PRIVACY POLICY – FINSUITES, LLC

Last Updated: 31 December 2025

1. Introduction and Scope

This Privacy Policy explains how FinSuites, LLC (“FinSuites”, “we”, “us”, “our”) collects, uses, discloses and protects personal data in connection with the provision of its software-as-a-service platform and related services (the “Services”).

FinSuites provides its Services exclusively to business customers (B2B). The Services are not intended for consumers or private individuals acting outside a business or professional capacity.

This Privacy Policy applies to:

visitors of our websites,

customers and authorized users of the Services,

individuals whose personal data is processed in connection with the Services.

This Privacy Policy must be read together with our Terms and Conditions and, where applicable, the Data Processing Agreement (DPA / AVV).

This Privacy Policy does not govern the content of customer data processed by FinSuites solely on behalf of customers within the scope of Processor Services. Such processing is subject to the customer’s own privacy notice and the applicable DPA.

2. Controller and EU Representative

Controller

FinSuites, LLC
30 North Gould St Ste R
Sheridan, WY 82801
United States

Email: [email protected]

EU Representative (Article 27 GDPR)

FIN Capital GmbH
Lenzstraße 5
90408 Nürnberg
Germany

The EU representative is authorized to be addressed by supervisory authorities and data subjects in relation to processing activities covered by this Privacy Policy.
The EU representative acts solely in accordance with Article 27 GDPR and does not assume the role of controller or processor.

3. Roles and Scope of Processing (Controller vs. Processor)

Depending on the context of processing, FinSuites acts either as a data controller or as a data processor.

Controller Services

FinSuites acts as a data controller where personal data is processed for its own business purposes, including:

website operation,

account administration and authentication,

billing and payment management,

sales, marketing and affiliate attribution,

customer support and communications,

security, fraud prevention and compliance with legal obligations.

Processor Services

Where customers use the Services to process personal data of their own clients, leads, employees or contractors, FinSuites acts solely as a data processor on behalf of the customer. In such cases, the customer remains the data controller and determines the purposes and means of processing.

Processor Services are governed by a separate Data Processing Agreement (DPA / AVV) pursuant to Article 28 GDPR.

4. White-Label Platform and Infrastructure

FinSuites operates its Services as a white-label implementation of the GoHighLevel / LeadConnector platform. The core infrastructure, features and technical processing mechanisms correspond to those provided by GoHighLevel and its affiliated entities.

This white-label structure does not affect FinSuites’ responsibilities as a controller for Controller Services or as a processor under the DPA for Processor Services.

5. Categories of Personal Data

FinSuites processes personal data only to the extent necessary to provide the Services and comply with applicable law.

a) Account and Customer Data

name

company name

business address

email address

telephone number

login credentials

user roles and permissions

b) End-Customer Data (Processed on Behalf of Customers)

names

email addresses

telephone numbers

communication metadata

IP addresses

c) Usage and Technical Data

IP address

browser and device information

operating system

log files

timestamps and interaction data

d) Payment and Transaction Data

Payments are processed exclusively by third-party payment providers (e.g. Stripe). FinSuites does not store full payment card details.

billing information

transaction identifiers

payment status

tokenized payment references

e) Marketing and Tracking Data

Subject to applicable consent:

cookie identifiers

analytics data

advertising interaction data

FinSuites does not process special categories of personal data within the meaning of Article 9 GDPR.

6. Purposes of Processing and Legal Bases

Personal data is processed only where permitted by law.

Contract Performance (Art. 6(1)(b) GDPR)

provision and operation of the Services

account management

payment processing

customer support

Legitimate Interests (Art. 6(1)(f) GDPR)

security, abuse and fraud prevention

system stability and performance

internal analytics and reporting

enforcement of contractual rights

Consent (Art. 6(1)(a) GDPR)

marketing communications

non-essential cookies and tracking

Consent may be withdrawn at any time with effect for the future.

Legal Obligations (Art. 6(1)(c) GDPR)

accounting and tax obligations

regulatory compliance

lawful authority requests

Provision of Personal Data

The provision of certain personal data is required to enter into and perform the contractual relationship with FinSuites (e.g. account registration, authentication and billing). Failure to provide such data may prevent FinSuites from providing the Services. Other data may be provided voluntarily.

7. Data Obtained from Third-Party Sources

Customers may connect third-party data sources to the Services, including advertising platforms, CRM systems, communication providers or social networks.

Personal data imported from such sources is processed solely on behalf of the customer and in accordance with the customer’s instructions. Customers are responsible for ensuring that a valid legal basis exists for the collection and import of such data.

