Privacy Policy

Last updated: 15 June 2026

1. Who we are

Finn Intelligence Ltd (“Finn”, “we”, “us”, “our”) is a company registered in England and Wales. We operate the Finn market intelligence service accessible via thefinnews.com and delivered via Telegram.

For the purposes of UK GDPR and the Data Protection Act 2018, Finn Intelligence Ltd is the data controller for the personal data we collect about you.

Contact: privacy@thefinnews.com

2. What data we collect

We collect and process the following categories of personal data:

  • Identity data: Your name and email address, provided when you create an account (via Google OAuth or email/password registration).
  • Subscription preferences: The asset classes, regions, sectors, and categories you select during onboarding.
  • Telegram chat ID: Your Telegram identifier, collected when you connect your Telegram account to receive alerts.
  • Payment data: We use Revolut for payment processing. We do not store card details on our systems.
  • Usage data: Technical data including your IP address, browser type, pages visited, and timestamps — collected automatically via cookies and server logs.
  • Data agreement records: Timestamp and confirmation of your acceptance of our data processing agreement.

3. Legal bases for processing

We process your personal data on the following legal bases under UK GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): Processing your name, email, preferences, and Telegram ID to deliver the market intelligence service you subscribed to.
  • Legitimate interests (Art. 6(1)(f)): Fraud prevention, security monitoring, and improving our service.
  • Legal obligation (Art. 6(1)(c)): Retaining financial records for tax and accounting purposes (7 years under UK law).
  • Consent (Art. 6(1)(a)): Non-essential cookies and direct marketing communications, where required.

4. How we use your data

  • To create and manage your account and subscription.
  • To deliver personalised market intelligence alerts via Telegram according to your selected preferences.
  • To process payments and manage your subscription billing via Revolut.
  • To send transactional emails (account confirmation, subscription receipts, important service notices).
  • To detect and prevent fraud, abuse, and unauthorised access.
  • To comply with legal obligations and respond to lawful requests from authorities.

5. Data sharing and third parties

We do not sell your personal data to third parties.

We share data with the following service providers:

  • Supabase Inc. — Database and authentication hosting (servers in the EU).
  • Revolut Ltd. — Payment processing. Subject to Revolut’s own privacy policy and PCI DSS compliance.
  • Telegram Messenger Inc. — Message delivery. Your Telegram messages are processed according to Telegram’s privacy policy.
  • Servers.com — Web application hosting (VPS located in the EU).
  • Google LLC — Optional Google OAuth authentication.

All processors are subject to Data Processing Agreements and appropriate safeguards under UK GDPR Chapter V.

6. Data retention

  • Active account data is retained for the duration of your subscription plus 12 months.
  • Financial transaction records are retained for 7 years in compliance with UK tax law.
  • Data agreement records are retained for 7 years as evidence of consent.
  • When you request account deletion, your personal data is removed within 30 days, except where retention is required by law.

7. Your rights under UK GDPR

You have the following rights:

  • Right of access — obtain a copy of your personal data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — (“right to be forgotten”) request deletion of your data.
  • Right to restrict processing — limit how we use your data.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, email privacy@thefinnews.com. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

8. Cookies

We use only strictly necessary cookies to maintain your authenticated session. We do not use analytics, advertising, or any third-party tracking cookies. Persistent authentication cookies expire after 7 days; session cookies are deleted when you close your browser.

Under UK PECR, strictly necessary cookies do not require opt-in consent, but we are required to clearly disclose their use. Full details of every cookie we set are available in our Cookie Policy.

9. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, and role-based access controls. Revolut handles all payment card data under PCI DSS Level 1 compliance.

10. Changes to this policy

We may update this policy periodically. We will notify you of material changes by email and by posting the updated policy on this page with a revised “Last updated” date.