Privacy Policy

The controller responsible for processing your personal data is MomentumQ GmbH, Leutschenbachstrasse 95, 8050 Zurich, Switzerland (UID CHE-222.957.350). Contact: info@momentumq.com. This policy is written to meet the Swiss Federal Act on Data Protection (revFADP/revDSG) and, where it applies to you, the EU/EEA and UK GDPR.

To provide the service: authenticate you, store your research, enforce quotas, and process payments (contract — revDSG; GDPR Art. 6(1)(b)); to keep the service secure, reliable, and to prevent abuse (legitimate interest — GDPR Art. 6(1)(f)); and, where required, on the basis of your consent (GDPR Art. 6(1)(a)), which you may withdraw at any time. We do not sell your personal data and do not use it for advertising.

We share data with the following recipients. Those acting on our behalf do so under data-processing agreements:

• Supabase — database, authentication, and storage.
• Vercel — application hosting and delivery.
• Stripe — payment processing and the billing portal. We receive only customer and subscription identifiers; card data is handled by Stripe and never reaches us.
• Anthropic — on our free tier, the content of your AI requests is sent to Anthropic's API to generate a response. Anthropic does not use data submitted through its API to train its models by default. We send only what is needed to answer your prompt.

When you sign in, you authenticate with Google or GitHub. They are independent controllers (not our processors) and provide us your name, email, and avatar under their own privacy policies.

DataFinx lets you add your own API key for a third-party model provider (currently Anthropic, Moonshot AI, or DeepSeek). If you do, your key is encrypted at rest (AES-256-GCM) and used only to send your prompts to the provider you selected, under your own account with that provider. You direct that transfer, and the provider's own terms govern how it handles your data — including any use for model training and where it processes data. In particular, Moonshot AI (operated from Singapore) and DeepSeek (which states it stores personal data in China) may use submitted content to improve their models and process data outside Switzerland and the EEA; neither country benefits from a Swiss adequacy decision. Choose a provider accordingly.

Some of our processors — notably Anthropic, Stripe, and our hosting/database infrastructure — process data in the United States. Such transfers are protected by appropriate safeguards, namely the EU Standard Contractual Clauses (with the Swiss addendum) and equivalent contractual measures, as required by the revDSG and GDPR. Transfers you initiate by adding your own model key are described above under "If you use your own model key".

DataFinx uses only essential cookies required to sign you in and keep your session secure. We do not use third-party advertising or analytics tracking, so no consent banner is required for non-essential cookies. If this changes, we will update this policy and ask for consent where the law requires it.

We keep your data while your account is active. You can delete chats in-app and request account deletion at info@momentumq.com; we then remove your personal data except where retention is legally required (e.g. accounting records).

Subject to applicable law, you may request access to, correction of, deletion of, or a copy (portability) of your personal data, and you may object to or restrict certain processing or withdraw consent. We answer access requests within 30 days, free of charge. Contact info@momentumq.com. You also have the right to lodge a complaint — in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC/EDÖB), or in the EU/EEA with your local supervisory authority.

Encryption in transit (TLS), encryption of stored API keys, scoped per-user data access, and rate limiting. No method is perfectly secure, but we work to protect your information.

We may update this policy; material changes will be notified in-app or by email. Questions: info@momentumq.com.