transmute
FeaturesPricingSecuritySign inGet started
DRAFT — pending legal review. This document is a working skeleton with product-accurate facts, not binding legal language. Do not rely on it. Final terms are subject to403 Finance, Inc. counsel review. TODO-confirm

Privacy Policy

Last updated: Not yet effective — draft

This Policy explains how 403 Finance, Inc. handles data in connection with the transmute Service. Our defining characteristic is statelessness: message contents are never persisted or logged. TODO-confirmdefinitive language pending counsel review.

1. Controller vs processor

For the message content you submit for conversion, you are the data controller and 403 Finance, Inc. acts as aprocessor — we process it solely to perform the conversion you request, in memory, and return the result. For youraccount and billing data, 403 Finance, Inc. is the controller.

2. What we process, and for how long

  • Message payloads (C1): in request-scoped memory only; never persisted or logged, except the two sanctioned exceptions — the idempotency cache (24h TTL) and the encrypted async batch store (results TTL ≤ 24h, inputs purged on completion).
  • Account & credentials (C2): email, company name, and API-key hashes (SHA-256). Retained while the account is active.
  • Tenant configuration (C3): webhook URLs, allowed CIDRs, mapping overrides. Deleted on instruction.
  • Usage & audit metadata (C4): message type, byte size, duration, status, warning counts, request ids, key prefixes — never message content. Retained for billing/audit and statutory periods.

3. Legal bases

Processing of message content is on your instruction under our agreement (processor). Account, billing and security-log processing rests on contract performance and our legitimate interest in operating and securing the Service. TODO-confirm.

4. Data location & transfers

All processing and metadata storage occur in the EU(Frankfurt, Germany), on Cloudflare compute and Neon/AWS managed Postgres. Sub-processors are listed on ourSub-processors page.

5. Your rights & erasure

Statelessness makes payload erasure trivial: for message content there is nothing to erase. For account/configuration data, contact us to access, correct, or delete. Batch data self-destructs within 24 hours and can be purged on demand.

6. Security

Credentials are hashed or sealed; secrets are never logged. See theSecurity page for the full posture and the data classification table.

7. Contact

Privacy enquiries: privacy@403fin.io.TODO-confirm data-controller legal address and any representative/DPO details.

transmute

API-first conversion and normalization for financial messages. Stateless by design — message bodies are never persisted or logged.

Product

FeaturesPricingSecurity & trustDocs

Company

Contact salesSupportReport a vulnerability

Legal

Terms of ServicePrivacy PolicySub-processors

'SWIFT' is a trademark of S.W.I.F.T. SCRL. transmute converts SWIFT MT messages; it is not affiliated with, endorsed by, or certified by SWIFT.

© 2026 403 Finance, Inc. · transmute is a 403 Finance, Inc. product.