Privacy Policy

FINTASTIQ LLC

PRIVACY POLICY

Effective Date: March 10, 2026
Last Updated: March 10, 2026

FintastIQ LLC (“we,” “us,” or “our”) is a Nevada limited liability company and strategic consulting firm specializing in pricing, marketing, sales, and product strategy for high-growth and private equity-backed companies.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use any website, platform, application, or service operated under the fintastiq.com domain and its subdomains (collectively, the “Services”). This includes, without limitation:

  • www.fintastiq.com (corporate website)
  • assess.fintastiq.com (self-serve capability assessment)
  • diagnose.fintastiq.com (engagement-level commercial diagnostics)
  • academy.fintastiq.com (online learning platform)
  • toolkit.fintastiq.com (downloadable frameworks, calculators, and playbooks)
  • signals.fintastiq.com (competitive intelligence and market signal monitoring)
  • All integrated software modules for pricing, sales, marketing, and product analytics

This policy applies to any current or future property hosted on fintastiq.com or its subdomains. If you do not agree with this policy, please do not access or use our Services.

1. Service Classifications

Our Services fall into four categories, each with different data collection characteristics:

Informational Properties: Our corporate website (www.fintastiq.com) provides information about FintastIQ and collects only website visitor data and newsletter signups

Self-Serve Tools: assess.fintastiq.com and signals.fintastiq.com allow authenticated users to access diagnostic assessments and market intelligence. These collect account data, usage data, and tool-specific inputs

Subscription Platforms: academy.fintastiq.com, toolkit.fintastiq.com, and our integrated software products require account creation and may involve paid subscriptions. These collect account data, payment data, usage data, and user-generated content

Engagement-Level Tools: diagnose.fintastiq.com supports deeper commercial diagnostics conducted in connection with consulting engagements. These may process sensitive business data subject to additional confidentiality protections under the applicable engagement agreement

The tiered data collection matrix in Section 3 details what data is collected by each service category.

2. Account Information and Authentication

Access to our platforms requires account creation through one of our supported authentication providers: Google Cloud Identity or Microsoft Entra ID. A single account provides unified access across all FintastIQ properties through single sign-on (SSO).

At login, we collect:

  • First name and last name
  • Email address
  • User ID (assigned by the authentication provider)

You may provide additional information through your use of our Services, as described in the data collection matrix below.

3. Tiered Data Collection Matrix

The following matrix describes the categories of personal and business data collected across each service tier:

Note: Engagement-level data (diagnose.fintastiq.com) may include sensitive business information such as pricing structures, margin data, and competitive positioning. This data is subject to additional confidentiality protections under the applicable Statement of Work or engagement agreement, which governs in the event of any conflict with this policy.

4. Automatically Collected Information

4.1 Website Analytics
Our corporate website (www.fintastiq.com) is hosted on Squarespace and uses Squarespace Analytics and Google Analytics to collect anonymized visitor data including page views, traffic sources, and navigation patterns.

4.2 Platform Analytics
Our custom-built platforms may collect usage analytics for performance monitoring, product improvement, and user experience optimization. This data is processed internally and is not shared with third-party analytics providers unless specified in this policy.

4.3 Download Tracking
When you download frameworks, calculators, playbooks, or other resources from toolkit.fintastiq.com, we record the download event, including the resource accessed, timestamp, and your user ID. This data is used to personalize your experience and recommend relevant resources.

5. Cookies and Tracking Technologies

5.1 Cookies on www.fintastiq.com
Our Squarespace-hosted website places the following cookies:

  • Essential cookies: Required for core website functionality, including session management and CSRF protection. These are set regardless of your preferences
  • Analytics cookies: Squarespace Analytics and Google Analytics use cookies to measure visitor behavior. You can manage these through your browser settings or the Google Analytics Opt-out Browser Add-on

5.2 Cookies on FintastIQ Platforms
All FintastIQ platforms that require authentication set:

  • Authentication session cookies: Set by Google Cloud Identity or Microsoft Entra ID when you log in. These are essential for maintaining your session and cannot be disabled while using the platform
  • Functional cookies: Used to store preferences and session state within the platform

We do not use advertising or retargeting pixels on any FintastIQ property.

6. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing, maintaining, and improving our Services across all platforms
  • Authenticating your identity and managing your unified account
  • Processing payments and managing subscriptions through Stripe
  • Delivering assessment results, diagnostic analyses, course content, toolkit resources, and competitive intelligence
  • Generating AI-assisted insights, scoring, content, and analysis (see Section 9)
  • Tracking resource downloads to personalize recommendations and measure content effectiveness
  • Delivering consulting services and fulfilling engagement obligations
  • Sending newsletters, thought leadership content, and marketing communications via Substack and SendGrid
  • Managing client relationships and business development through HubSpot
  • Complying with legal obligations and protecting our rights

7. How We Share Your Information

We do not sell your personal information. We share information with the following categories of service providers:

  • Authentication: Google Cloud Identity and Microsoft Entra ID
  • Cloud infrastructure: Supabase (hosted on Vercel and Google Cloud Platform)
  • Payment processing: Stripe
  • Email and communications: Substack (newsletters), SendGrid (transactional email)
  • CRM and marketing: HubSpot
  • Website hosting: Squarespace (www.fintastiq.com)
  • Analytics: Google Analytics (www.fintastiq.com only)
  • AI processing: Anthropic (see Section 9)
  • Document storage: Microsoft SharePoint (raw client engagement data)

We may also share information with professional advisors, in response to legal process, or in connection with a business transfer, as described in our prior policy version.

