Privacy Policy
Last updated: 17 June 2026
This Privacy Policy explains how Finansee collects and uses personal data when you visit our website at finansee.lt, when you create and use a Finansee account, and when you use our IFRS 16 calculation and reporting tools. It is written for our users and for the individuals whose information may appear in the lease portfolios our users build with Finansee.
By "Finansee," "we," "us" or "our," we mean MB RGD solutions, a Lithuanian small partnership (mažoji bendrija) that operates the Finansee service under the Finansee name. By "personal data," we mean any information that relates to an identified or identifiable individual.
Who is responsible for your data
The controller of the personal data described in this policy is:
MB RGD solutions Legal entity code: 308006606 Operating the Finansee service Contact: ask@finansee.lt
MB RGD solutions is the controller for personal data processed in connection with the Finansee website, account system, billing, security, analytics, communications and general operation of the Service.
Where a business customer enters personal data into Finansee portfolio content and we process that data on the customer's behalf under a separate Data Processing Agreement or other written agreement, the business customer is the controller for that customer-provided data and MB RGD solutions acts as processor. In that case, the separate agreement governs that processing.
Where you use Finansee to store information about other people — for example individual lessors, named-employee leases, or counterparties — you are responsible for that information and for ensuring you have a lawful basis to enter it into Finansee.
For all privacy-related questions, requests and complaints, please contact ask@finansee.lt.
Scope of this policy
This Privacy Policy applies to:
- visitors of the Finansee website at finansee.lt;
- users of the Finansee account system (registration, sign-in, password recovery and account management);
- users of the Finansee finance tools, including the IFRS 16 calculator;
- customer representatives and invited users who are given access to a shared portfolio or a customer workspace; and
- persons who contact Finansee with a question, request or report.
The personal data we process
We process the following categories of personal data:
Account information. When you register, we collect your email address, your name, your password (which we store only in hashed form) and, where you choose to provide it, the name of the company you work for. We record the date you registered and the status of your account.
Sign-in and session information. When you sign in, we create a server-side session and a session cookie that lets you stay signed in across pages. We record the time you signed in and may record your IP address and browser user-agent for security purposes.
Password recovery information. When you request a password reset, we generate a reset token, store it together with an expiry time, and email the reset link to the email address associated with your account.
IFRS 16 portfolio data. When you save a lease portfolio to Finansee, we store the information you have entered — for example company names, lease names, asset classes, lease commencement and end dates, payments, discount rates, modifications, termination data and reporting tables. Some of this information may be personal data if you choose to enter the names of individual lessors, named-employee leases, named counterparties or free-text notes about identified people.
Team sharing and shared portfolio access. When you share a saved portfolio with other Finansee users, we process information needed to grant, maintain and remove that access — for example the email addresses of users you invite, the identity of the portfolio owner, the list of users with access to each shared portfolio, the access permissions, and records of the events by which access was granted, modified or removed. Users who have been granted access to a shared portfolio can see the portfolio content while the access is in place.
Excel export files. When you generate an Excel export, the file is created on our servers and delivered to your browser for download. Once you have downloaded the file, copies of it sit on your device and on any further locations you choose to send it; those copies are outside Finansee's control.
Support and communications data. When you contact us, we process the content of your message together with your email address, your name and any organisation details or other information you choose to include.
Billing and contract data. Where you order a paid subscription plan or enter into a separate written agreement with us, we process billing and contract information — for example company details, billing contact details, invoice records, contract records and, in due course, payment-processor identifiers.
Usage analytics. We use Cloudflare Web Analytics to understand how our website is used. According to Cloudflare's own documentation, this product does not place cookies or use local storage for usage metrics, and does not use IP address or user-agent fingerprinting to identify visitors. The analytics signals Finansee receives are aggregate page-level metrics, not individual user profiles.
Service and security logs. Our hosting infrastructure generates technical logs that may include IP addresses, request timestamps, error traces and similar information that helps us operate the service securely.
