Skip to main content
FinMIFinMI

Privacy Policy

Last updated: April 28, 2026

1. Introduction

This Privacy Policy describes how uPayments LLC ("we," "us," or "our"), operating under the product name FinMI ("Financial Merchant Intelligence"), collects, uses, and shares information when you use our website, dashboard, APIs, and related services (collectively, the "Services"). This policy applies to merchants who use FinMI to manage their payment operations and to website visitors. It does not apply to a merchant's end customers, whose information is governed by the merchant's own privacy policy.

2. Information We Collect

We collect the following categories of information:

  • Account information. Name, email address, phone number, business name, and credentials you provide when registering.
  • Merchant configuration. Branding, payment-form settings, invoice templates, customer records, and integration credentials you choose to connect (for example, your NMI gateway API key, encrypted at rest).
  • Transaction metadata. Records of payments, refunds, disputes, subscriptions, and dunning sequences that flow through your connected gateways. Full card numbers and CVVs are tokenized by NMI and never stored on FinMI servers.
  • Usage and device data. Logs, IP address, browser/device type, and session activity, used for security, debugging, and product analytics.
  • Cookies. Strictly-necessary session cookies and, where enabled, product-analytics cookies (PostHog) that respect Do-Not-Track signals.
  • Communications. Messages you send to support, contact-form submissions, and email opens/clicks where measurable.

3. How We Use Your Information

We use information to:

  • Provide, maintain, and improve the Services.
  • Process payments through your connected gateway(s) and reconcile transactions, refunds, and chargebacks.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Send service announcements, billing notifications, and respond to support requests.
  • Comply with legal obligations and enforce our Terms of Service.

4. Information Sharing

We do not sell your information. We share information only with the following categories of recipients:

  • Payment gateway (NMI). Card data is transmitted directly to NMI's PCI-DSS Level 1 certified gateway for authorization and settlement.
  • Infrastructure providers. Vercel (application hosting), Supabase (database and storage), Upstash (rate-limit cache), Resend (transactional email), Inngest (background workers).
  • Analytics. PostHog for product analytics, with personally-identifiable fields scrubbed before transmission.
  • Integrations you enable. Third-party tools you choose to connect (for example, GoHighLevel CRM) only receive data you explicitly authorize.
  • Legal and safety. When required by valid legal process, to enforce our Terms, or to protect rights, property, or safety.
  • Business transfers. In connection with a merger, acquisition, or asset sale, with notice to affected users.

5. Data Security

Card data flows through NMI's PCI-DSS Level 1 certified gateway and is tokenized; FinMI never stores raw card numbers or CVV values. We encrypt sensitive credentials at rest using AES-256-GCM, transmit data over TLS, scope database access with role-based permissions, and run regular security reviews. No system is perfectly secure; if we discover a breach affecting your information, we will notify you in accordance with applicable law.

6. Data Retention

We retain account information and transaction records for as long as your account is active and for a period of up to seven (7) years thereafter to comply with financial-recordkeeping obligations. Audit logs and security records are retained for a shorter window appropriate to their purpose. You may request deletion of your account at any time; certain records may be retained where law requires.

7. Your Rights and Choices

Depending on where you reside, you may have rights to access, correct, delete, port, or limit the use of your personal information, including under the California Consumer Privacy Act (CCPA/CPRA) and the EU/UK General Data Protection Regulation (GDPR). To exercise these rights, email us at legal@finmi.io. You may also opt out of non-essential analytics cookies in your browser. We will not retaliate against you for exercising any of these rights.

8. Children

The Services are not directed at individuals under 16. We do not knowingly collect information from children. If you believe a child has provided information to us, contact us so we can delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated by email or through the dashboard. The "Last updated" date at the top reflects the most recent revision.

10. Contact Us

Questions about this Privacy Policy? Email legal@finmi.io.

uPayments LLC
Albuquerque, NM, United States