Privacy Policy

Who is the data controller

FinButler ("FinButler," "we," "us," or "our") is the data controller (responsable del tratamiento) for personal data processed through the FinButler platform, including our website, dashboards, mobile applications, APIs, and integrations (the "Service"). The legal entity operating FinButler is domiciled in the Republic of Panama. The current operating entity, fiscal identification (RUC), and registered address are confirmed on request at privacy@finbutler.ai and will be published on this page after counsel sign-off.

The supervisory authority for personal data in Panama is the Autoridad Nacional de Transparencia y Acceso a la Información (ANTAI). You may direct unresolved complaints to ANTAI at antai.gob.pa.

Scope

This policy covers personal data we process about account holders, members of a team or firm, accountant users, prospects who join the waitlist, and visitors to our marketing site. It explains the categories of data, the purposes, the legal bases under Law 81, who we share data with, where data may be processed, how long we keep it, and how you exercise your rights.

Data we process, why, and on what legal basis

Under Law 81, we process your personal data on one of the following legal bases: your consent (Art. 5), the performance of a contract you are party to (the Terms of Service), compliance with a legal obligation, or our legitimate interest in operating, securing, and improving the Service. The table below maps each data class to its purposes and legal basis.

When data is shared with others

We do not sell your data and we do not share your financial data for advertising. We share data only in the following situations:

• Teams: data you create inside a team is visible to other members of that team, scoped to their role (owner, admin, member, viewer). You see this in the team filter inside the app.
• Firms and accountants: if you grant an accountant or firm access to your workspace, they can read the data you scope into the engagement. You can revoke access at any time.
• Connected accounts and integrations: if you connect a third-party account or import a QR-coded invoice from the Panama DGI, that integration is bound by the third party's own terms.
• Webhooks and APIs you configure: when you point FinButler at an outbound webhook, MCP endpoint, or API key, we deliver the data you instructed us to send.
• Subprocessors: trusted service providers acting on our written instructions (see the table below).
• Legal process: when we are compelled by Panama law, a competent court order, or a similar binding instrument, narrowed to what is strictly required.
• Corporate transactions: in connection with a merger, acquisition, or asset sale, with prior notice to affected users.
• With your consent: when you explicitly authorize a specific disclosure.

AI Prompts, Responses, and Memory

When you use AI features, we also collect:

• The prompts you submit to AI features and the AI responses we return to you
• Workspace financial context (accounts, transactions, budgets, goals) referenced to produce a response
• Summarized financial observations retained in AI Memory for your team, when AI Memory is enabled
• Operational telemetry such as model used, token counts, latency, and error codes

See AI Features, Prompts, and Memory below for retention, controls, and third-party processors.

AI Features, Prompts, and Memory

FinButler offers AI-powered features such as chat assistance, automated transaction import, spending insights, planning, tax suggestions, and persistent memory. These features process your financial context to generate responses that are useful to you and your team.

What AI features process

When an AI feature is enabled for your team, we may process:

• The prompt or question you submit, and any AI response we return to you
• Relevant financial context from your workspace (account balances, transactions, budgets, goals, categories) that the feature needs to answer the request
• Receipts, invoices, and documents you upload to AI ingestion flows
• Operational metadata (model used, token counts, latency, error codes) for billing, quota enforcement, and reliability

Third-party AI processors

To deliver AI features, we send the prompt and necessary context to large-language-model providers and to our memory provider (Hindsight). These processors handle that data on our behalf under contract:

• AI model providers (such as MiniMax, OpenAI-compatible providers, and Google Gemini for document OCR) receive the request needed to generate a response.
• Memory provider (Hindsight by Vectorize, self-hosted on infrastructure we control) stores summarized financial observations when AI Memory is enabled for your team.
• We do not authorize these providers to use your prompts, responses, or financial data to train their general-purpose models, and we contractually require that data be processed only to provide the service to us.

AI memory: scope, retention, and deletion

AI Memory creates a persistent memory bank for each team workspace so future AI responses can reference prior patterns, recurring expenses, savings progress, and similar durable observations.

• Per-team scope. Each memory bank is isolated to one team. Memory is never shared between teams or users, and a user who is not a member of a team cannot recall its memory.
• What gets stored. Summarized observations about financial behavior, chat exchanges, generated insights, and significant transaction events. We avoid retaining one-off transactions unless they represent a significant financial event.
• Retention. Memory persists until you disable AI Memory for the team or request deletion. Disabling AI Memory stops new retention immediately; deleting the team or your account removes the memory bank as part of account deletion (within 30 days of account deletion).
• Control. Team owners and admins can disable AI Memory and any other AI feature group from Settings → AI features. You may also request memory deletion at any time by emailing privacy@finbutler.ai, subject to any legal retention obligations.
• No model training. AI Memory content and AI prompts/responses are not used to train any AI model.

