Privacy
How FinkMesh handles account data, workflow data, credentials, billing records, and support requests.
Overview
FinkMesh is a workflow automation service. We collect and process the information needed to create accounts, run workflows, store workspace settings, troubleshoot issues, process billing, secure the service, and respond to support requests.
This policy is written for the launch version of FinkMesh. It is not a substitute for a negotiated data processing agreement or custom enterprise terms.
Information we collect
- Account information, including name, email address, authentication records, and workspace memberships.
- Workspace information, including workflows, folders, templates, variables, notification settings, and team roles.
- Workflow data, including node configuration, pinned test fixtures, run history, trigger payloads, step inputs and outputs, errors, readiness results, webhook metadata, and audit logs.
- Credential and connection metadata, including provider names, scopes, token previews, and encrypted tokens or secrets needed to run workflows.
- Billing information handled through Stripe, including customer identifiers, subscription status, plan, invoices, billing interval, and payment portal events.
- Support information, including ticket messages, screenshots, attachments, email delivery status, and diagnostic details you choose to provide.
- Session and device data, including authentication cookies, session identifiers, and local browser state needed to keep you signed in and secure the service.
- Security and operations data, including IP address, user agent, request metadata, rate-limit counters, queue state, cron health, webhook rejects, and service logs.
How we use information
- Operate, test, publish, pause, resume, and monitor workflows.
- Authenticate users, enforce workspace permissions, and protect accounts.
- Apply plan limits, usage counters, rate limits, readiness checks, and abuse prevention.
- Send operational notices, support replies, billing messages, workflow alerts, and security notifications.
- Debug errors, improve reliability, investigate incidents, and maintain service health.
- Process payments, subscription changes, refunds, and tax or accounting records through Stripe.
- Comply with legal obligations and enforce the Terms.
Workflow data and secrets
Workflow runs may contain data from your systems and third-party services. You control what data you send into FinkMesh through triggers, webhooks, HTTP requests, variables, connections, and node configuration.
Workspace secrets, API keys, OAuth tokens, and encrypted variables are encrypted before storage. Secret values are non-revealable after storage and must be rotated to replace. Run logs and support screenshots may still contain information you send to us, so avoid adding unnecessary sensitive data. When you pin a step-test input, FinkMesh stores a redacted copy separately from the published workflow definition until you remove the pin or delete the workflow.
Sharing and subprocessors
We do not sell personal information. We share information with service providers only as needed to run FinkMesh, including hosting, database, storage, email delivery, authentication, billing, monitoring, and support infrastructure.
Current launch subprocessors are listed at /subprocessors. They include infrastructure and service providers such as Vercel, Neon, Cloudflare, Stripe, Resend, authentication providers, deployment infrastructure, and AI/model providers used for AI-powered features.
Third-party integrations receive data only when your workflows, connected accounts, or customer-directed settings send data to them. Customer-directed integrations are not always FinkMesh subprocessors; they may be independent services you choose to use with FinkMesh.
When you use AI features, the content needed to perform the requested action may be sent to the configured or FinkMesh-managed AI/model provider, including Anthropic or OpenAI where those providers are used. We do not use customer workflow content to train our own models unless explicitly stated.
Cookies and local browser data
FinkMesh uses essential cookies, session storage, and local browser state for authentication, account security, workspace navigation, preferences, and product operation. We do not currently need a broad marketing-cookie banner for the launch product unless additional analytics, advertising, remarketing, or tracking tools are added.
Retention and deletion
We keep account, workspace, workflow, billing, audit, and support records for as long as needed to provide the service, meet legal and accounting requirements, resolve disputes, secure the platform, and operate backups. Some logs and backup copies may persist for a limited period after deletion.
| Data category | Current retention approach |
|---|---|
| Account and workspace records | While the account or workspace is active, then as needed for support, security, legal, and backup purposes. |
| Workflow definitions and configuration | While retained in the workspace or until deleted, subject to backup and legal retention periods. |
| Pinned workflow test fixtures | Until unpinned, replaced, or the workflow is deleted, subject to backup and legal retention periods. Pinned fixtures store redacted test input and reference context. |
| Workflow run logs and step results | Generally retained for product history and troubleshooting while the workspace is active; plan-specific pruning may be added as the service matures. |
| Workspace audit logs | Default 90 days where no workspace setting is configured; workspace settings may support shorter or longer retention within product limits. |
| Support tickets and attachments | Generally retained while the related ticket or account remains active, unless deleted earlier or required longer for support, security, legal, or abuse-prevention reasons. |
| Security and operations logs | Retained as needed to detect abuse, investigate incidents, debug reliability issues, and protect the service. |
| Billing records | Retained as required for tax, accounting, payment, fraud-prevention, chargeback, and legal obligations. |
| Backups | Deleted data may remain in managed backups until normal backup rotation, restore, and disaster-recovery windows expire. |
To request account deletion, workspace deletion, export assistance, or correction of account details, contact contact@finkmesh.com from the email address on your account.
Security
We use technical and organizational safeguards appropriate for an early-stage automation product, including encrypted secret storage, permission checks, rate limits, bounded webhook payloads, audit logging, protected support attachments, and operational health monitoring.
No internet service can guarantee perfect security. If you believe you found a vulnerability or an account compromise, email contact@finkmesh.com with enough detail for us to investigate. More detail is available on the Security page.
Your choices
- You can update many account, workspace, notification, billing, and connection settings in the product.
- You can disconnect third-party accounts and rotate or delete workspace credentials you no longer need.
- You can cancel paid subscriptions through the Stripe Customer Portal.
- You can ask us to access, correct, delete, or export account-related information, subject to verification and legal exceptions.
Children
FinkMesh is not intended for children under 13, and we do not knowingly collect information from children. If you believe a child created an account, contact us so we can review and remove it.
Changes
We may update this policy as FinkMesh changes. Material updates will be posted on this page with a new effective date. Continued use of the service after an update means the updated policy applies.