We do not seek to collect special categories of personal data within the meaning of Article 9 of the GDPR — for example data about health, religion, ethnicity or trade-union membership. Please do not enter that kind of information into Finansee. If we become aware that such information has been entered, we will remove it.
Where your data comes from
We obtain personal data from the following sources:
- From you or your customer — the information you provide when you register, sign in, save portfolios, share access, contact us, or enter into a paid plan or written agreement.
- Generated automatically when you use the website or service — technical and usage data such as session data, IP address, device and browser information, and aggregate analytics signals.
- Generated by the Finansee application — account, session, portfolio, sharing, export and security-log data created as you use the service.
- From another authorised user or customer — for example where a portfolio is shared with you or you are invited to a shared portfolio or customer workspace, we receive the information needed to give you that access.
- From our service providers — limited data received from the providers we use to host, secure and operate the service (for example delivery and bounce records from our email provider).
Why we process your data, and our lawful basis
We process personal data for the purposes set out below. The lawful bases we rely on under Article 6 of the GDPR are:
- Performance of a contract or pre-contractual steps (Article 6(1)(b)) — to create and operate your account, authenticate you, run the calculations and exports you request, enable team sharing you set up, administer paid plans, and respond to your requests.
- Legitimate interests (Article 6(1)(f)) — to operate, secure, improve and administer the service, to prevent and respond to abuse and fraud, to keep you informed about the service, and to establish, exercise or defend legal claims.
- Compliance with a legal obligation (Article 6(1)(c)) — to meet accounting, tax and recordkeeping requirements and to respond to lawful requests from public authorities.
- Consent (Article 6(1)(a)) — where a specific, optional processing activity depends on your consent (for example a future analytics or marketing technology that requires it). Where we rely on consent, you can withdraw it at any time.
We do not rely on consent where performance of a contract, a legal obligation or our legitimate interests is the more appropriate basis. Where we rely on our legitimate interests, we have considered your interests and rights and have concluded that our processing is proportionate. You can ask us about that assessment using the contact details below.
How we process your data
The table below sets out our main processing activities, the personal data involved, the legal basis, and our typical retention approach.
| Processing activity / purpose | Categories of personal data | Legal basis | Typical retention approach |
|---|---|---|---|
| Website operation and analytics — operating the public website and understanding aggregate usage. | IP address, browser/device information, approximate usage events, page visits, technical logs, Cloudflare Web Analytics data. | Legitimate interest in operating and improving the website (Art. 6(1)(f)); consent where required by applicable cookie/analytics rules (Art. 6(1)(a)). | According to tool settings and operational need. |
| Account registration and authentication — creating and managing your account and keeping you signed in. | Email address, name (if provided), company name (if provided), password hash, account status, login and session data. | Performance of a contract (Art. 6(1)(b)); legitimate interest in security (Art. 6(1)(f)). | While the account exists, and for a reasonable period afterwards where needed for security, legal or operational purposes. |
| Password recovery and account security — letting you reset your password and protecting the account. | Email address, reset-token metadata, security logs, timestamps, IP/device data. | Performance of a contract (Art. 6(1)(b)); legitimate interest in security and abuse prevention (Art. 6(1)(f)). | A limited period needed for security and abuse prevention; reset tokens only while valid. |
| IFRS 16 portfolio and calculator use — storing and retrieving portfolios and running the calculations and reports you request. | User-entered portfolio data, lease names, company names, assumptions, calculation inputs, generated results, reporting periods, saved portfolios. | Performance of a contract (Art. 6(1)(b)); legitimate interest in operating the service (Art. 6(1)(f)). | While the account or customer relationship exists, unless deleted earlier by the user/customer, or retained where necessary for legal or security reasons. |
| Team sharing / portfolio sharing — granting, maintaining and removing access to shared portfolios. | Invited user email, portfolio owner identity, access permissions, shared portfolio metadata, access events. | Performance of a contract (Art. 6(1)(b)); legitimate interest in providing the requested feature (Art. 6(1)(f)). | While the sharing relationship or the account/customer relationship exists, and for reasonable security/audit periods. |
