Privacy Policy

1. Introduction

Welcome to Fiscify ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding the collection, use, and disclosure of your personal data when you use our mobile application and services (collectively, the "Service").

By using Fiscify, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Data Controller

Legal Entity: Fiscify LLC
Registered State: Wyoming, United States
Contact Email: support@fiscify.com
Website: fiscify.com

For the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws, Fiscify LLC is the data controller responsible for your personal information.

3. Information We Collect

We collect several types of information to provide and improve our Service:

3.1. Account Information

• Email Address: Required for account creation and communication
• Name: Collected during account registration
• Authentication Credentials: Securely stored authentication information

3.2. Financial Data

• Transaction Information: Amounts, dates, merchants, categories, and descriptions of your financial transactions
• Account Information: Financial account details (when you connect accounts via Plaid)
• Budget Information: Budget categories, limits, and spending patterns
• Bank Credentials: When you choose to connect bank accounts through Plaid, your banking credentials are processed by Plaid in accordance with their privacy policy. We do not store your banking credentials directly.

3.3. Content You Provide

• Voice Recordings: Audio recordings when you use voice input to log transactions
• Receipt Photos: Images of receipts you upload for transaction extraction
• Transaction Notes: Any notes or descriptions you add to transactions

3.4. Device and Technical Information

• Device Information: Device type, operating system, device identifiers
• Usage Data: Information about how you interact with the Service, including features used and time spent
• IP Address: Collected for security and analytics purposes
• App Version: Version of the Fiscify app you are using

4. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve our Service
• To process and categorize your financial transactions
• To generate insights and reports about your spending
• To enable AI-powered transaction parsing and categorization
• To send you service-related notifications and updates
• To respond to your inquiries and provide customer support
• To protect the security and integrity of our Service
• To comply with applicable laws and regulations

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contractual Necessity (Article 6(1)(b)): Processing necessary to provide the Service you have requested
• Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving our Service, security, and fraud prevention
• Consent (Article 6(1)(a)): Where you have provided explicit consent, such as for marketing communications or optional features
• Legal Obligation (Article 6(1)(c)): Processing required to comply with legal obligations

6. Third-Party Services and Data Processors

We use the following third-party services that may process your personal data:

• Supabase: Database, authentication, and file storage (United States) - Privacy Policy
• OpenAI: AI-powered transaction parsing (United States) - Privacy Policy. We have configured OpenAI to not use your data for training their models.
• Google Vision API: OCR for receipt scanning (United States) - Privacy Policy
• Plaid: Bank account aggregation (United States) - Privacy Policy
• Google Analytics & PostHog: Analytics and usage tracking (United States)
• Google Play Billing: Payment processing (United States)

Data Anonymization: Before sending any data to OpenAI for transaction parsing, we remove all personally identifiable information (PII). Only anonymized transaction data (amounts, categories, merchant names, dates) is sent to OpenAI for processing.

7. Data Transfers Outside the EU/EEA

Many of our third-party service providers are located in the United States, which is outside the European Economic Area (EEA). When we transfer your personal data to these providers, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses with our data processors
• Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission
• Processor Agreements: All third-party processors are bound by data processing agreements that require them to protect your data in accordance with GDPR standards

8. Data Retention and Deletion

We retain your personal data for as long as necessary to provide the Service. When you request account deletion, we will delete your personal data immediately upon your request. Some data may remain in backup systems for a limited period (typically up to 30 days) but will not be accessible or used for any purpose.

9. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure (Article 17): Request deletion of your personal data
• Right to Restrict Processing (Article 18): Request that we limit how we use your personal data
• Right to Data Portability (Article 20): Receive your personal data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing of your personal data
• Right to Withdraw Consent: Withdraw your consent at any time

You can exercise these rights by using in-app settings and features (where available) or by sending an email to support@fiscify.com. We will respond to your request within one month.

10. Cookies and Tracking Technologies

We use essential cookies (required for the Service to function), analytics cookies (Google Analytics, PostHog), and marketing cookies. We obtain your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your device settings or our app settings.

11. Security Measures

We implement industry-standard security measures to protect your personal data:

• End-to-End Encryption (E2EE): Sensitive data is encrypted before transmission
• TLS/SSL: All data in transit is encrypted using Transport Layer Security
• Encryption at Rest: Data stored in our databases is encrypted
• Two-Factor Authentication (2FA): Available for enhanced account security
• Security Audit Logs: We maintain security audit logs to monitor access

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify supervisory authorities within 72 hours (as required by GDPR Article 33) and notify affected users without undue delay if the breach is likely to result in a high risk (as required by GDPR Article 34).

13. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@fiscify.com.

14. AI Processing and Data Training

We use artificial intelligence services (specifically OpenAI) to process your transaction data. Before sending any data to AI services, we remove all personally identifiable information. We do not use your personal data to train AI models. We have configured our AI service providers to ensure your data is not used for model training or improvement.

15. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share your personal data with advertisers or data brokers. We share data only with trusted service providers who assist us in operating our Service, subject to strict data processing agreements.

16. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: support@fiscify.com
Subject Line: Privacy Inquiry

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority. You can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy on our website, sending an email notification, or displaying a notice in the app. Your continued use of the Service after we post changes constitutes your acceptance of those changes.