Privacy Policy

Last updated: 26 June 2026

Deepfin ("Deepfin," "we," "our," or "us") provides an AI-powered ESG and impact assessment platform. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website, use our platform as a named user, or otherwise interact with us directly, and describes the rights available to you.

This Policy covers Deepfin acting as a data controller — for example, your details if you visit deepfin.so, request a demo, hold a platform account, or contact us. It does not cover the substantive content that our clients submit to the platform for ESG and impact assessment (for example, information about a portfolio company or its personnel). For that data, Deepfin acts as a data processor on the client's instructions, and the client is the controller. That processing is governed by the Data Processing Agreement between Deepfin and the relevant client, not by this Policy. If your personal data has been submitted to Deepfin by one of our clients, please direct any data protection queries to that client in the first instance, as they determine how and why your data was submitted.

1. Who we are

Deepfin is operated by Deep Financial Solutions Limited, a company incorporated in England and Wales with company number 17297031. For data protection queries, contact us at klara@deepfin.so.

2. What personal data we collect

Depending on how you interact with us, we collect:

Contact information you provide — name, email, job title, company — when you request a demo, contact us, or sign up to use the platform.
Account information if you or your organisation use the platform — login credentials, role/permissions, and in-platform activity logs.
Technical and usage data collected automatically when you visit deepfin.so — IP address, browser/device type, pages viewed.
Communications you send us, such as support requests or feedback.

We do not currently use cookies, analytics, or similar tracking technology on deepfin.so.

We do not seek or require special categories of personal data (such as health, biometric, or data revealing racial or ethnic origin) through our website or direct platform interactions.

3. How we use personal data, and our legal basis

We only use personal data for the purposes below, and only where UK/EU GDPR gives us a valid legal basis to do so:

Operating deepfin.so and providing the platform to account holders — contract / legitimate interests
Creating and administering user accounts, and authenticating access — contract / legitimate interests (platform security)
Responding to enquiries and support requests — legitimate interests / steps to enter into a contract
Sending marketing communications — consent (where required) or legitimate interests, with an opt-out always available by emailing us
Complying with legal obligations, and establishing or defending legal claims — legal obligation

We do not use personal data for any automated decision-making or profiling that produces legal or similarly significant effects on individuals.

4. Who we share personal data with

We do not sell personal data. We share it only with:

Sub-processors and service providers who support our website and platform infrastructure, each bound by appropriate data protection terms.
Professional advisers (e.g. lawyers, accountants), where necessary for our legitimate business purposes.
Regulators or authorities, where required by law.
A buyer or successor entity on a merger, acquisition, or sale of assets, subject to the protections in this Policy continuing to apply.

Our current sub-processors are listed in our Sub-processors List, which we maintain and update separately from this Policy so that it always reflects our current vendors.

5. International data transfers

Our primary infrastructure is hosted in the European Union. Some sub-processors on our Sub-processors List may be based outside the UK and EU (for example, in the United States). Where personal data is transferred outside the UK or EU, we rely on appropriate safeguards as established by our sub-processors.

6. How long we keep personal data

We keep personal data only for as long as necessary for the purposes in this Policy. Account data is generally retained for the duration of your organisation's relationship with Deepfin, and deleted within 30 days of that relationship ending, unless a longer period is required by law. Enquiry and contact data is kept only as long as reasonably necessary to respond to and follow up on the enquiry.

7. Your rights

Subject to certain exemptions, you have the right to:

Access a copy of the personal data we hold about you;
Have inaccurate or incomplete data corrected;
Request deletion of your personal data;
Object to, or request restriction of, certain processing, including direct marketing;
Receive certain personal data in a portable format, where applicable;
Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at klara@deepfin.so. We will respond within the timeframe required by law. If you are not satisfied with our response, you may complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority if you are based in the EU.

If your personal data was submitted to Deepfin by a client rather than provided by you directly, please direct rights requests to that client in the first instance — see the second paragraph of this Policy.

8. Security

We take appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls on a need-to-know basis, and logical segregation of client data.

9. Children's data

Our website and platform are intended for business use by professional adults and are not directed at children. We do not knowingly collect personal data from children.

10. Changes to this Policy

We may update this Policy to reflect changes in our practices, technology, or legal requirements. We will post the updated version with a revised 'Last updated' date.

11. Contact us

Email: klara@deepfin.so