| Excel exports and reports — generating working files you download. | Export metadata, generated files where processed server-side, timestamps, user/account identifiers. | Performance of a contract (Art. 6(1)(b)); legitimate interest in operating the service (Art. 6(1)(f)). | Export generation is transient; the file is produced and delivered for download. Related metadata may appear in service logs and follows the log-retention approach. Once downloaded, exported files are controlled by the user/customer. |
| Customer support and communications — handling questions, requests and reports. | Email address, name, organisation, message content, support history. | Performance of a contract (Art. 6(1)(b)); legitimate interest in supporting users (Art. 6(1)(f)). | As long as needed to handle the request and maintain service records. |
| Billing, contracts and accounting — administering paid plans and written agreements. | Customer representative data, company details, invoice/contact data, billing records, contract records. | Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)); legitimate interest (Art. 6(1)(f)). | According to accounting, tax and legal recordkeeping obligations. |
| Security, abuse prevention and legal claims — protecting the service and handling disputes. | Logs, account activity, IP/device data, suspicious-activity indicators, correspondence and records relevant to claims. | Legitimate interest in security and defending claims (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)). | As long as reasonably necessary for security, compliance and legal claims. |
How long we keep your data
We keep personal data for as long as we need it to provide the service and to meet our legal obligations. The table above sets out our typical retention approach for each activity. In summary:
- Account information is kept for as long as your account is active. After you close your account, we retain a limited amount of information for a period sufficient to resolve disputes, prevent abuse, and meet our legal, accounting and tax obligations, and then we delete or anonymise it.
- Cloud portfolio data is kept until you delete the portfolio, or until your account is closed and the post-closure retention period has elapsed.
- Session information is retained for the duration of the session and for a short security-review window after sign-out.
- Password reset tokens are kept only as long as they are valid (typically minutes), and a limited record is retained afterwards for security review.
- Service and security logs are retained for a limited period that we consider proportionate to security review and abuse investigation, and then deleted or aggregated.
- Analytics data is retained for the period set by Cloudflare for the Cloudflare Web Analytics product.
- Billing and contract records are retained for the periods required by Lithuanian accounting and tax law.
Personal data may continue to exist for a limited period in our hosting provider's backups after it has been deleted from the live service, in line with that provider's backup retention. We do not restore deleted personal data from backups except for disaster-recovery purposes.
Please note that deleting a saved cloud portfolio removes that portfolio from your account's cloud storage. It does not by itself close your Finansee account, and it does not delete copies of the portfolio you may have already exported to Excel or saved on your own device. To close your account, please contact us using the details below.
Who we share your data with
We share personal data only with the parties needed to provide the Finansee service, and only the data reasonably necessary for the relevant purpose. Recipients may include:
- Hosting and infrastructure providers — to host and run the application and database;
- Analytics and security providers — to provide DNS, edge security and website analytics;
- Email delivery providers — to deliver transactional emails such as password-reset messages;
- Professional advisers — for example accountants or legal advisers, where needed;
- Public authorities, regulators or courts — where we are required to disclose personal data by law, or where it is necessary to exercise or defend legal rights; and
- Other authorised users within your organisation or shared workspace — where you or your customer enables team sharing, the relevant portfolio content and access information are visible to the users you grant access to.
We maintain a Subprocessors page with information about the main service providers we use. We update that page when we add or materially change service providers that process personal data on our behalf.
We do not sell personal data, and we do not share personal data with third parties for their own marketing purposes.
International transfers
We work with infrastructure and service providers that may store or transmit personal data outside the European Economic Area — for example global content-delivery, analytics and email-sending services. Where that happens, we rely on appropriate safeguards permitted under Chapter V of the GDPR, including the European Commission's Standard Contractual Clauses, together with the service provider's technical and organisational measures.
You may contact us at ask@finansee.lt for more information about the safeguards used for international transfers, including how to obtain a copy where applicable.
The Subprocessors page provides further information about the main service providers we use, including available information about processing locations and transfer safeguards.
