Privacy Policy

By using the Service, you acknowledge that your personal data may be processed as described in this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Service.

1. Important Privacy Notice for Financial and AI Data

financialmodeling.app is an AI-assisted financial modelling and productivity tool. You should not upload confidential, highly sensitive, regulated or restricted information unless you have the legal right to do so and you accept the associated risks.

In particular, you should avoid uploading personal data, sensitive personal data, material non-public information, insider information, client-confidential information, banking-secret information, trade secrets or information subject to professional secrecy unless such processing is lawful, authorized and appropriate.

You are responsible for ensuring that any data, files, spreadsheets, prompts, financial statements, assumptions, client materials or other information you submit to the Service may lawfully be processed through AI-assisted tools and third-party service providers.

2. Controller

For purposes of applicable data protection laws, including the Swiss Federal Act on Data Protection and, where applicable, the EU General Data Protection Regulation or UK GDPR, the controller of your personal data is:

[Insert legal company name]
[Insert address]
Switzerland
Email: [insert email]

If we appoint a data protection representative or data protection officer, their contact details will be listed here:

Data protection contact: [Insert contact details if applicable]

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Account Data

• Name
• Email address
• Company name
• Job title or professional role
• Login credentials or authentication identifiers
• Account settings and preferences
• Subscription status

3.2 Usage Data

• Pages visited
• Features used
• Buttons clicked
• Session duration
• Referring pages
• Searches, prompts and interactions with the Service
• Approximate location based on IP address
• Device type, browser type, operating system and technical identifiers

3.3 User Content

You may submit prompts, text, spreadsheets, financial models, formulas, assumptions, tables, datasets, company information, financial statements, forecasts, charts, screenshots, files or other materials.

User Content may include personal data if you choose to include it. We do not require you to include personal data in financial models or prompts unless it is necessary for your intended use.

3.4 AI Interaction Data

• Prompts and instructions submitted to AI tools
• Uploaded files or extracted file contents
• AI-generated outputs
• Model configuration, system instructions or processing metadata
• Error logs and quality-control information

3.5 Payment and Billing Data

If you purchase a subscription or paid feature, we or our payment processors may process billing information, such as your name, billing address, payment method details, transaction identifiers, invoices, VAT or tax information and payment status.

We generally do not store full credit card numbers. Payment information is processed by third-party payment providers, such as [Stripe / Paddle / Lemon Squeezy / insert provider].

3.6 Support and Communication Data

• Messages you send to us
• Support requests
• Feedback
• Survey responses
• Email communication
• Information needed to resolve technical or account issues

3.7 Cookies and Similar Technologies

We may use cookies, pixels, local storage, analytics tools and similar technologies to operate, secure, improve and measure the Service.

4. Data You Should Not Submit

Unless we have expressly agreed otherwise in writing, you must not submit:

• Special categories of personal data, such as health, biometric, religious or political data
• Government identification numbers
• Payment card numbers outside the secure payment flow
• Passwords or authentication secrets
• Material non-public information
• Insider information
• Banking-secret information
• Professional-secrecy information
• Confidential client data without authorization
• Information that you are not legally permitted to upload or process

We are not responsible for your decision to submit such information where you were not authorized or legally permitted to do so.

5. How We Use Personal Data

We may process personal data for the following purposes:

• To provide, operate and maintain the Service
• To create and manage user accounts
• To generate, process, improve and display AI-assisted outputs
• To process uploaded files and user instructions
• To provide financial modelling, spreadsheet, forecasting and analytical functionality
• To process subscriptions, payments, invoices, refunds and tax information
• To provide customer support
• To troubleshoot errors and technical issues
• To improve the quality, reliability, usability and security of the Service
• To monitor usage limits, abuse, fraud, misuse and security risks
• To communicate service updates, security notices and administrative messages
• To send marketing communications where permitted by law
• To comply with legal, regulatory, tax, accounting and security obligations
• To establish, exercise or defend legal claims

6. Legal Bases for Processing

Where applicable data protection law requires a legal basis, we rely on one or more of the following:

• Contract performance: processing necessary to provide the Service, manage your account, process payments and deliver requested functionality.
• Legitimate interests: processing necessary to secure, improve, analyse, develop and protect the Service, prevent abuse, communicate with users and operate our business, provided such interests are not overridden by your rights and interests.
• Consent: processing based on your consent, such as certain cookies, analytics or marketing communications, where required.
• Legal obligation: processing necessary to comply with applicable legal, tax, accounting, regulatory or law-enforcement obligations.
• Legal claims: processing necessary to establish, exercise or defend legal claims.

