Privacy Policy

Last updated: 22 April 2025

1. Who We Are

Onpoint Finance ApS ("Onpoint", "we", "us") is a company registered in Denmark (CVR 46425170), with its registered office in Copenhagen, Denmark. We operate the Onpoint platform, which extracts and analyses invoice line items to help department managers track spend, compare supplier prices, and find savings opportunities.

Contact us at: privacy@onpoint.finance

2. Data We Collect

Account information

Name, work email address, company name, and job title when you create an account.

Invoice data

Invoice files (PDF, XML, CSV) and the structured line-item data we extract from them. This data belongs to you. We process it solely to provide the service described in our Terms.

Usage data

Log data (IP address, browser type, pages visited, timestamps) and product analytics (feature interactions, session duration). We use this to improve the product and diagnose errors.

Communications

Emails or messages you send us for support or sales enquiries.

3. How We Use Your Data

  • To provide and operate the Onpoint platform under your subscription agreement.
  • To process and analyse invoices on your behalf.
  • To send transactional emails (account verification, invoices, security alerts).
  • To improve and develop the product based on aggregate, anonymised usage patterns.
  • To comply with legal obligations.

We do not use your invoice data or extracted line-item data to train AI or machine-learning models. We do not sell your data to third parties.

4. Legal Basis (GDPR)

  • Contract performance - processing your invoices and running your account.
  • Legitimate interests - product analytics, security monitoring, and fraud prevention.
  • Legal obligation - accounting and tax records we are required to keep.
  • Consent - where we ask for it explicitly (e.g. marketing emails).

5. Data Processors and Sub-processors

We use a limited number of trusted service providers to run the platform. All are contractually bound to process your data only on our instructions and to meet GDPR requirements. Key sub-processors include:

  • Cloud infrastructure (EU-hosted servers)
  • Authentication provider
  • Error monitoring and logging
  • Payment processor (for billing data only)

You can request the current list of sub-processors by emailing privacy@onpoint.finance.

6. Data Storage and Security

All data is stored on servers located within the European Economic Area (EEA). Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access to production data is restricted to authorised personnel only.

7. Retention

We keep your account data and extracted invoice data for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where we are required by law to retain records (e.g. accounting data for 5 years under Danish bookkeeping law).

8. Your Rights Under GDPR

As a data subject you have the right to:

  • Access - request a copy of the personal data we hold about you.
  • Rectification - correct inaccurate data.
  • Erasure - ask us to delete your data ("right to be forgotten").
  • Restriction - ask us to restrict processing in certain circumstances.
  • Portability - receive your data in a machine-readable format.
  • Objection - object to processing based on legitimate interests.
  • Withdraw consent - where processing is based on consent.

To exercise any of these rights, email privacy@onpoint.finance. We will respond within 30 days. You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) at datatilsynet.dk.

9. Cookies

We use a small number of cookies: strictly necessary cookies for authentication and session management, and analytics cookies to understand how the product is used. You can control analytics cookies via your browser settings. We do not use advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the service after that date constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or to exercise your rights:
privacy@onpoint.finance
Onpoint Finance ApS, Copenhagen, Denmark