8. Third-Party Data and Market Intelligence

Our competitive intelligence platform (signals.fintastiq.com) aggregates and presents data from third-party sources to help users monitor market signals and competitive dynamics. FintastIQ does not control the accuracy, completeness, or timeliness of third-party data sources.

Your queries, alert configurations, and interaction patterns within the signals platform are collected and associated with your user profile to provide personalized intelligence and improve the service. This behavioral data is treated as personal data under this policy.

9. Use of Artificial Intelligence

FintastIQ uses Anthropic AI products for back-end process automation across our Services, including:

  • Assessment scoring and analysis of diagnostic responses (assess and diagnose platforms)
  • Content generation for courses, reports, and educational materials
  • Data analysis and insights generation for software products and consulting engagements
  • Internal workflow automation and communication drafting

In the course of these activities, certain user data may be processed by Anthropic’s systems, including assessment responses and platform usage data. For consulting engagements, client data may be processed through Anthropic’s API for diagnostic analysis, with raw source data maintained separately on Microsoft SharePoint.

We apply the same data protection standards to all AI-processed data. We do not permit the use of personal data for training third-party AI models. We do not use AI to make fully automated decisions that produce legal or similarly significant effects on users without human review.

10. Anonymized and Aggregated Data

With your explicit opt-in consent, we may use anonymized and aggregated data derived from your use of our Services for benchmarking, product improvement, and thought leadership purposes. This data is stripped of all personally identifiable information and cannot be used to identify you. You may manage your consent preferences through your account settings or by contacting legal@fintastiq.com.

11. Data Retention

We retain personal information as follows:

  • Active accounts: Data is retained for the duration of your account and active use of our Services
  • Account deletion: Upon receiving a deletion request at legal@fintastiq.com, personal information is deleted within 30 days, except where retention is required by law or necessary for legitimate business purposes
  • Assessment and diagnostic data: Retained while your account is active and for 30 days following deletion
  • Academy and toolkit data: Course progress, completion records, certificates, and download history are retained while your account is active. Certificate records may be retained longer for verification
  • Signals data: Query history and alert configurations are deleted within 30 days of account deletion
  • Engagement data: Client data under Statements of Work is retained per the engagement agreement
  • Website analytics: Aggregated data is retained per our analytics providers’ retention settings

12. Data Security

We implement commercially reasonable safeguards to protect your personal information, including:

  • Encryption of data in transit via TLS/SSL across all FintastIQ properties
  • Encryption of data at rest within our infrastructure
  • Access controls limiting data access to authorized personnel on a need-to-know basis
  • Regular security audits and penetration testing
  • An incident response plan for addressing data breaches
  • Confidentiality and non-disclosure agreements for all employees and contractors

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

13. Your Rights and Choices

13.1 Account Access and Deletion

  • Access and update your account information through your platform settings
  • Request a copy of your personal data by emailing legal@fintastiq.com
  • Request deletion of your account and associated data by emailing legal@fintastiq.com (completed within 30 days)

13.2 Marketing Communications
Opt out via the “unsubscribe” link in any marketing email, through Substack preferences, or by contacting us directly. Transactional communications will continue.

13.3 Cookie Preferences
Manage cookie settings through your browser. Disabling analytics cookies will not affect platform functionality.

13.4 Do Not Track
Our Services do not currently respond to “Do Not Track” browser signals.

14. State-Specific Privacy Rights

14.1 California Residents (CCPA/CPRA)
California residents have rights to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined under the CCPA/CPRA.

14.2 Other U.S. State Laws
Residents of states with applicable privacy legislation (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights. Contact legal@fintastiq.com to exercise any applicable rights.

15. International Users

FintastIQ LLC is based in the United States. Our platforms are accessible internationally. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from your jurisdiction.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your data on the basis of consent, contractual necessity, legitimate interests, or legal compliance. You may have additional rights under the GDPR, including the right to lodge a complaint with your local supervisory authority.

16. Enterprise Data Processing

Enterprise clients, including private equity firms and portfolio companies, may request a separate Data Processing Agreement (DPA) governing the processing of personal data in connection with consulting engagements or platform usage. To request a DPA, contact legal@fintastiq.com.

Where a DPA is executed between FintastIQ and an enterprise client, the terms of the DPA govern the processing of that client’s data to the extent they conflict with this Privacy Policy.

17. Children’s Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information within 30 days. Contact legal@fintastiq.com if you believe a child’s information has been collected.

18. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of those third parties and encourage you to review their policies.

19. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated by updating the “Last Updated” date and, where appropriate, notifying you via email or platform notification. We encourage periodic review.

20. Contact Us

For questions, privacy rights requests, or data protection concerns:

FintastIQ LLC
1150 N Lake Shore Dr, Suite 2A
Chicago, IL 60611
Phone: (800) 664-3320
Email: legal@fintastiq.com
Website: www.fintastiq.com