history for a specific account; and/or
    • generate account-specific follow-up suggestions.
Important: We do not scan your entire inbox. Reading is limited to app-managed threads needed for features visible in the user interface.

D) Error and diagnostics logs

We collect technical logs to detect and fix errors. We use Sentry in a self-hosted deployment on our infrastructure. We aim to minimize personal data in logs and avoid including email content.

E) Website data (if applicable)

Our website may use cookies necessary for basic functionality and, depending on configuration, analytics cookies. You can control cookies through your browser settings.

4) How we use information

We use information to:

  1. Provide the Service (e.g., display accounts, invoices, histories, run workflows).
  2. Send communications from connected mailboxes based on your settings.
  3. Display communication history related to an account within Finaxis.
  4. Generate suggestions / copilot features (analytics/AI) based on communications tied to a specific account to support AR follow-ups.
  5. Secure the Service (fraud prevention, access control, incident monitoring).
  6. Maintain reliability (debugging, performance, support).
  7. Manage the commercial relationship (billing, administration, legal compliance).

5) Tenant isolation and non-shared use

A) Tenant isolation

Each Customer tenant is isolated. One Customer's data is not accessible to other Customers.

B) No cross-customer "feeding"

We do not use data from one tenant to power another tenant.

C) AI: no generalized training

Finaxis does not use Customer Data to train generalized AI models shared across Customers. Analytics/AI processing is performed to deliver features within the Customer's tenant (e.g., account-specific suggestions).

6) Google / Microsoft: disclosures and limited use

When you connect Google Workspace/Gmail or Microsoft 365/Outlook, we process data only to provide requested features that are visible in the user interface (sending email, account-level history, AR follow-up suggestions), consistent with the permissions granted.

We do not sell data obtained from Google/Microsoft APIs, and we do not use it for advertising.

7) How we share information

We do not sell personal information.

We may disclose information:

  • Service providers/subprocessors: only as needed to operate and secure the Service (hosting, storage, backups, operations). Where required, we impose confidentiality and security obligations.
  • Legal compliance: where required by law or to protect rights, security, or users.
  • With your consent: when you explicitly authorize us to do so.
A list of subprocessors can be provided upon request.

8) Retention and deletion

During the active relationship: we retain data for as long as the Customer tenant is active and necessary to provide the Service.

After termination:

  • Export by request: the Customer may request an export within 30 days after termination.
  • Deletion: subject to legal obligations, fraud prevention, and security constraints, we will delete or anonymize data from active systems within up to 90 days.
  • Backups: some data may remain in backups (rotation) for up to 12 months, then be deleted.

9) Security

We implement reasonable security measures appropriate to risk, including:

  • access controls and tenant separation;
  • encryption at rest for stored data;
  • security monitoring and logging; and
  • data minimization practices (including for error logs).

No method of security is perfect, but we work to reduce risk and respond to incidents.

10) Your choices and rights

Depending on your role (Authorized User or data subject):

  • Revoke Google/Microsoft access: you can revoke Finaxis' access via your Google/Microsoft account settings and/or within the Service.
  • Access and correction: you may request access to and correction of your personal information.
  • Deletion / withdrawal of consent: you may request deletion of certain information, subject to legal and contractual obligations. You may withdraw consent where applicable.
  • Questions/complaints: contact us at [email protected].

If you are an Authorized User, some requests (e.g., tenant-level export/deletion) may need to be handled through your Customer administrator.

11) Transfers and processing locations

Finaxis operates from Quebec. Depending on deployment architecture and the location of our service providers, information may be processed in other jurisdictions. In all cases, we apply reasonable contractual and organizational safeguards.

12) Children

The Service is a B2B product and is not intended for children.

13) Changes

We may update this Policy from time to time. The current version will be posted on our website with an updated date. If changes are material, we may provide additional notice.

14) Contact

Finaxis Inc.
Email: [email protected]