7. AI Processing

The Service may use artificial intelligence systems, large language models, machine learning models, automation tools and third-party AI infrastructure to process your prompts, files, instructions and outputs.

AI processing may include:

• Reading and interpreting prompts
• Extracting information from uploaded files
• Analysing formulas, tables, assumptions and financial statements
• Generating explanations, calculations, summaries, scenarios or model structures
• Improving formatting, logic, consistency and usability of outputs
• Detecting errors, abuse, unsafe requests or policy violations

AI-generated outputs may be inaccurate, incomplete or unsuitable. Please review our Terms of Service for important disclaimers regarding AI outputs and financial modelling results.

7.1 Use of Data for AI Training

[Choose and keep only the accurate option:]

Option A — No training by us: We do not use your private prompts, uploaded files or private financial models to train our own AI models, unless you have expressly agreed otherwise.

Option B — Improvement use: We may use prompts, outputs, usage data and feedback to monitor, evaluate, improve and develop the Service, including AI-related functionality, where permitted by law and subject to appropriate safeguards.

Option C — Enterprise/private mode: For business or enterprise accounts, we may offer settings that limit or exclude the use of Customer Content for product improvement. The applicable account settings or enterprise agreement will control.

7.2 Third-Party AI Providers

We may use third-party AI providers and infrastructure providers to process prompts, uploaded files and outputs. These providers process data on our behalf or under their own applicable terms, depending on the service configuration.

Current or potential AI and infrastructure providers may include:

• [OpenAI / Anthropic / Google / Mistral / Microsoft / insert provider]
• [Supabase / AWS / Google Cloud / Cloudflare / Vercel / insert provider]
• [Other analytics, database, storage or monitoring providers]

You should not submit data to the Service if your legal, contractual, regulatory or professional obligations prohibit processing by such providers.

8. Cookies and Analytics

We may use necessary cookies and similar technologies to provide core functionality, including login, security, session management, payment flow, user preferences and fraud prevention.

With your consent where required, we may also use analytics, performance or marketing technologies to understand how users interact with the Service and to improve our product.

These technologies may collect information such as IP address, device identifiers, browser type, pages visited, time spent, referring websites and interaction events.

Tools we use may include:

• [Google Analytics]
• [Plausible Analytics]
• [PostHog]
• [Meta Pixel]
• [LinkedIn Insight Tag]
• [Other tools]

You can manage cookies through your browser settings and, where available, our cookie banner or cookie preference tool.

9. Marketing Communications

We may send you service-related messages, such as account, billing, technical, legal and security notices. These are not marketing messages and may be necessary to provide the Service.

We may send marketing emails, product updates or newsletters if permitted by law or if you have given consent where required. You may unsubscribe from marketing communications at any time by using the unsubscribe link or contacting us.

10. Sharing of Personal Data

We may share personal data with the following categories of recipients:

• Hosting and cloud infrastructure providers
• Database and storage providers
• AI model and AI infrastructure providers
• Payment processors and billing providers
• Analytics and product improvement providers
• Email, communication and customer support providers
• Security, fraud prevention and monitoring providers
• Professional advisers, including lawyers, accountants and auditors
• Authorities, courts, regulators or law-enforcement bodies where legally required
• Potential buyers, investors or successors in connection with a business transaction

We do not sell your personal data in the ordinary sense of the word. If we engage in activities that are considered a “sale” or “sharing” under applicable privacy laws, we will provide any required rights and notices.

11. International Data Transfers

We are based in Switzerland, but our service providers, infrastructure providers, AI providers, payment processors and other recipients may process personal data in other countries, including the European Economic Area, the United Kingdom, the United States and other jurisdictions.

Where required by applicable law, we use appropriate safeguards for international transfers, such as adequacy decisions, standard contractual clauses, data processing agreements, technical safeguards or other lawful transfer mechanisms.

You acknowledge that countries outside your jurisdiction may have data protection laws that differ from those in your country.

12. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of data and the purpose of processing:

• Account data: retained while your account is active and for a reasonable period thereafter.
• Billing data: retained as required for tax, accounting and legal compliance.
• User Content: retained as needed to provide the Service, unless deleted earlier by you or under your account settings.
• AI interaction logs: retained for security, troubleshooting, quality control and abuse prevention for a limited period.
• Support messages: retained as needed to resolve requests and maintain business records.
• Security logs: retained as needed to protect the Service and investigate misuse.

[Optional: Insert specific retention periods, for example: “Uploaded files are deleted after 30 days unless saved by the user.”]

13. Security

We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.

Such measures may include encryption, access controls, secure hosting, authentication, monitoring, backups, logging, vendor review and internal access restrictions.

However, no website, software system, AI system, transmission method or storage system is completely secure. To the maximum extent permitted by law, we do not guarantee absolute security.

You are responsible for keeping your login credentials confidential and for using appropriate security measures when submitting data to the Service.

14. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal data, including the right to:

• Request access to your personal data
• Request correction of inaccurate or incomplete personal data
• Request deletion of personal data
• Request restriction of processing
• Object to certain processing
• Withdraw consent where processing is based on consent
• Request data portability where applicable
• Object to direct marketing
• Lodge a complaint with a data protection authority

To exercise your rights, contact us at: [insert email].

We may need to verify your identity before responding to a request. Some rights may be limited by applicable law, legal obligations, confidentiality obligations, security requirements, trade secrets or the rights of others.

15. European, UK and Swiss Users

If you are located in Switzerland, the European Economic Area or the United Kingdom, you may have specific rights under applicable data protection laws.

You may contact us to exercise your rights. You may also have the right to lodge a complaint with your local data protection authority.

In Switzerland, the competent authority is generally the Federal Data Protection and Information Commissioner. In the EEA, you may contact your national data protection authority. In the United Kingdom, you may contact the Information Commissioner's Office.

16. California and Other US State Privacy Rights

If you are a resident of California or another US state with applicable privacy laws, you may have additional rights, such as the right to know, access, correct, delete, opt out of certain data sharing or targeted advertising, and not be discriminated against for exercising privacy rights.

We do not knowingly sell personal data in the ordinary sense of the word. If our use of advertising, analytics or tracking technologies is considered a “sale,” “sharing” or “targeted advertising” under applicable law, you may have the right to opt out.

To exercise applicable US privacy rights, contact us at: [insert email].

17. Business and Enterprise Customers

If you use the Service on behalf of a company, fund, adviser, bank, consultancy, university or other organization, that organization may be responsible for determining whether and how personal data may be submitted to the Service.

Where we process personal data on behalf of a business customer as a processor or service provider, the applicable data processing agreement, enterprise agreement or order form may supplement this Privacy Policy.

Business customers are responsible for ensuring that they have a lawful basis and all required notices, consents and permissions for submitting personal data to the Service.

18. Children

The Service is not intended for children or persons under the age of 18. We do not knowingly collect personal data from children.

If you believe that a child has provided personal data to us, please contact us and we will take appropriate steps to delete such data where required.

19. Automated Decision-Making

The Service may use automation and AI to generate financial modelling assistance, summaries, explanations, calculations and analytical outputs.

We do not intend the Service to make legally binding decisions about you or decisions that produce similarly significant effects, such as credit approval, employment decisions, insurance eligibility or regulated investment advice.

You must not use the Service as the sole basis for making legally significant decisions about individuals unless you have ensured that such use complies with all applicable laws.

20. Third-Party Links and Integrations

The Service may contain links to third-party websites, tools, APIs, data sources or integrations.

We are not responsible for the privacy practices, security, content or policies of third parties. You should review the privacy policies of any third-party services you use.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised effective date.

If we make material changes, we may provide additional notice, such as by email, in-app notice or a prominent notice on the Service.

Your continued use of the Service after an updated Privacy Policy becomes effective means you acknowledge the updated policy.

22. Contact

If you have questions, requests or complaints about this Privacy Policy or our processing of personal data, contact us at:

Jaeger Digital Labs
Switzerland
Email: contact@financialmodeling.app

Recommended Short Privacy Notice

Recommended Upload Warning

Recommended Cookie Banner Text