Privacy Policy
Effective July 7, 2026 · Last updated July 7, 2026
This Privacy Policy explains how DXDT Labs Incorporated (“Finterm”, “we”, “us”, or “our”) collects, uses, and shares information when you:
- Visit Finterm websites, including
finterm.aianddocs.finterm.ai(the “Website”), - Use the Finterm web app, dashboard, APIs, or hosted runtime features,
- Install or use the Finterm CLI, including
@finterm-ai/cli, related agent integrations, and Dataroom tooling (the “Software”), or - Use any Finterm service that references this Privacy Policy (together, the “Service”).
If you do not agree with this Privacy Policy, please do not use the Service.
1. Who We Are
DXDT Labs Incorporated is a Delaware corporation based in San Francisco, California. The Service helps users and agents retrieve, organize, and analyze financial and market information through a developer-friendly API and CLI workflow.
2. Information We Collect
We collect information in three main ways: information you provide, information we collect automatically, and information from third parties.
A. Information You Provide
Depending on how you use the Service, you may provide:
- Account information, such as name, email address, username, authentication credentials, organization or workspace settings, and account preferences.
- Billing information if you purchase a paid plan. Payments are processed by third-party payment processors such as Stripe. We typically receive limited billing details, such as billing address, payment status, tax status, subscription status, and the last four digits of a payment method, but we do not receive your full card number.
- Communications, such as when you email us, contact support, join a waitlist, respond to surveys, or otherwise communicate with us.
- Feedback and issue reports, including bug reports, logs you choose to share, feature requests, and similar submissions.
- Inputs submitted through the Service, such as tickers, company names, fiscal periods, query parameters, search queries, and other request inputs. Some inputs may include personal information if you choose to include it.
- Generated or retrieved artifacts, such as Dataroom packages, run manifests, exported files, and downloaded research outputs, when the Service stores those materials to provide retrieval, resume, download, caching, or account features.
B. Information We Collect Automatically
When you use the Service, we may automatically collect:
- Device and connection information, such as IP address, browser type, device identifiers, operating system, and approximate location inferred from IP address.
- Usage information, such as features used, actions taken, pages viewed, API calls made, timestamps, performance metrics, referral pages, and exit pages.
- Log and diagnostic data, such as error reports, crash logs, stack traces, request metadata, runtime status, and debugging data.
- Security information, such as authentication events, token issuance and revocation metadata, rate-limit events, abuse-prevention signals, and audit logs.
CLI-Specific Data Collection
When you use the Finterm CLI, we may additionally collect:
- API request parameters, such as tickers, companies, fiscal periods, search queries, Dataroom identifiers, and other inputs provided through CLI commands. We use these parameters to provide the Service, enforce usage limits, debug failures, and improve the product.
- Authentication-token metadata. The CLI stores authentication credentials locally on your device, typically in your home directory, to maintain your session. Credentials are transmitted only as needed to authenticate API requests. We store server-side token metadata needed for validation, revocation, rate limiting, security, and account support.
- Product analytics events, if CLI telemetry is enabled.
These events may include command names, feature adoption, version, platform, error
categories, and anonymized or pseudonymous identifiers.
If CLI telemetry is enabled, we provide a first-run notice and honor
DO_NOT_TRACK,FINTERM_TELEMETRY_DISABLED, and the supported in-product telemetry-disable command. - Error reports, if CLI error reporting is enabled. Diagnostic information may be sent to an error-monitoring provider such as Sentry to help identify and fix issues. We configure error reporting to avoid tokens, secrets, local file contents, and raw output payloads except where you deliberately attach logs or reports.
Agent Integrations
The Finterm CLI can install or configure Finterm as a tool or skill in compatible AI coding environments. When you install an integration:
- The CLI may write configuration files to an integration directory on your device.
- These files describe available Finterm commands and how the AI environment can invoke them.
- The AI environment may send your natural-language requests or generated tool arguments to the Service when it invokes Finterm on your behalf.
The third-party AI environment’s own terms and privacy practices also apply.
C. Information from Third Parties
We may receive information from third parties, including:
- Identity providers, such as Clerk, for authentication and account management.
- Payment processors, such as Stripe, for payment confirmation, subscription status, tax handling, and fraud prevention.
- Analytics and performance providers, such as PostHog or similar tools.
- Security and monitoring providers, such as Sentry or similar tools.
- Hosting and infrastructure providers, such as Convex, Render, Google Cloud, and related storage or runtime services.
- Customer support and communications tools, if we use them.
- Third-party data providers that supply financial, market, filing, search, or web data used to respond to your requests.
3. Cookies and Similar Technologies
We and our service providers may use cookies and similar technologies, such as local storage, pixels, SDKs, and device identifiers, to:
- Keep you signed in and maintain essential functionality,
- Remember preferences,
- Understand how the Website and app are used,
- Measure and improve performance, and
- Support security, abuse prevention, analytics, and billing workflows.
You can control cookies through browser settings. Blocking certain cookies may impact functionality. If we use non-essential cookies or tracking technologies in jurisdictions that require consent, we will provide the required choices before using those technologies.
4. How We Use Information
We use information to:
- Provide, operate, maintain, and improve the Service,
- Create and manage accounts,
- Authenticate users and API clients,
- Process API and CLI requests,
- Generate, store, sync, and deliver Dataroom packages and related artifacts,
- Process transactions, subscriptions, invoices, taxes, and fraud-prevention checks,
- Enforce usage limits, rate limits, and plan entitlements,
- Debug, test, monitor, and secure the Service,
- Prevent fraud, abuse, security incidents, and unauthorized access,
- Communicate with you about service, support, billing, security, and product updates,
- Send marketing communications where permitted by law and your preferences, and
- Comply with legal obligations and protect our rights.
