Privacy Policy
Last updated: 12 June 2026
This policy explains what personal data FineSet collects, why we collect it, how we use and protect it, and the rights you have under the EU General Data Protection Regulation (GDPR). We keep this short and honest: today FineSet is an early-access waitlist, and the only personal data we need is your email address.
1. Who we are
FineSet (“FineSet”, “we”, “us”, “our”) operates the website at fineset.io and is the data controller for the personal data described in this policy.
- Contact for privacy matters: privacy@fineset.io
2. What personal data we collect
Data you give us
- Email address — when you join the waitlist. This is the only field the form asks for.
- Referral information — if you arrive through someone’s referral link, we record that your signup came from that link, and we generate a referral code for you so you can invite others and move up the queue.
Data collected automatically
- IP address — your IP is read in memory only to apply rate limits and prevent abuse of the signup form. It is not stored in our database and is not linked to your email.
- Basic server logs — our hosting infrastructure keeps standard technical logs (such as request times and error diagnostics) for security and reliability.
What we do not do
- We use no cookies, no localStorage tracking, no analytics, and no advertising or third-party tracking pixels on this site.
- We do not knowingly collect special categories of data (Art. 9 GDPR) and ask you not to send any.
- We do not sell or rent your personal data to anyone.
3. Why we use your data and our legal bases
| Data | Purpose | Legal basis (Art. 6 GDPR) |
|---|---|---|
| Email address | Add you to the waitlist and email you when your access opens or about the early-access program. | Your consent (Art. 6(1)(a)), given when you submit the form. You can withdraw it at any time. |
| Referral data | Run the referral queue mechanic (tracking who referred whom and your position boost). | Our legitimate interest (Art. 6(1)(f)) in operating a fair waitlist. |
| IP address & server logs | Rate limiting, security, and preventing abuse of the service. | Our legitimate interest (Art. 6(1)(f)) in keeping the service secure. |
4. How long we keep it
- Email and referral data: kept while you remain on the waitlist. We delete it when you ask us to, when you unsubscribe or withdraw consent, or when the waitlist program ends — whichever comes first.
- IP address: held only transiently in memory for the duration of the rate-limit window (seconds) and then discarded. Never written to our database.
- Server logs: retained only as long as needed for security and diagnostics, then rotated and deleted by our infrastructure providers.
5. Who we share it with
We share personal data only with the infrastructure providers (“processors”) that run FineSet on our behalf, under contracts that require them to protect your data and process it only on our instructions:
- Vercel Inc. — serves this static website over a global content-delivery network.
- Our application host — an EU-based virtual private server that runs the waitlist API and the database where your email is stored.
We may also disclose data if required by law, or to protect our rights, safety, or property. We do not use your data for advertising and we do not sell it.
6. International data transfers
Your email and the application database are hosted within the European Union. The static website is delivered through Vercel’s global CDN, which may involve transfer to servers outside the European Economic Area (EEA), including the United States. Where data is transferred outside the EEA, it is protected by an appropriate safeguard under Chapter V GDPR — typically the European Commission’s Standard Contractual Clauses. You can request a copy of the relevant safeguard by contacting us.
7. Your rights under the GDPR
If you are in the EEA, you have the right to:
- Access the personal data we hold about you (Art. 15);
- Rectify inaccurate or incomplete data (Art. 16);
- Erase your data — the “right to be forgotten” (Art. 17);
- Restrict how we process your data (Art. 18);
- Port your data to another service in a machine-readable format (Art. 20);
- Object to processing based on legitimate interests (Art. 21);
- Withdraw consent at any time (Art. 7(3)) — this won’t affect processing already carried out. Every email we send will include an unsubscribe link, and you can also email us.
To exercise any of these rights, email privacy@fineset.io. We will respond within one month, as required by Art. 12 GDPR. There is no charge for a reasonable request.
You also have the right to lodge a complaint with a supervisory authority. You can contact the authority in your own EU country; a list is available at edpb.europa.eu.
8. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR). Your queue position is a simple, transparent calculation based on signup order and referrals.
9. Children
FineSet is not directed to children. We do not knowingly collect data from anyone under 16. If you believe a child has given us personal data, contact us and we will delete it.
10. Security
We use HTTPS everywhere, a strict Content-Security-Policy, rate limiting, and access controls to protect your data. Access to the waitlist database is restricted. No method of transmission or storage is perfectly secure, but we take reasonable measures appropriate to the limited data we hold.
11. Changes to this policy
We may update this policy as FineSet grows. We will change the “Last updated” date above, and for material changes affecting how we use your data we will notify waitlist members by email where appropriate.
12. Contact
Questions about this policy or your data? Email privacy@fineset.io.
See also our Terms of Service · Back to home