The Finance Operations Index

Privacy Policy

Last updated: February 15, 2026

1. Who We Are

The Finance Operations Index ("we", "us", "our") is operated by MRU Consulting Pty Ltd (ABN to be confirmed), based in Australia. We provide a free AI-powered assessment tool that scores finance operations and provides personalized recommendations.

For privacy inquiries, contact us at: privacy@finopsindex.com

2. What Data We Collect

We collect the following information when you use our assessment:

  • Assessment responses — your answers to the 12 assessment questions, including industry, company size, role, AP team size, and monthly invoice volume.
  • Email address — provided voluntarily at the end of the assessment to receive your report.
  • Usage data — anonymized analytics about how you interact with the site (pages visited, assessment progress). We use cookieless analytics that do not track you across sites or sessions.

We do not collect:

  • Your name or company name (unless you voluntarily provide it)
  • Payment information (our assessment is free)
  • Data from cookies, localStorage, or browser fingerprinting

3. How We Use Your Data

  • Generate your report — your assessment responses are processed by our AI engine to produce your personalized Finance Operations Index report.
  • Deliver your report — we use your email address to send you a link to your report.
  • Follow-up emails — after your report, we may send up to 7 optimization tips over 30 days. Every email includes an unsubscribe link.
  • Aggregate benchmarking — we use anonymized, aggregated assessment data to produce industry benchmarks. Individual responses are never shared.
  • Improve our service — anonymized usage analytics help us understand which parts of the assessment and report are most useful.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or a jurisdiction with similar data protection laws:

  • Consent — by submitting your email address, you consent to receiving your report and follow-up emails.
  • Legitimate interest — we process anonymized assessment data for benchmarking purposes, which is a legitimate business interest that does not override your rights.

5. Data Storage and Retention

  • Reports are stored on Cloudflare's global network (Cloudflare Workers KV) and retained for 1 year from generation, then automatically deleted.
  • Email addresses are stored with your report and retained for the same 1-year period.
  • Analytics data is processed by PostHog (US-based) using cookieless, session-only tracking. No persistent identifiers are stored on your device.
  • Email delivery is handled by SendGrid (Twilio Inc., US-based) under their privacy policy.

6. Data Sharing

We do not sell your data. We share data only with:

  • Cloudflare — infrastructure hosting (data processing agreement in place).
  • SendGrid (Twilio) — email delivery only.
  • PostHog — anonymized, cookieless analytics only.
  • Groq — AI processing of your assessment (no PII is sent to the AI model; only anonymized assessment scores and industry data).

Our report may include links to third-party tools we recommend. If you click those links and make a purchase, we may receive a referral commission. The third party does not receive your data from us.

7. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access your data — request a copy of the data we hold about you.
  • Rectify your data — correct any inaccurate information.
  • Delete your data — request we erase your data ("right to be forgotten").
  • Restrict processing — ask us to limit how we use your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — unsubscribe from emails at any time; request data deletion.
  • Object to processing based on legitimate interest.

To exercise any of these rights, email privacy@finopsindex.com with your report ID (found at the bottom of your report page). We will respond within 30 days.

8. Cookies and Tracking

We do not use cookies. Our analytics (PostHog) run in cookieless mode with in-memory session tracking only. No data is stored on your device. No cross-site tracking occurs. No browser fingerprinting is performed.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place, including standard contractual clauses where required by applicable law (GDPR Article 46).

10. Children's Privacy

Our service is designed for business professionals and is not directed at individuals under 16. We do not knowingly collect data from children.

11. California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA:

  • Right to know what personal information we collect and how it is used.
  • Right to delete your personal information.
  • Right to opt out of the "sale" of personal information. We do not sell personal information.
  • Right to non-discrimination for exercising your rights.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be noted with a revised "Last updated" date. Continued use of the service after changes constitutes acceptance.

13. Contact

For any privacy-related questions or data requests:
Email: privacy@finopsindex.com
MRU Consulting Pty Ltd, Australia