Last updated: May 2026
Finsensa is operated by Finsensa Ltd, a company registered in England and Wales (company number 17072795), with registered address at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
We are registered with the Information Commissioner's Office (ICO) as a data controller (ICO registration number: CSN1267225).
For data protection enquiries, contact support@finsensa.com with the subject line “Data Protection”.
Finsensa is a B2B software platform used by commercial finance brokers, lending advisers and accountants to prepare evidence-backed credit packs for UK SME lending applications. The platform helps professional users organise case data, generate forecasts and repayment metrics, produce PDF and Excel outputs, and record lender outcomes.
Finsensa does not provide regulated financial advice, credit advice, lender recommendations, credit broking services or lending decisions. Professional judgement, lender selection, suitability assessment and client advice remain with the adviser or firm using the platform.
For data about platform users, applicants and account holders, Finsensa normally acts as data controller.
| Data | Purpose | Legal basis |
|---|---|---|
| Name, work email address, role and contact details | Application handling, account creation, authentication, support and service delivery | Steps prior to contract and contract performance (Art 6(1)(b)) |
| Founding-member application responses, case volume, live case timing and workflow notes | Cohort selection, onboarding, pilot administration and product calibration | Legitimate interests (Art 6(1)(f)) |
| Practice, firm or workspace name | Workspace administration and attribution on exported packs | Contract performance (Art 6(1)(b)) |
| Usage events, export history, micro-feedback and support interactions | Security, audit, support, service improvement and pilot validation | Legitimate interests (Art 6(1)(f)) and contract performance (Art 6(1)(b)) |
| IP address, browser/device type and access timestamps | Security monitoring, fraud prevention, diagnostics and audit trail | Legitimate interests (Art 6(1)(f)) |
| Lender outcome information recorded by users | Case tracking, product improvement, pilot reporting and anonymised benchmarking | Contract performance and legitimate interests (Art 6(1)(b) and Art 6(1)(f)) |
When a professional user uploads SME client data, bank statements, management accounts, transaction data or other case evidence, the user or their firm is normally the data controller and Finsensa acts as data processor. Finsensa processes that data on documented instructions to provide the platform and generate the outputs requested by the user.
Users are responsible for ensuring they have a lawful basis to upload and process their clients' data, and for giving their clients any privacy information required under Articles 13 and 14 UK GDPR. This is particularly important where Finsensa receives client data indirectly from the adviser rather than directly from the SME client.
Financial transaction data is commercially sensitive. Transaction descriptions may also incidentally reveal information that could fall within special category data, such as payments to medical providers, religious organisations or trade unions. Finsensa does not intentionally infer, profile or make decisions based on special category data. Where such information appears in uploaded records, it is processed only as part of the user's case evidence and is not extracted or stored separately for special category profiling.
Finsensa may process anonymised and aggregated data derived from platform use, such as follow-up request categories, Trust Badge distributions, timing metrics and lender response patterns, to improve the platform and develop industry benchmarks.
No individual client, adviser, firm or lender will be identified in published benchmark outputs. Finsensa applies an aggregation threshold of at least 50 relevant data points before publishing or externally sharing benchmark statistics. This processing is based on our legitimate interests in product improvement and market insight. You may object to processing based on legitimate interests by contacting us; we will consider the objection and stop the processing unless we can demonstrate compelling grounds to continue.
We use third-party service providers to host, secure and operate Finsensa. The list below reflects the processors intended for live operation. Actual use may vary by environment, and we maintain an internal processor register with the current contractual and transfer position.
| Processor | Role | Location / transfer note |
|---|---|---|
| Railway Technologies Inc. | Application hosting and infrastructure | Region configured for the service; international transfer safeguards may apply |
| Supabase Inc. | Database hosting and storage | Region configured for the project; international transfer safeguards may apply |
| Amazon Web Services | File storage and document processing services where enabled | Configured region, currently intended to be UK/EU where available |
| Upstash Inc. | Cache and session-related infrastructure | Configured region; international transfer safeguards may apply |
| 84codes AB / CloudAMQP | Message broker infrastructure | Configured region; international transfer safeguards may apply |
| Resend Inc. | Transactional email delivery | International transfer safeguards may apply |
| Vercel Inc. | Frontend hosting and content delivery, where used | Global edge network; international transfer safeguards may apply |
AI providers are not listed as active processors for live client case data unless AI features are enabled for that environment. If Finsensa enables third-party AI processing of live case data, this policy and our processor register will be updated before that processing begins.
Where personal data is transferred outside the UK or EEA, Finsensa relies on appropriate safeguards such as UK International Data Transfer Agreements, UK Addenda to EU Standard Contractual Clauses, adequacy regulations, the UK-US Data Bridge where applicable, or equivalent lawful transfer mechanisms.
| Data category | Retention period |
|---|---|
| Founding-member application data where no account is activated | 12 months from application, unless deletion is requested sooner |
| User account and profile data | Account lifetime plus 6 months |
| Case, client and transaction data | 24 months from last case activity, unless earlier deletion is requested and legally feasible |
| Export bundles and evidence files | 24 months from creation unless the user deletes them earlier |
| Audit logs, approvals and export integrity records | Up to 7 years where needed for legal, professional, security or dispute purposes |
| Technical access logs | Normally 90 days, unless needed for security investigation |
| Anonymised aggregate data | Indefinitely, because it no longer identifies individuals |
Finsensa applies technical and organisational controls appropriate to the nature of the platform, including:
If you believe there has been unauthorised access to an account or case data, contact support@finsensa.com immediately.
Finsensa uses automated processing to calculate cash-flow forecasts, debt service coverage ratios, readiness warnings, Trust Badge tiers and repayment-story suggestions. These outputs support the professional user's workflow and do not constitute automated decisions with legal or similarly significant effects under Article 22 UK GDPR. The adviser remains responsible for reviewing, amending and approving outputs before use.
You may have rights of access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making. To exercise a right, email support@finsensa.com with “Data Rights Request” in the subject line. We will respond within one calendar month, unless the law permits an extension.
For client case data uploaded by your adviser or firm, the adviser or firm is normally the controller and should handle data subject requests from its own clients. Finsensa will assist the controller where required under the Data Processing Agreement.
Finsensa uses essential cookies and similar technologies for authentication, security and session management. We do not currently use advertising cookies or third-party behavioural advertising trackers. If this changes, we will update this policy and obtain consent where required by law.
Finsensa is a professional B2B service and is not directed at anyone under 18. We do not knowingly collect personal data from children.
We may update this policy from time to time. Material changes will be notified to registered users where appropriate. If you have concerns, contact us first at support@finsensa.com.
You also have the right to complain to the Information Commissioner's Office at ico.org.uk or by calling 0303 123 1113.