8. Affiliate and Referral Programs

FinSuites operates affiliate and referral programs. Where users access the Services via an affiliate or referral link, FinSuites may process referral identifiers, attribution data and transactional information for commission calculation, fraud prevention and performance analysis.

Such processing is based on FinSuites’ legitimate interests (Art. 6(1)(f) GDPR) and, where required, consent. Affiliates act as independent controllers with respect to their own processing activities.

9. Cookies, Tracking Technologies and Consent Management

FinSuites uses cookies and similar technologies to operate, secure and improve the Services.

Cookie Categories

strictly necessary cookies

functional cookies

analytics cookies

marketing cookies

Legal Basis

strictly necessary cookies: legitimate interests

all other cookies: consent

A consent management platform (CMP) is used where required by law.
Non-essential cookies are not set prior to obtaining consent where required by applicable law.
Consent may be withdrawn at any time without affecting prior lawful processing.

Further details are provided in the separate Cookie Policy.

10. Subprocessors, Integrations and Marketplace Applications

FinSuites uses subprocessors to support the provision of the Services. A current list of authorized subprocessors, including their purpose and processing location, is made available here and may be updated from time to time.

Material changes to subprocessors will be communicated to customers where required by applicable data protection law.

Customers may enable integrations, marketplace applications or third-party services at their discretion. Such services process personal data under their own privacy policies. FinSuites is not responsible for the data processing practices of such third parties.

11. International Data Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area, including the United States.

Where required, FinSuites relies on appropriate safeguards, including:

the EU-U.S. Data Privacy Framework, where applicable, and/or

Standard Contractual Clauses (SCCs) adopted by the European Commission.

Not all service providers are certified under the EU-U.S. Data Privacy Framework.
Where personal data is transferred onward by subprocessors, equivalent safeguards are contractually required.

Personal data transferred internationally may be subject to access by public authorities in accordance with applicable law. FinSuites does not guarantee that such access will never occur.

Where SCCs are used, FinSuites may implement supplementary technical and organizational measures, such as encryption and access controls, and assess transfer-related risks where required by law.

12. Automated and AI-Assisted Features

The Services may include automated or AI-assisted features that support functionality and efficiency.

FinSuites does not engage in solely automated decision-making, including profiling within the meaning of Article 22 GDPR, that produces legal effects concerning individuals or similarly significantly affects them.

FinSuites does not use customer data to train independent or generalized artificial intelligence models for its own purposes.

13. Communication and Telephony Data

Where customers use communication features such as phone calls, SMS or messaging services (including WhatsApp integrations), FinSuites processes communication metadata (e.g. sender/recipient information, timestamps and delivery status) and, depending on configuration, message content solely on behalf of the customer.

Customers are responsible for ensuring that all required consents and legal bases for such communications are in place.

14. Data Retention and Deletion

Personal data is retained only for as long as necessary for the purposes described or as required by law.

Retention periods are determined based on the type of data, the purpose of processing and applicable legal obligations. For example:

account and billing data may be retained for statutory retention periods,

security and log data for limited periods necessary to ensure system integrity,

marketing data until consent is withdrawn or no longer required.

Upon account termination:

data is deleted or anonymized without undue delay, and

residual backup copies may remain temporarily in accordance with security procedures.

Data processed on behalf of customers is retained in accordance with the DPA.

15. Rights of Data Subjects

Where applicable, data subjects may have the right to:

access

rectification

erasure

restriction of processing

data portability

objection

withdrawal of consent

Requests may be submitted to [email protected].
FinSuites may require verification of identity and will respond within statutory timeframes.

Where FinSuites acts as processor, requests must be addressed to the relevant customer as controller.

Data subjects have the right to lodge a complaint with a competent supervisory authority.

16. Children and Minors

The Services are intended exclusively for business use and are not directed at children. FinSuites does not knowingly process personal data of individuals under the age of 16.

17. Do Not Track and Global Privacy Control

FinSuites does not currently respond to browser Do-Not-Track signals.
Where legally required, Global Privacy Control (GPC) signals may be honored.

18. Security Measures

FinSuites implements appropriate technical and organizational measures, including:

access controls

encryption of data in transit where appropriate

network security monitoring

role-based access restrictions

No system can be guaranteed to be completely secure.

19. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. The current version is always available on our website. Material changes will be communicated where required by law.

20. Contact Information

FinSuites, LLC
30 North Gould St Ste R
Sheridan, WY 82801
United States

Email: [email protected]

EU Representative:
FIN Capital GmbH
Lenzstraße 5
90408 Nürnberg
Germany