Finlayer
FeaturesPricing

Privacy Policy

How we protect and handle your personal data with full GDPR compliance and transparency

Last updated: September 16, 2025

1. Introduction

This Privacy Policy explains how Moonlysoft ("we," "our," or "us") collects, uses, and protects your personal information when you use the Finlayer platform and related services. We are committed to protecting your privacy and ensuring transparency about our data practices.

This policy applies to all users of our financial management platform, including visitors to our website, trial users, and paying customers. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect
Personal Information
  • Account Information: Name, email address, phone number, company details
  • Identity Verification: Government-issued ID, business registration documents
  • Contact Information: Billing address, communication preferences
  • Professional Information: Job title, company size, industry sector

Financial Information

  • Bank Account Data: Account numbers, transaction history, balances (via secure open banking APIs)
  • Payment Information: Payment methods, billing history, subscription details
  • Invoice Data: Invoice content, supplier/customer information, tax details
  • Financial Reports: Generated reports, analytics data, financial insights

Technical Information

  • Usage Data: Feature usage, session duration, click patterns
  • Device Information: IP address, browser type, operating system
  • Log Data: Access logs, error reports, performance metrics
  • Cookies: Authentication tokens, preferences, analytics data
3. How We Use Your Information

Service Provision

  • • Provide financial management services
  • • Process payments and transactions
  • • Generate reports and analytics
  • • Maintain account security
  • • Provide customer support

Legal & Compliance

  • • Comply with Romanian and EU regulations
  • • Prevent fraud and money laundering
  • • Maintain audit trails
  • • Respond to legal requests
  • • Ensure tax compliance
4. Legal Basis for Processing

Contract

Processing necessary for performing our contract with you (service provision)

Legal

Compliance with Romanian financial regulations, tax laws, and anti-money laundering requirements

Legitimate Interest

Fraud prevention, service improvement, and business analytics

Consent

Marketing communications and optional features (where explicitly consented)

5. Data Sharing and Disclosure

Service Providers

We share data with trusted third parties who help us provide our services:

  • Banking Partners: Secure open banking connections
  • Payment Processors: Subscription and payment processing
  • Cloud Providers: Secure data hosting and storage
  • Analytics Providers: Service improvement and performance monitoring

Legal Requirements

We may disclose your information when required by law, including to Romanian tax authorities, financial regulators, or in response to valid legal processes.

We never sell your personal data to third parties for marketing purposes.

6. Your Privacy Rights

Under GDPR and Romanian data protection law, you have the following rights:

Access

Request a copy of your personal data

Rectification

Correct inaccurate or incomplete data

Erasure

Request deletion of your data

Portability

Export your data in a structured format

Restriction

Limit how we process your data

Objection

Object to certain types of processing

Withdraw Consent

Revoke previously given consent

Complaint

File a complaint with supervisory authorities

To exercise your rights, contact our Data Protection Officer at dpo@moonlysoft.com

7. Data Security

We implement industry-standard security measures to protect your data:

Technical Safeguards

  • • End-to-end encryption
  • • Secure data transmission (TLS 1.3)
  • • Regular security audits
  • • Access controls and authentication
  • • Automated threat detection

Organizational Measures

  • • Staff training on data protection
  • • Data processing agreements
  • • Incident response procedures
  • • Regular compliance reviews
  • • Privacy by design principles
8. Data Retention

We retain your data only as long as necessary:

Account DataDuration of service + 7 years (tax compliance)
Financial Records7 years (Romanian accounting law)
Marketing DataUntil consent withdrawn
Technical Logs12 months
9. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure adequate protection through:

  • • European Commission adequacy decisions
  • • Standard Contractual Clauses (SCCs)
  • • Binding Corporate Rules
  • • Certification schemes and codes of conduct
10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer

dpo@moonlysoft.com

Postal Address

Moonlysoft
Moldovei, nr.2
Targu-Mures, Mures
Romania

11. Supervisory Authority

You have the right to lodge a complaint with the Romanian supervisory authority:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)

Website: www.dataprotection.ro
Email: anspdcp@dataprotection.ro