← Back to caast.tech

Compliance

Caast commitment to privacy

Our products are built to be private by design. This page summarizes how Caast Technologies (“Caast”, “we”, “us”) handles personal data inside the Caast managed finance data platform and Finance AI Agents. Questions? Email [email protected].

Who we are

Caast Technologies builds Finance AI Agents and a managed finance data platform for professional customers such as startups and scale-ups.

Scope and roles

This page applies when you or your organization use the Caast managed finance data platform and Finance AI Agents (the “Platform”).

For most customer-provided content inside the Platform (“Customer Data”), we act as a Data Processor under GDPR and process it only on your documented instructions. For our own account administration, billing, product analytics, and marketing activities, we act as a Data Controller.

If you are an employee or user of one of our customers and have questions about how your employer uses the Platform, please contact your organization’s administrator first. If you have questions about how Caast handles data inside the Platform, you can contact us directly at [email protected].

Data we process

Depending on your role, we may handle:

  • Identification & contact details (name, business email, company, role) – provided by you or your admin so we can create and manage accounts and communicate with you.
  • Finance platform content (for example: general ledger data, invoices, bank transactions, budgets and forecasts, and other financial datasets you or your systems connect) – pulled from the tools and data sources you authorize so that Finance AI Agents can operate on your behalf.
  • Integration & connector metadata (OAuth 2.0 tokens, configuration and identifiers for connected third‑party tools such as banks, ERPs, CRMs, or BI tools) – used only to maintain secure, scoped connections to your systems.
  • Usage and telemetry data (device/browser metadata, actions taken in the app, performance and error logs) – captured by our logging and monitoring tooling so we can keep the Platform reliable and secure.
  • Support & commercial records (support tickets, implementation notes, agreements, billing and payment status) – used to deliver support, manage subscriptions, and fulfil our contractual and legal obligations.

How we use data

We rely on contract performance, legitimate interest, or consent (where required) to:

  • Provide and improve the Caast platform and Finance AI Agents, including personalization and troubleshooting.
  • Send service announcements, invoices, and optional marketing updates (you can opt out anytime).
  • Meet legal obligations, such as tax, accounting, and security reporting.

We also use aggregated or pseudonymised data where possible for internal development: testing, research, performance analysis, and improving our agents and platform. When we need to look at identifiable Customer Data (for example, when troubleshooting a specific incident), access is strictly limited to authorized personnel and logged.

Caast does not sell personal data. We only share it with trusted processors (cloud infrastructure, email providers, product analytics, and similar service providers) under written agreements.

AI models and foundational providers

The Platform uses third‑party AI infrastructure and foundational model providers to run Finance AI Agents. These providers act as data processors to Caast and may process prompts, model inputs, and outputs solely to deliver the requested functionality.

We configure these providers and our contracts with them so that Customer Data is not used to train publicly available models. Where a provider offers “no training” or “zero data retention” options, we enable them or choose equivalent privacy‑preserving settings.

Third‑party tools you connect to Caast

You can connect third‑party tools (for example, banks, accounting systems, CRMs, data warehouses, or BI tools) to the Platform so that Finance AI Agents can access up‑to‑date data and execute workflows.

For those customer third‑party tools, connections are established using OAuth 2.0 or similar delegated access standards with static callback URLs. We never ask you for raw passwords to these systems. We only request the scopes needed for the agreed workflows and use the resulting data exclusively to provide the services to your organization.

Retention & location

Customer data is hosted with trusted cloud providers, typically in the EU, and retained only as long as needed to deliver the service or comply with legal requirements. When contracts end, customers can request deletion or export by contacting us. Backups follow the same lifecycle, although some records (for example invoices and basic account information) may be kept for longer where required by applicable accounting, tax, or regulatory rules.

Your rights

Subject to GDPR and other local laws, you can request:

  • Access or a copy of the data we hold.
  • Correction, deletion, or restriction of processing.
  • Data portability for content you provided.
  • Objection to marketing communications.

Send requests to [email protected]. We may need to verify your identity before fulfilling them. You can also lodge a complaint with your local supervisory authority.

International transfers

If we move data outside the EU/EEA (for example, to sub-processors that provide support tooling), we rely on contractual safeguards such as the EU Standard Contractual Clauses.

Staying up to date

We review this page periodically. When material changes occur, we will post the update date here and notify affected customers through the product or email.