Your rights
If we hold personal data about you, you have the following rights under the GDPR:
- Right to be informed — to know how your personal data is collected and used, as described in this policy.
- Right of access — to ask us for a copy of the personal data we hold about you.
- Right to rectification — to ask us to correct personal data that is inaccurate or incomplete.
- Right to erasure — to ask us to delete personal data, in the circumstances set out in the GDPR.
- Right to restriction — to ask us to restrict the way we process your personal data, in the circumstances set out in the GDPR.
- Right to object — to object to processing that we carry out on the basis of our legitimate interests. Where you object, we will stop processing your personal data for those purposes unless we have compelling legitimate grounds that override your rights or we need to use the data to establish, exercise or defend legal claims.
- Right to data portability — where applicable, to receive certain personal data you have given to us in a structured, commonly used and machine-readable format, or to have it transmitted to another controller where this is technically feasible.
- Right to withdraw consent — where we rely on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
- Right to lodge a complaint — you have the right to lodge a complaint with the competent supervisory authority. In Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI), whose website is vdai.lrv.lt. You may also complain to the supervisory authority in your country of residence, place of work or place of the alleged infringement.
How we respond to requests
We respond to data subject requests without undue delay and, in any event, within one month of receipt of the request. Where necessary due to the complexity or number of requests, this period may be extended by up to two additional months, in which case we will inform the requester of the extension and the reasons for it.
To protect your information, MB RGD solutions may request additional information where needed to verify the requester's identity. Where you are exercising rights on behalf of someone else, we may ask for evidence of your authority.
Cookies and analytics
Finansee uses a small number of cookies that are strictly necessary to operate the service — for example to keep you signed in, maintain secure sessions, and provide network-edge security through Cloudflare. These cookies do not require your consent.
We use Cloudflare Web Analytics to understand site usage. As described above, Cloudflare's documentation states that this product does not place cookies or use local storage for usage metrics, and does not use IP address or user-agent fingerprinting to identify visitors. If we introduce any analytics or marketing tool that uses cookies, local storage or similar technologies, we will update this policy and provide an appropriate consent mechanism before that tool goes live.
Further information about each cookie we use is provided in our Cookie Notice.
Security
Protecting your data matters to us. We use technical and organisational measures designed to protect personal data, including encrypted connections (HTTPS) between your browser and our servers, hashed storage of passwords, server-side session management, per-user isolation of stored data, edge security provided by Cloudflare, and controls over how our team accesses production systems.
No service can guarantee absolute security. If a personal data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, we will notify the Lithuanian State Data Protection Inspectorate without undue delay and, where required, within 72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay.
Automated decision-making
We do not make decisions that produce legal effects concerning you, or that similarly significantly affect you, solely by automated means within the meaning of Article 22 of the GDPR. The IFRS 16 calculations Finansee performs are mathematical operations carried out on data you provide; they are not decisions about you.
Finansee is a calculation and workflow support tool. It does not provide accounting, audit, tax, legal, investment or other professional advice. Outputs are generated from the data and assumptions you enter and should be reviewed by qualified professionals before being used for financial reporting, audit, tax or regulatory purposes.
Business customers
If you use Finansee in the course of your business and we have entered into a separate written agreement that includes data-protection terms, that agreement governs how we process personal data you provide as part of your use of Finansee. In that case, this Privacy Policy continues to govern the personal data we collect from you and your colleagues as Finansee account holders and website visitors.
Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be published on the website, and the "Last updated" date at the top of this page shows when the most recent changes were made. For material changes, we may provide additional notice through the website, the account interface or by email where appropriate. Earlier versions of this policy are available on request.
Contact
For all privacy-related questions, requests and complaints, please contact us at ask@finansee.lt.
You can also reach us through the website at https://finansee.lt/.
You have the right to lodge a complaint with the Lithuanian State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, VDAI), whose website is vdai.lrv.lt, or with the supervisory authority in your country of residence, place of work or place of the alleged infringement.
— End of Privacy Policy —