Privacy Policy

Information We Collect

We collect the following categories of information when you use Digital.Finance:

• Personal identification information: Name, email address, and submitter contact details — collected when you submit a listing, create an account, sign in via Google SSO, or contact us.
• Listing information: Business details you provide for inclusion in the directory (company name, website URL, description, category, country, regions served, customer type, founding year, ticker symbol, founder name).
• Payment information: When you purchase a paid tier (Category Featured or Homepage Featured), payment is processed by Stripe. We do not store full card numbers, CVCs, or bank account details. We receive and store only metadata: Stripe customer ID, checkout session ID, payment amount, and the date of purchase.
• Domain verification data: If you use DNS TXT verification to claim a listing, we query public DNS records for the domain you specify. The result of that query (whether the expected TXT record was found) is stored in an audit log. We do not store other DNS records or scan unrelated parts of your DNS.
• Log data: Server logs of requests to the service, including IP address, browser type, requested URL, referrer, and timestamp. Used for security, abuse prevention, and operational debugging.
• Cookies and similar technologies: See the Cookies section below.
• Embed analytics: If you embed our calculators on a third-party site, we may record the embedding site's domain and impression counts in aggregate. We do not collect end-user identifiers of visitors to your embedded calculator.

How We Use Your Information

We use the information we collect for the following purposes:

• To operate the directory — display approved listings, route claim requests, manage account ownership.
• To process payments and grant 12-month Featured placement (via Stripe).
• To verify domain ownership when you claim a listing (email-match or DNS TXT verification).
• To prevent abuse — rate limit submissions, detect spam, enforce App Check bot protection.
• To respond to support inquiries and account requests.
• To send transactional emails (claim invitations, payment receipts, renewal reminders before your 12-month period ends).
• To improve the service — aggregate, cookieless page-view counts from Cloudflare Web Analytics.
• To comply with legal obligations (tax records, fraud prevention).

We do not sell your personal information for cash. We display Google AdSense ads on content pages; subject to your consent choices, Google may use cookies to personalize ad selection. Under California's CCPA/CPRA, programmatic ad selection may qualify as "sharing" — see the Your California Privacy Rights section below to learn how to opt out.

Cookies and Tracking Technologies

We use three categories of cookies. EU, UK, and EEA visitors are shown a consent banner on first visit with a default-deny posture (you must explicitly Accept before any advertising or analytics cookies load). Visitors from other regions see an informational notice; ads and analytics load by default, and you can opt out at any time via the "Do Not Sell or Share My Personal Information" link in the footer.

Essential (cannot be opted out — required for the service to function):

• Firebase Authentication — keeps you signed in across pages.
• reCAPTCHA Enterprise / App Check — anti-bot protection on forms and API calls.
• Stripe — required when you visit the payment checkout page.
• Session tokens and CSRF protection.

Analytics (you can decline these via the cookie banner):

• Cloudflare Web Analytics — aggregate page-view counters. Cookieless, no fingerprinting, no PII. See cloudflare.com/web-analytics.

Advertising (you can decline these via the cookie banner):

• Google AdSense — displays advertisements on content pages (calculators, blog posts, guides, glossary, reviews). May set cookies for ad measurement, ad selection, and frequency capping. We do not directly profile visitors or share personal data with advertisers; ad selection is handled by Google subject to your consent choices and Google's own privacy controls at adssettings.google.com.

We implement Google Consent Mode v2: by default all advertising and analytics signals are denied. They are only granted after explicit user consent (EU/UK/EEA) or default-acknowledged in other regions where you can revoke at any time. Ads are not shown on conversion-funnel surfaces (homepage, directory listings, /pricing, /get-listed, dashboard, account settings).