Team and Workspace Sharing

FinButler is built around team workspaces. When you invite someone to your team — or accept an invitation to join one — financial data inside that team becomes visible to the invited user, subject to their assigned role.

• What becomes visible. Once an invitation is accepted, the new member can see accounts, transactions, budgets, goals, categories, and reports that belong to the team, regardless of which team member originally created them.
• Role-based capability. Owners and admins can additionally invite and remove other members, change team settings, and toggle AI features. Members can view and edit financial data. Viewers have read-only access.
• AI context inheritance. If AI Memory or other AI features are enabled for the team, new members benefit from — and contribute to — that shared memory while they remain in the team.
• Removing access. Team owners and admins can remove members at any time from Settings → Team. Removed members lose access immediately.
• Cross-team transfers. A user can belong to only one team. Accepting a team invitation that requires switching teams moves the user out of their current workspace and is shown as an explicit confirmation step.

Accountant Access

FinButler supports a separate "accountant" relationship that grants a professional advisor scoped, read-only access to your team's books. Accountant access is distinct from team membership and is always opt-in through an emailed invitation link.

• Read-only by default. An accountant can view your accounts, transactions, and reports. They cannot modify financial data, invite or remove team members, or change team settings.
• Granted by you, the team owner. Access is granted only after you (or the recipient accepting the invitation under your team) explicitly accept the invitation link.
• Revocable. You can revoke accountant access at any time from Settings → Team; the accountant loses access immediately.
• Auditable. Accountant actions are logged so you can review what was viewed and when.

Connected Accounts and Future Integrations

The "Connected accounts" area inside FinButler is currently for social sign-in only. Linking a Google, Apple, or other supported provider lets you sign in to FinButler with that identity. It does not grant FinButler access to your bank, brokerage, email, calendar, contacts, or transactional history at the provider.

• OAuth sign-in providers share only basic identity information (name, email, profile image) needed to authenticate you. We do not request banking, financial, or other sensitive scopes.
• Bank account aggregation (for example via Plaid or Belvo) is not active today and is listed in the product UI as a "Coming soon" integration. No bank balance or transaction is currently pulled from financial institutions on your behalf.
• Accountant integrations and webhooks shown as "Coming soon" in Connected accounts are also not active today. When any of these integrations launches, we will publish a separate disclosure describing the data accessed, the third party involved, the lawful basis for processing, and the controls you have over the integration before you can enable it.

Subprocessors

We rely on a small set of vendors to operate the Service. Each subprocessor is contractually bound to confidentiality, security, and processing limited to our instructions. We maintain the full list of named vendors and notify customers of changes at least 30 days in advance for production tiers; the current list is available on request.

International transfers

FinButler is operated from Panama but the Service and its subprocessors run in cloud infrastructure that may store or process data outside Panama, typically in the United States, the European Union, or another country with comparable data-protection standards. By using the Service you acknowledge this transfer.

We rely on the safeguards permitted by Law 81 and Decree 285, including written processing agreements with each subprocessor, contractual confidentiality and security obligations, technical safeguards such as encryption in transit and at rest, and selection of providers that meet recognized international privacy and security frameworks.

Retention schedule

We retain personal data only as long as needed for the purposes above, plus the time required by Panama tax and commercial law for billing and accounting records.

How we protect your data

We apply reasonable technical, organizational, and contractual measures to protect personal data, including:

• Encryption in transit using TLS, and encryption at rest where supported by our infrastructure.
• SuperTokens-based session management, password hashing, rate limiting on authentication endpoints, and protection against common web vulnerabilities informed by OWASP guidance.
• Least-privilege access controls, audited admin actions, and named subprocessors bound by written processing agreements.
• Background tasks, queues, and storage isolated per environment.
• Continuous logging and monitoring of security events, with documented incident-response playbooks.

For additional detail, see our Security page.

Security incidents and breach notification

If we determine that a security incident has resulted in the unauthorized access, loss, alteration, or disclosure of personal data, we will:

• Open an internal investigation and contain the incident.
• Notify affected account holders without undue delay, using the email on file and an in-app banner where appropriate.
• Notify ANTAI and other Panama authorities when required by Law 81 and Decree 285, within the timeframe the regulation requires.
• Document the facts, the impact, the data subjects affected, the mitigations applied, and the lessons learned.

You can report a suspected incident to security@finbutler.ai.

Your rights under Law 81

Panama Law 81 of 2019 grants you the following rights over the personal data we hold about you. You can exercise any of them by writing to privacy@finbutler.ai or, for most rights, directly from your account settings. We respond within the period required by Law 81 and Decree 285 (currently up to 15 working days, extendable once where justified).

Children

FinButler is not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact privacy@finbutler.ai and we will delete it.

Changes to this policy

We may update this policy as the Service evolves and as Law 81, Decree 285, or other applicable regulations change. Material changes are announced in the app and via email, and the "Last updated" date is revised. Continued use of the Service after the effective date constitutes acceptance of the updated policy.