Privacy Policy

Last updated: 2026-04-29

This Privacy Policy describes how Finch Labs, Inc.(“Finch,” “we,” “us,” or “our”) collects, uses, and shares information when you use our advertising-automation platform available at finchlabs.ai (the “Service”). Finch Labs, Inc. is a Wyoming corporation with its registered address at 1908 Thomes Ave STE 44233, Cheyenne, WY 82001, USA.

1. Information we collect

We collect the following categories of information:

• Account information. Name, email address, password hash, and tenant (workspace) name when you sign up.
• Connected-platform data. When you authorize Finch to connect to Meta (Facebook / Instagram), Google (Ads / Analytics 4), or Shopify, we receive an OAuth token via our broker (Nango) and use it to read advertising metrics, audience definitions, lead-form responses, and (for Shopify) orders + customer counts. We do not request write access to commerce data.
• Ad performance data. Impressions, clicks, conversions, spend, CTR, CPC, CPM, ROAS, and similar aggregate metrics from connected ad platforms.
• Lead outcomes. When you connect a chatbot integration (e.g., Agata IA), we periodically poll for lead-quality signals (qualified / not qualified, status updates) and associate them with the originating ad.
• Creative assets. Images, videos, and copy you upload or that our AI generates on your behalf.
• Usage data. Page views, feature interactions, evolution-run configurations, error logs, and IP address.
• Cookies. We use first-party session cookies (managed by Supabase) to keep you signed in. We do not use third-party advertising or tracking cookies on our marketing site.

2. How we use information

• To provide and operate the Service (generate ad variants, evaluate fitness, sync metrics).
• To improve the Service (debug errors, analyze feature usage in aggregate).
• To communicate with you about your account, billing, security, and product updates.
• To comply with legal obligations and enforce our Terms of Service.
• To detect, prevent, and respond to fraud, abuse, or violations of platform partners’ terms.

3. Subprocessors and third parties

We use the following service providers (subprocessors) to operate the Service. Each has its own privacy policy linked below.

• Supabase — database + authentication. Privacy
• Google Cloud Platform — application hosting (Cloud Run), object storage (Cloud Storage). Privacy
• Anthropic — AI model inference (Claude). Privacy
• Google AI — image generation (Imagen) and assistant (Gemini). Privacy
• Nango — OAuth token broker for Meta / Google / Shopify connections. Privacy
• Sentry — application error monitoring. Privacy
• Cloudflare — DNS and DDoS protection. Privacy
• Upstash — managed Redis for the job queue. Privacy
• Meta, Google, Shopify — the integrations you choose to connect. Their handling of your data is governed by their own policies.

We do not sell or rent personal information to third parties for advertising purposes.

4. International data transfers

Finch Labs is based in the United States, and our subprocessors are located in the United States and the European Union. By using the Service, you consent to the transfer of your information to these jurisdictions. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

5. Data retention

We retain account information for as long as your account is active and for up to 90 days after deletion (to allow recovery and to satisfy backup-retention cycles). Connected-platform tokens are deleted immediately upon disconnection or account closure. Ad performance and lead-outcome data are retained for analytics for up to 24 months unless you request earlier deletion. Server logs are retained for up to 30 days.

6. Your rights

• Access and export. You can export your data via /api/data-export (authenticated) or by emailing privacy@finchlabs.ai.
• Deletion. Request deletion at /data-deletion or by emailing privacy@finchlabs.ai.
• Correction. Update profile information from your account settings, or email us.
• EU/UK residents (GDPR). You also have the right to object to processing, restrict processing, withdraw consent, and lodge a complaint with your supervisory authority. For data-protection inquiries, email privacy@finchlabs.ai.
• California residents (CCPA/CPRA). You have the right to know what personal information we collect, to delete it, to correct it, to opt out of any “sale” or “sharing” (note: we do not sell personal information), and to non-discrimination for exercising these rights.

7. Security

We use industry-standard measures to protect your data, including TLS in transit, encryption at rest, OAuth-token isolation per tenant, row-level security on the database, and minimum-privilege access for engineers. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Children

The Service is not intended for children under 13 (or 16 in the EU/UK). We do not knowingly collect personal information from minors. If you believe a minor has provided us with information, contact privacy@finchlabs.ai and we will delete it.

9. Changes to this policy

We may update this policy from time to time. We will post the new version at this URL with an updated “Last updated” date. Material changes will be notified by email to active account holders at least 30 days before they take effect.

10. Contact

Privacy and data-protection inquiries: privacy@finchlabs.ai
General contact: support@finchlabs.ai
Mailing address: Finch Labs, Inc., 1908 Thomes Ave STE 44233, Cheyenne, WY 82001, USA