Legal

Privacy Policy

Last updated: 7 June 2026

1. Who we are

Fynmerge Ltd (“Fynmerge”, “we”, “us”) is a company registered in England and Wales. We operate the Fynmerge financial management platform available at www.fynmerge.com. We are registered as a Data Controller with the Information Commissioner's Office (ICO).

2. What data we collect

We collect the following categories of personal data:

  • Account data — name, email address, and password (stored hashed).
  • Business data — company name, VAT number, UTR, and fiscal year settings you provide during onboarding.
  • Financial data — invoices, contacts, and cash flow figures you enter or that are synced from your connected accounting tools.
  • Bank data — read-only transaction data retrieved via Open Banking (regulated under PSD2). We never store your bank login credentials.
  • Usage data — pages visited, features used, and error logs, collected to improve the product.

3. How we use your data

We use your data to:

  • Provide and improve the Fynmerge platform.
  • Calculate cash flow projections, tax pot recommendations, and deadline alerts.
  • Send transactional emails (invoice reminders, payment alerts, tax deadline notifications).
  • Comply with legal obligations under UK GDPR and the Companies Act.

We do not sell your data or use it for advertising.

4. Legal basis for processing

We process your data on the basis of contract performance (delivering the service you signed up for), legitimate interests (improving the product and preventing fraud), and legal obligation (complying with UK tax and financial regulations).

5. Data retention

We retain your account data for the duration of your subscription and for 90 days after cancellation, after which it is permanently deleted. Financial records that are subject to statutory retention requirements (e.g. invoices under UK tax law) may be retained for up to 7 years.

6. Your rights

Under UK GDPR you have the right to:

  • Access a copy of your personal data.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”), subject to legal retention obligations.
  • Restrict or object to processing.
  • Data portability — export your data in a machine-readable format.

To exercise any of these rights, email us at privacy@fynmerge.co.

7. Third-party services

We use the following sub-processors to deliver the service:

  • Supabase — database and authentication (EU-hosted).
  • Railway — API infrastructure (EU region).
  • Vercel — web application hosting.
  • Resend — transactional email delivery.
  • TrueLayer — Open Banking data access (FCA regulated).

8. Cookies

We use strictly necessary cookies for authentication (session tokens) and no third-party tracking or advertising cookies.

9. Contact

For privacy questions, contact our Data Protection Officer at privacy@fynmerge.co.