Privacy Policy

Last updated: 29 March 2026 · FinnWorks AI

The short version: We collect your website URL and email address to run your audit and send you the report. We don't sell your data, we don't add you to a mailing list, and we don't share your information with third parties except where necessary to run the service (payment processing and email delivery).

1. Who we are

FinnWorks AI ("we", "us", "our") operates at finnworks.ai. We provide an AI-powered website audit service for small business owners. Our contact email is [email protected].

This policy applies to information collected through the finnworks.ai website and any related services.

2. What information we collect

We collect the following information when you use FinnWorks:

Website URL — the address of the site you ask us to audit. We access this site to perform the analysis.
Email address — used to deliver your audit report and, if purchased, your Fix Guide. Nothing else.
Payment information — if you purchase a Fix Guide, payment is handled entirely by Stripe. We do not receive or store your card details at any point.
Technical data — basic server logs (IP address, browser type, request time) are retained for up to 30 days for security and error monitoring purposes.

We do not collect: names, phone numbers, physical addresses, social media profiles, or any other personal information unless you voluntarily provide it by emailing us directly.

3. How we use your information

We use the information we collect for the following purposes only:

To run the website audit and generate your personalised PDF report
To email you your audit report (and Fix Guide if purchased)
To process payments through Stripe for Fix Guide purchases
To respond to enquiries you send us directly
To monitor and maintain the security and performance of our service

We do not use your information for marketing, we do not add you to any mailing list, and we do not use your data to train AI models.

4. Who we share your information with

We share data with the following third parties only where necessary to run the service:

Stripe — payment processing for Fix Guide purchases. Stripe's privacy policy applies to data shared with them: stripe.com/privacy
Google — we submit your website URL to Google's PageSpeed Insights API to retrieve performance data. Google's privacy policy applies: policies.google.com/privacy
Email delivery provider — we use Gmail (Google Workspace) to deliver your report. Your email address is used only to send your report and is not retained by our email provider beyond standard delivery logs.
Hosting provider — our application is hosted on Railway.app. Basic technical data (logs) may be accessible to Railway for infrastructure management purposes.

We do not sell, rent, or trade your personal information to any third party, ever.

5. How long we keep your data

Audit data (URL + email) — retained for up to 90 days to allow us to investigate any delivery issues. After that, it is deleted.
Payment records — Stripe retains transaction records as required by their legal obligations. We retain records of purchases (email, URL, amount) for up to 7 years for accounting and legal compliance.
Server logs — retained for up to 30 days, then automatically deleted.
Direct email enquiries — retained until the matter is resolved, or for up to 2 years if needed for our records.

6. Your rights under the New Zealand Privacy Act 2020

Under the Privacy Act 2020, you have the right to:

Request access to the personal information we hold about you
Request correction of any personal information that is inaccurate or out of date
Ask us to delete your personal information (subject to any legal retention obligations)
Withdraw consent for us to use your information at any time
Make a complaint to the Office of the Privacy Commissioner if you believe we have breached your privacy

To exercise any of these rights, email us at [email protected]. We will respond within 20 working days.

If you are not satisfied with our response, you can contact the Office of the Privacy Commissioner at privacy.org.nz.

7. Cookies and tracking

FinnWorks AI does not use cookies for tracking or advertising. We do not use Google Analytics, Facebook Pixel, or any other third-party analytics or advertising technology.

Your browser may store session data (such as form input) in local storage as a standard browser function. This data never leaves your device and is not accessible to us.

8. Security

All data transmitted to and from finnworks.ai is encrypted using HTTPS (TLS). We do not store payment card details — all payment processing is handled by Stripe's PCI-compliant infrastructure.

Access to our systems is restricted to authorised personnel only. We take reasonable technical and organisational measures to protect your personal information from unauthorised access, loss, or misuse.

In the event of a data breach that is likely to cause serious harm, we will notify affected individuals and the Privacy Commissioner as required by the Privacy Act 2020.

9. Children's privacy

FinnWorks AI is intended for use by business owners and is not directed at anyone under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If we make material changes, we will take reasonable steps to notify affected users.

Continued use of FinnWorks after a policy update constitutes acceptance of the updated policy.

11. Contact us

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us:

Email: [email protected]

Website: finnworks.ai

We aim to respond to all privacy enquiries within 5 working days.