Data Retention

We retain different categories of data for different periods:

• Account data: retained while your account is active. You may delete your account at any time from your profile. On deletion we erase all personal data tied to your account (profile, contact details, authentication record, submitter info, in-flight claims).
• Approved business listings: business listings (company name, website, description, category, etc.) are corporate/factual data, not personal data. When you delete your account, listings you submitted are unclaimed — your personal connection is severed (userId, name, email stripped), but the business record remains in the directory. Anyone with proof of ownership can re-claim it. If you want a specific listing fully removed, contact us and we'll handle it case-by-case.
• Payment records: retained for at least 7 years in compliance with tax and accounting regulations. This includes Stripe customer IDs and purchase metadata. Card numbers themselves are stored only by Stripe.
• Audit logs: retained for 12 months. Includes domain verification attempts, admin actions, and abuse-detection events.
• Submission rejection records: retained for 90 days after rejection.
• Anonymous server logs: retained for up to 90 days for security and operational debugging.
• Aggregate analytics (Cloudflare Web Analytics): cookieless page-view counters; Cloudflare retains aggregate metrics per its own retention policy. No per-visitor data is stored.

After the retention period, data is deleted or anonymised. Some data may be retained longer if legally required or if necessary to resolve a dispute.

Data Security

We use industry-standard measures to protect your personal information:

• All data in transit is encrypted via TLS.
• Firebase Firestore enforces server-side security rules that restrict access to authorised users only.
• App Check (reCAPTCHA Enterprise) blocks unauthorised clients from making API requests.
• Sensitive tokens (invite links, DNS verification tokens) are SHA-256 hashed before storage — the raw token only appears in the URL or email sent to the user.
• Payment card data is handled exclusively by Stripe under PCI DSS compliance; we never see your card numbers.

No method of transmission or storage is 100% secure, but we work to use commercially reasonable safeguards. If we become aware of a security breach that affects your personal data, we will notify you in accordance with applicable law.

Third-Party Services

We use the following third-party services to operate the directory. Each has its own privacy practices:

• Firebase (Google) — authentication, Firestore database, hosting, Cloud Functions. policies.google.com/privacy
• Stripe — payment processing for paid tiers. stripe.com/privacy
• Google reCAPTCHA Enterprise — bot detection on forms and API calls. policies.google.com/privacy
• Google AdSense — display advertising on content pages, gated by user consent. policies.google.com/technologies/ads · opt-out: adssettings.google.com
• Cloudflare — CDN, DNS routing, email forwarding, and privacy-first Web Analytics (cookieless aggregate page-view counting). cloudflare.com/privacypolicy
• A third-party link-preview service used for admin moderation only (fetches public Open Graph metadata for submitted URLs; does not receive any personal data).

These services process your data on our behalf under their own privacy terms. We do not transfer your data to other third parties for marketing or resale.

International Data Transfers

Some of our service providers (Firebase, Stripe, Cloudflare, Google) are based in the United States. By using Digital.Finance, you understand that your data may be transferred to and processed in the United States or other jurisdictions where these providers operate. These providers implement appropriate safeguards (including Standard Contractual Clauses under GDPR where applicable) for international transfers.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate personal data.
• Erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention requirements.
• Restriction of processing — limit how we use your data in certain circumstances.
• Portability — receive your data in a portable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for processing based on consent (e.g. analytics cookies), at any time.

If you have an account, you can update most of your information from your dashboard. To exercise any other right, contact us at the email address below. We will respond within 30 days.

If you believe we have not adequately addressed a complaint, you may lodge a complaint with your local data protection authority.

Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights regarding personal information.

"Sale" and "Share" disclosure: We do not sell personal information for monetary consideration. However, when you view ads on our content pages, Google AdSense may use cookies and device identifiers to select and measure ads. Under CCPA/CPRA, this activity may qualify as "sharing" personal information for cross-context behavioral advertising.

How to opt out:

• Click the "Do Not Sell or Share My Personal Information" link in the site footer to re-open the cookie consent banner and decline advertising cookies. This will apply to future page loads on this browser.
• Or visit adssettings.google.com to opt out of personalized advertising at the Google account level.
• Or send a verifiable request to [email protected] and we will manually flag your account for advertising-cookie suppression on future visits.

You also have the right to know what personal information we hold, request deletion (subject to legal retention requirements), and not be discriminated against for exercising these rights. See the "Your Rights" section above.

Children’s Privacy

Digital.Finance is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal reasons. Material changes will be communicated by updating the "Last updated" date at the top of this page. Continued use of the service after a revision constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, or wish to exercise any of your rights, please contact us at [email protected].