Home About Implementation Features Pricing Contact
Sign In Sign Up

Privacy Policy

How FINORYS collects, uses and protects personal data when you use OptiBFR.

Last updated: August 17, 2025
This Privacy Policy explains how FINORYS ("FINORYS", "we", "us") processes personal data in connection with the OptiBFR platform (the "Service"). We are based in Béthune, France, and provide EU-hosted services for our customers.

1) Who We Are & Roles

For data you enter into OptiBFR (e.g., debtors, invoices, contacts), your organization is typically the Data Controller and FINORYS acts as Data Processor. For our own website analytics, billing, and account communications, FINORYS is the Data Controller.

2) Data We Process

  • Account Data: name, email, company, role, authentication data.
  • Billing Data: plan, invoices, payment confirmations, tax info.
  • Service Data (Customer Data): invoices, debtor details, contacts, notes, attached PDFs.
  • Usage & Technical Data: logs, device/browser info, IPs, activity for security and analytics.
  • Communications: support requests, feedback, emails/SMS sent via the platform.

3) Purposes & Legal Bases

  • Provide & improve the Service (performance of a contract).
  • Account & billing administration (contract / legal obligation).
  • Security, fraud prevention, audit (legitimate interests / legal obligation).
  • Support & communications (contract / legitimate interests).
  • Marketing to business contacts with opt-out (legitimate interests / consent where required).
  • Compliance with applicable laws and requests from authorities (legal obligation).

4) EU Hosting, Transfers & Subprocessors

We aim to host Customer Data in the EU. We may use vetted subprocessors (e.g., cloud hosting, email/SMS providers, analytics) under written agreements and data protection terms. Some providers may be located outside the France/EU; where so, we implement appropriate safeguards (e.g., SCCs) as required by GDPR/France GDPR.

5) Data Retention

We retain personal data for as long as necessary to provide the Service and meet legal, accounting, or reporting requirements. Customer Data is retained according to your subscription and deletion settings; upon termination we delete or return Customer Data per contract and applicable law.

6) Security

We implement technical and organizational measures including EU hosting, encryption in transit and at rest where applicable, role-based access control, and audit logs. No method of transmission or storage is 100% secure; we work continuously to improve our safeguards.

7) Your Rights

Subject to applicable law, you may have rights to access, rectify, erase, restrict, object, port data, and withdraw consent. If we act as Processor, please direct requests to your Controller (your organization). We will assist where required.

8) Cookies & Similar Technologies

We may use necessary cookies for authentication and operation, and optional cookies or similar technologies for analytics or product improvement. Where required, we request your consent. You can manage preferences via your browser and (if available) our cookie banner.

9) Children

The Service is intended for business users and not for children under 16. We do not knowingly collect personal data from children.

10) Disclosures

We may share personal data with:

  • service providers/subprocessors under contract;
  • your authorized users and administrators;
  • professional advisors (legal, tax, audit) under confidentiality;
  • authorities when required by law; and
  • a successor entity in connection with a merger, acquisition or reorganization.

11) International Users

If you access the Service from outside the EU/France, your data may be processed in the EU/France and other countries with different data protection laws. We apply safeguards described above.

12) Marketing Preferences

You can opt out of marketing emails at any time via the unsubscribe link. Transactional/service communications are still required for your account.

13) Changes to this Policy

We may update this Privacy Policy periodically. Material changes will be notified in-app or by email. Continued use after the effective date constitutes acceptance.

14) Contact

For privacy questions or to exercise rights, contact us at privacy@optibfr.com.
Controller/Provider: FINORYS, Béthune, France.

15) Data Processing Addendum (DPA)

If your organization requires a signed DPA, please email admin@optibfr.com. We will provide our standard DPA incorporating EU Standard Contractual Clauses (and France Addendum where applicable).

Create account Request a demo Request a call back