Security & Privacy
At Fintellect, we’re not just about crunching numbers; we're also wizards at guarding them.
Infrastructure security
Fintellect servers are hosted at Hetzner, one of the most reliant and safe data storage providers. The data storage is secure and physical data storage devices are inacessible to third parties.
Physical Security of Data Centers
Controlled Access
The access to the data centers where our servers are located is strictly controlled.
Surveillance and Monitoring
24/7 surveillance systems are in place, such as CCTV cameras and alarm systems.
Environmental Control
Various measures taken to protect servers from environmental threats.
Server Security
Rack Security
Including locked cabinets to prevent unauthorized physical access to the servers.
Redundant Power Supply
The use of uninterrupted power supplies (UPS) and backup generators.
Redundant Power Supply
Firewalls and intrusion detection systems are implemented  at the server level to protect against cyber threats.
Audits & Compliance checks
Compliance with Standards
Industry-specific standards for the data centers to comply with, including ISO/IEC 27001
Regular audits
Enshuring ongoing compliance with these standards and to assess and improve physical security measures.
Application security
Fintellect prioritises application security through a meticulous blend of advanced practices, ensuring robust data protection. Methodically layering encryption, access controls, and continuous monitoring, we create a secure environment where your data remains safeguarded against evolving cyber threats.
Database Security
Access Controls
Stringent access controls are enforced for our database, ensuring only authorized interactions are permitted.
Encryption at Rest
All sensitive data stored in our database is encrypted, maintaining its confidentiality and integrity against unauthorized access.
Regular Audits
Periodic security audits of our database environment to proactively identify and address potential security gaps.
Storage of Sensitive Variables
Usage of Vault
We employ a vault system for centralized management of sensitive variables, such as API keys and credentials.
Encryption of Vault Contents
The contents of the vault are rigorously encrypted, providing an additional layer of security to sensitive information.
REST API Security
Signature with 
User-Specific Hash
We enhance the security of our REST API inquiries by signing them with a user-specific hash. This ensures the integrity and authenticity of each data exchange.
API Rate Limiting 
and Access Controls
Our APIs are protected against abuse and unauthorized access through rate limiting and stringent access controls.
⚡️ Fintellect raises €250 000 in pre-seed funding backed by top European VC funds
Privacy & data protection
Data Collection:
Fintellect collects only the personal data needed for user registration, including name, last name, email, phone, and password. Other data collected is non-personal and corporate in nature.

Fintellect obtains consent for the collection and processing of personal data through user confirmation in the app interface. No personal data is collected, only anonymized logs of app performance are collected.

Data Use:
Fintellect uses personal data only for the purpose of user authentication.

Data Storage and Security:
Fintellect stores personal data in a secure database that is detached from other front-end and back-end applications. The company data is stored in different instances in order to diversify the risk.

User Rights:
Fintellect allows users to correct their personal data via user or company settings, or by contacting us at

Third-Party Processors:
Fintellect uses third-party processors that are GDPR compliant.

Clear and concise privacy policy:
Fintellect's privacy policy is written in a clear and concise manner to be easily understandable for users.

Digital signature validation:
Fintellect uses digital signature validation for all API requests between the front-end and back-end applications.
Identification of the parties:
This Data Processing Agreement ("DPA") is entered into on the date of acceptance by the User, by and between Fintellect ("Controller") and Nordigen and Google ("Processors").

Description of the personal data:
The Processors will process on behalf of the Controller personal data provided by the User as part of the account registration process, including name, last name, email, phone and country, as well as any additional personal data that may be required for the use of PSD2 and social authentication services.

Data protection obligations of the processors:
The Processors shall:
a) process the personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law;
b) ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
c) implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including as appropriate, the pseudonymization and encryption of personal data;
d) taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organizational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed.
e) at the choice of the controller, delete or return all the personal data to the controller after the end of the provision of services relating to processing, and delete existing copies unless Union or Member State law requires storage of the personal data;
f) make available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.

The Processors shall not engage another processor without prior specific or general written authorisation of the controller. Where the processors engage another processor for carrying out specific processing activities on behalf of the controller, the same data protection obligations as set out in the DPA shall be imposed on that other processor by way of a contract or other legal act under Union or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of this Regulation.

Data breaches:
The Processors shall promptly notify the controller if it becomes aware of a personal data breach. The notification shall describe the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the personal data records concerned. The Processor shall promptly take all necessary steps to contain and mitigate the personal data breach, and shall provide the Controller with all information necessary to comply with its own notification obligations under the applicable data protection laws.

Technical and organizational measures:
The Processors shall implement appropriate technical and organizational measures to protect the personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage. The Processors shall regularly review and assess the effectiveness of the technical and organizational measures implemented. Nordigen’s information security management system is ISO 27001 certified, meaning there are specific processes in place to add an extra layer of information security.

