Legal

Privacy Policy

Effective date: 30 March 2026 · Last updated: 30 March 2026

This policy explains what personal data Finivo Sentinel collects, why it is collected, how it is used, and your rights under the EU General Data Protection Regulation (GDPR).

1. Who We Are

Finivo Sentinel is operated by Nikolaos Tsiolas, a sole trader based in Greece ("we", "us", "our"). You can reach us at [email protected].

For the purposes of GDPR, we are the data controller of the personal data described in this policy.

2. What Data We Collect

Account data: When you register, we collect your email address and, if you use Google Sign-In, your name and Google profile picture as provided by Google OAuth.

Project data: Any project, task, budget, and EVM data you enter into Sentinel. This data belongs to you and is stored on your behalf.

Payment data: If you subscribe to Finivo Sentinel Pro, payment is processed by Stripe. We do not store your card details. We receive confirmation of your subscription status from Stripe.

Usage and activity logs: We log in-app actions (e.g. project created, snapshot taken) for your own activity history and to support product improvement. These logs are tied to your account.

Technical data: Standard server logs (IP address, browser type, timestamps) generated by Netlify when you access the application.

3. Why We Collect It (Legal Basis)

Contract performance — to provide the Sentinel service you signed up for, including storing your projects and processing your subscription.
Legitimate interests — to maintain security, prevent fraud, fix bugs, and improve the product based on aggregate usage patterns.
Legal obligation — to retain transaction records as required by applicable tax and financial regulations.

4. How We Share Your Data

We do not sell or rent your personal data. We share data only with the following service providers, strictly for operating Finivo Sentinel:

Supabase (database & authentication) — stores your account and project data. Data is held in EU-region servers.
Stripe (payments) — processes subscription payments. Stripe is a certified PCI DSS Level 1 provider.
Netlify (hosting & serverless functions) — serves the application and processes server-side functions.
Google (OAuth, optional) — only if you choose to sign in with Google.

Each provider acts as a data processor under GDPR and is bound by contractual obligations to protect your data.

5. Data Retention

We retain your account and project data for as long as your account is active. If you delete your account, your data is deleted within 30 days, except where we are required to retain certain records (e.g. invoices) for tax compliance purposes, typically up to 5 years.

6. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — request deletion of your personal data ("right to be forgotten").
Restriction — ask us to limit how we process your data.
Portability — receive your project data in a machine-readable format (we support CSV/Excel export).
Object — object to processing based on legitimate interests.
Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at dpa.gr.

7. Cookies

Finivo Sentinel uses only functional cookies and browser local storage strictly necessary to operate the application — for example, to keep you logged in between sessions. We do not use advertising or tracking cookies, and we do not use any analytics platform.

8. Data Security

We apply industry-standard measures to protect your data: HTTPS in transit, row-level security (RLS) in our database so users can only access their own data, and access controls on all backend functions. No system is perfectly secure, but we take your data protection seriously.

9. Children's Privacy

Finivo Sentinel is a professional tool not directed at children. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a notice within the application. The "Last updated" date at the top of this page reflects the most recent revision.

11. Contact

Questions or requests regarding this policy:

Nikolaos Tsiolas
[email protected]
Greece