Privacy Policy

Finaxus is an AI-powered financial agent that operates through messaging platforms. We help you monitor your portfolio, track market events, and stay informed — all through natural conversation. This Policy explains what personal data we collect, how we use it, and the rights you have over it. Finaxus is currently operated by Malek Jabareen as an unincorporated project. This Policy will be updated with the full legal entity name and registered address upon incorporation. Contact: malik@finaxus.ai Website: finaxus.ai

Account Your email address, collected during onboarding for identity verification. Your messaging platform user ID (e.g. Telegram), used to route messages and alerts to you. AI Provider Credentials The API key you provide for your chosen AI model (Claude, GPT, or Gemini). Stored encrypted. Used exclusively to make API calls to your chosen provider on your behalf. We do not read, log, or retain the content of your conversations — they are processed by your AI provider under their terms. Broker & Data Provider Credentials API keys or OAuth tokens you connect. Stored encrypted. Used solely to make authenticated requests to the respective service on your behalf. OAuth tokens are managed by a dedicated internal service and are never passed to the AI model. Workspace Documents Text documents built from your conversations with the agent — your financial profile, portfolio holdings, watchlist, monitoring preferences, and personal notes. Stored in our database and used to give the agent context in each session. Conversation History Your message history with the agent, stored temporarily in Redis. Reset daily at 4AM and after an idle period. Not retained long-term. Alert deduplication summaries (factual statements about events already communicated to you) are stored in Redis for up to 24 hours to prevent the agent from sending duplicate alerts in the same day. Usage & Technical Data Standard server logs, IP addresses, and error diagnostics used to operate and secure the service.

To operate the service — authenticate your account, route messages, execute broker requests, and run monitoring cycles on your behalf. To personalize the agent — your workspace documents are injected into the AI context so the agent understands your situation and remembers your rules across every session. To run heartbeat monitoring — on each scheduled cycle, live market data is fetched and passed alongside your preferences to the AI for analysis. No long-term storage of market data occurs. To communicate with you — transactional emails (verification codes, important notices) sent via our email provider. To secure the platform — fraud prevention, abuse detection, and maintaining system integrity. To comply with law — where required by applicable legal obligations.

For users in the EEA or UK, we rely on the following lawful bases under applicable data protection law: Contract performance — account data, credentials, workspace documents, and conversation history are processed as necessary to provide the service you have signed up for. Legitimate interests — usage and technical data, security monitoring, and fraud prevention, where our interests are not overridden by your rights. Legal obligation — where we are required to process your data to comply with applicable law. Consent — where we rely on your consent to process your data, you may withdraw it at any time by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

The finaxus.ai website may use cookies or similar technologies for basic functionality and analytics. No advertising or tracking cookies are used. You can manage cookies through your browser settings.

Finaxus does not supply an AI model. You connect your own — Claude (Anthropic), GPT (OpenAI), or Gemini (Google) — using your own API key. This means: — Your conversations are processed by your own AI provider, not stored by us — Your AI billing is entirely between you and your provider — We do not retain conversation content beyond the current session. Messages are passed through our infrastructure to your AI provider but are not stored after the session ends — Your API key is stored encrypted at rest and transmitted only to your provider's API endpoint Finaxus is an orchestration layer. Your model, your account, your data.

When you connect a broker or data provider, we store your credentials encrypted. These are used exclusively to make API requests on your behalf — fetching holdings, prices, news, and other market data. For OAuth brokers: access and refresh tokens are stored securely, refreshed automatically, and never exposed to the AI model. You will be notified if re-authentication is required. We are not a broker, custodian, or financial institution. We do not hold, move, or have custody of any funds. All data retrieved from brokers is used solely to serve you within Finaxus.

We do not sell your personal data. We share data only as necessary to operate the service: — Infrastructure providers (Microsoft Azure) for hosting, storage, and compute — AI providers (Anthropic, OpenAI, Google) to process your messages — under their respective terms and privacy policies — Broker and data provider APIs solely to fulfill your requests — Email delivery providers (Resend) for transactional messages — Authorities if required by law, court order, or to protect the safety and rights of users and the platform All processors handling your data on our behalf are bound by confidentiality and appropriate security obligations.

Conversation history — stored in Redis, reset daily at 4AM and after idle periods. Not retained beyond session use. Workspace documents — retained for the lifetime of your account, plus up to 30 days after account deletion. Credentials — retained while your account is active. Deleted immediately upon disconnecting a skill or closing your account. Account data — retained while active, then deleted or anonymized within 90 days of account closure unless legal obligations require otherwise.

We apply technical and organizational measures appropriate to the data we handle: — Encryption in transit (TLS) and at rest for all credentials and sensitive fields — Access controls and least-privilege principles across our infrastructure — Credential isolation — broker tokens are managed by a dedicated service, never exposed to the AI model or other services — Regular monitoring and security practices No system is perfectly secure. If you believe your account has been compromised, contact us immediately at malik@finaxus.ai.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay and in accordance with applicable law. We will also notify the relevant supervisory authority where required.

Depending on your location, you may have the right to: — Access the personal data we hold about you — Correct inaccurate data — Request deletion of your account and associated data — Object to or restrict certain processing — Receive a portable copy of your data To exercise any of these rights, contact us at malik@finaxus.ai. We may verify your identity before fulfilling requests. EEA/UK users: you may also lodge a complaint with your local data protection supervisory authority.

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale of your personal information (we do not sell personal information); and not be discriminated against for exercising these rights. To exercise these rights, contact malik@finaxus.ai.

Finaxus is not directed to individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at malik@finaxus.ai and we will delete it promptly.

Your data may be processed in countries other than your own, including the United States and European Union member states, where our infrastructure and service providers operate. Where required, we apply appropriate safeguards for cross-border transfers.

We may update this Policy as the product evolves. We will post the updated effective date above. Continued use of Finaxus after changes constitutes acceptance of the updated Policy. For material changes, we will notify you directly where possible.

For privacy questions, data requests, or concerns, contact us at malik@finaxus.ai.