Audit rights:
The Controller shall have the right to conduct audits, including inspections, to ensure compliance with this DPA. The Controller shall provide the Processor with reasonable prior notice of any such audit, and the Processor shall cooperate fully with the Controller in connection with any such audit.

Return or destruction of personal data:
Upon termination of this DPA, the Processors shall, at the choice of the Controller, either return or securely destroy all personal data in their possession or control.

Governing law:
This DPA shall be governed by and construed in accordance with the laws of the European Union, without giving effect to any principles of conflicts of law.

Term and termination:
This DPA shall remain in effect until terminated by either party upon written notice to the other party.
User Agreement
Terms of useIntroduction:
This Terms of Service Agreement ("Agreement") is a legally binding agreement between you ("User", "you" or "your") and Fintellect ("Fintellect", "we", "us" or "our") and governs your use of the Fintellect app, website and any related services (collectively, the "Service"). By using the Service, you agree to be bound by the terms and conditions of this Agreement. If you do not agree to the terms and conditions of this Agreement, you should not use the Service.

Use of the Service:
The Service is intended for corporate use by team members who are 18 years of age or older. By using the Service, you represent and warrant that you are 18 years of age or older and that you have the right, authority and capacity to enter into this Agreement on behalf of your company. You are responsible for ensuring that your use of the Service complies with all laws, regulations and ordinances of the European Union. You agree that you will not use the Service for any illegal or unauthorized purpose. You agree to comply with all applicable laws regarding the transmission of technical data exported from the European Union.

User Accounts:
To use certain features of the Service, you may be required to register for an account. You agree to provide accurate, current and complete information about yourself and your company as prompted by the Service's registration process. You will also be asked to provide a password. You are responsible for maintaining the confidentiality of your account and password and are fully responsible for all activities that occur under your account. You agree to immediately notify Fintellect of any unauthorized use of your account or password.

User Content:
You are responsible for any and all data, text, files, information, usernames, images, graphics, photos, profiles, audio and video clips, sounds, musical works, works of authorship, applications, links and other content or materials ("User Content") that you upload, post, publish or display (hereinafter, "post") on or through the Service. By posting User Content on or through the Service, you represent and warrant that you have the right to do so, and that such User Content, or its use by Fintellect as permitted herein, does not violate this Agreement, the rights of any third party or applicable law.

Modification of the Service and Prices:
Fintellect reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Service (or any part thereof) with or without notice. Prices of all Services, including but not limited to monthly subscription plan fees to the Service, are subject to change upon 30 days notice from us. Such notice may be provided at any time by posting the changes to the Fintellect Site ( or the Service itself.

Intellectual Property:
The Service and its original content, features and functionality are and will remain the exclusive property of Fintellect and its licensors. The Service is protected by copyright, trademark, and other laws of both the European Union and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of Fintellect.

Fintellect may terminate your access to all or any part of the Service at any time, with or without cause, with or without notice, effective immediately. If you wish to terminate this Agreement or your Fintellect account, you may simply discontinue using the Service. All provisions of this Agreement which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, and limitations of liability.

Limitation of Liability:
In no event shall Fintellect, its officers, directors, employees, or agents, be liable to you for any direct, indirect, incidental, special, punitive, or consequential damages whatsoever resulting from any (i) errors, mistakes, or inaccuracies of content, (ii) personal injury or property damage, of any nature whatsoever, resulting from your access to and use of our Service, (iii) any unauthorized access to or use of our secure servers and/or any and all personal information stored therein, (iv) any interruption or cessation of transmission to or from the Service, (v) any bugs, viruses, trojan horses, or the like, which may be transmitted to or through the Service by any third party, and/or (vi) any errors or omissions in any content or for any loss or damage of any kind incurred as a result of your use of any content posted, transmitted, or otherwise made available via the Service, whether based on warranty, contract, tort, or any other legal theory, and whether or not the company is advised of the possibility of such damages.

Governing Law:
This Agreement shall be governed by and construed in accordance with the laws of the European Union, without giving effect to any principles of conflicts of law.

Dispute Resolution:
Any dispute arising out of or relating to this Agreement or the Service shall be resolved through binding arbitration in accordance with the commercial arbitration rules of the European Union. Any such dispute shall be arbitrated on an individual basis, and shall not be consolidated in any arbitration with any claim or controversy of any other party. The arbitration shall be conducted in the European Union.

Changes to this Agreement:
Fintellect reserves the right, at its sole discretion, to modify or replace this Agreement at any time. If a revision is material we will try to provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.Contact Information:If you have any questions about this Agreement, please contact us at
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
🫶 We promise not to spam you


We’ll send 
the info soon

Our dataroom & pitch deck sharing is not automated, but we’ll reach out shortly to send you material