5. Legal Bases for Processing (EEA/UK/Switzerland)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process personal data under one or more of these legal bases:
- Contract: to provide the Service you request.
- Legitimate interests: to secure and improve the Service, prevent fraud, and operate our business, balanced against your rights.
- Consent: for certain cookies, marketing, or telemetry where required.
- Legal obligation: to comply with applicable laws.
6. How We Share Information
We may share information as described below.
A. With Service Providers
We use vendors to help operate the Service, such as identity, payments, hosting, analytics, error monitoring, storage, email, and support providers. These vendors may process information on our behalf under contractual obligations.
Depending on the feature, providers may include:
- Identity and account management: Clerk or similar providers
- Payments and billing: Stripe or similar providers
- Backend, hosting, and storage: Convex, Render, Google Cloud, or similar providers
- Analytics: PostHog or similar providers
- Error monitoring and debugging: Sentry or similar providers
- Customer support and communications: email and ticketing tools
We may update this list over time as vendors change.
B. With Third-Party Data Providers
To fulfill your requests, we may send request parameters to third-party data sources, such as financial-data APIs, search providers, filing databases, web-research services, or market-data providers. These providers process the request according to their own terms and policies.
Examples may include SEC EDGAR, market-data providers, web-search providers, LLM providers, and other financial-data sources.
C. For Legal, Safety, and Security Reasons
We may disclose information if we believe in good faith that disclosure is necessary to:
- Comply with law or legal process,
- Protect the rights, property, and safety of Finterm, our users, or others, or
- Investigate or prevent fraud, abuse, outages, or security incidents.
D. Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction.
E. With Your Direction
We may share information when you request or direct us to do so.
7. Data Retention
We keep information for as long as necessary to provide the Service and for legitimate and lawful business purposes. For example:
- We generally keep account information while your account is active and for a reasonable period after closure or deletion request.
- We may retain request, run, artifact, billing, security, and audit records for a limited period to provide downloads, billing, support, fraud prevention, and security.
- We may retain billing and tax records as required by law.
You may request deletion of account information as described below, subject to legal, security, billing, and operational exceptions.
8. Security
We use reasonable administrative, technical, and physical safeguards designed to protect information. However, no security measure is perfect, and we cannot guarantee absolute security.
9. International Data Transfers
Finterm is based in the United States, and information may be processed in the United States and other countries where we or our service providers operate. If you are outside the United States, your information may be transferred to and processed in countries where privacy laws may differ from those in your location.
Where required, we use appropriate safeguards for international transfers, such as contractual protections.
10. Your Rights and Choices
Depending on where you live, you may have rights regarding your personal information, such as:
- Access: request a copy of personal information we hold about you.
- Correction: request correction of inaccurate information.
- Deletion: request deletion of personal information.
- Objection or restriction: object to or request restriction of certain processing.
- Portability: request a portable copy of certain information.
You can also:
- Update account information through account settings, if available.
- Opt out of marketing emails by using the unsubscribe link or contacting us.
- Disable CLI telemetry using the supported environment variables and command when CLI telemetry is enabled.
To exercise your rights, contact us using the details in the “Contact Us” section. We may need to verify your identity before fulfilling requests.
11. Additional Disclosures for California Residents (CCPA/CPRA)
This section applies to California residents and describes our practices under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
A. Categories of Personal Information We Collect
In the past 12 months, we may have collected the following categories of personal information, depending on how you use the Service:
- Identifiers, such as name, email address, IP address, account identifiers, and authentication identifiers
- Internet or other electronic network activity, such as usage data, device data, API activity, log data, and telemetry
- Commercial information, such as subscription status, payment status, billing records, and usage limits
- Approximate location data, such as location inferred from IP address
- Customer support information, such as messages and support requests
- User-provided request content, such as tickers, companies, search queries, prompts, and parameters submitted through the Service
B. Sources of Personal Information
We collect personal information from:
- You directly,
- Your devices, browsers, and CLI automatically when you use the Service, and
- Service providers and third parties, such as identity, payment, analytics, monitoring, hosting, and data providers.
C. Purposes for Collecting and Using Personal Information
We use personal information for the purposes described in “How We Use Information,” including operating the Service, processing payments, analytics, security, support, and legal compliance.
D. Selling or Sharing
We do not sell your personal information. We also do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
If we ever change this practice, we will update this Privacy Policy and provide any required opt-out rights, including a “Do Not Sell or Share My Personal Information” mechanism.
E. Sensitive Personal Information
We do not use or disclose sensitive personal information for purposes that require an opt-out under the CCPA. If we process sensitive personal information, we do so only as reasonably necessary to provide the Service, ensure security, and comply with law.
F. Your California Privacy Rights
Subject to exceptions, California residents may have the right to:
- Know the personal information we collected, used, or disclosed,
- Delete personal information,
- Correct inaccurate personal information,
- Opt out of sale or sharing, if applicable,
- Limit certain uses of sensitive personal information, if applicable, and
- Not be discriminated against for exercising privacy rights.
G. How to Exercise Your Rights
You or an authorized agent can submit a request by contacting us at the email address in “Contact Us.” We will verify your request as required by law.
12. Children’s Privacy
The Service is intended for adults and is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided personal information to us, please contact us so we can take appropriate action.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date and may provide additional notice as required by law.
14. Contact Us
For privacy questions or requests, contact:
DXDT Labs Incorporated
San Francisco, California
Email: help@finterm.ai