Privacy Policy

1. Introduction

Fiscura Inc. ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automated bookkeeping service (Fiscura) and credit card statement extraction service (CreditCardExtraction.com).

2. Information We Collect

Personal Information

• Account Information: Name, email address, phone number
• Business Information: Business name, type, address, tax ID
• Authentication Data: Login credentials, 2FA settings
• Payment Information: Processed securely through third-party providers

Financial Data

• Receipt Data: Images, amounts, merchants, dates, categories
• Bank Transactions: Via Plaid integration (transaction history, balances)
• Credit Card Statements: Uploaded PDFs/images for extraction (CreditCardExtraction.com)
• Card Information: Last 4 digits only (PCI DSS compliant)
• Tax Information: Deductions, business expenses, categorizations
• Analytics Data: Spending patterns, financial health metrics
• Mileage Data: GPS locations, trip distances, purposes, customer/job details
• API Usage: Account Codes, extraction logs, credit usage

Technical Information

• Device Data: IP address, browser type, operating system
• Usage Data: Features used, time spent, interaction patterns
• Cookies: Session management, preferences, analytics
• Mobile App Data: Device ID, app version, location permissions status

3. How We Use Your Information

We use your information to:

• Provide and maintain our Services
• Process receipts and categorize expenses automatically
• Extract transactions from credit card statements (CreditCardExtraction.com)
• Support multi-card business statements with per-card analytics
• Match bank transactions with receipts
• Generate financial reports and analytics
• Provide AI-powered bookkeeping assistance (Carl)
• Calculate tax deductions and savings
• Track business mileage for IRS-compliant deductions
• Link receipts to specific trips and customers
• Enable mobile app functionality and offline sync
• Process API requests and manage Account Codes
• Send service-related communications
• Improve our AI models and service quality
• Comply with legal obligations
• Prevent fraud and ensure security

4. Information Sharing and Disclosure

We DO NOT sell your personal or financial data. We may share your information with:

Service Providers

• Clerk: Authentication and user management
• Plaid: Bank account connections (with your consent)
• OpenAI/Anthropic: AI processing (anonymized data only)
• AWS Textract: OCR for credit card statements
• SendGrid: Email receipt processing
• Stripe: Payment processing for both services
• AWS/Neon: Data storage and infrastructure

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

5. Data Security

We implement industry-standard security measures:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• PCI DSS compliant card data handling (only last 4 digits stored)
• SOC2 compliant authentication (Clerk)
• Secure API keys (48-character Account Codes)
• Rate limiting and DDoS protection
• Regular security audits and monitoring
• Access controls and employee training
• Secure data centers with redundancy
• Multi-factor authentication options

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as necessary to provide our services:

• Active account data: Retained while your account is active
• Financial records: Available for 7 years to support tax compliance
• Data export: You can export all your data at any time for offline storage
• Self-managed retention: Delete individual receipts or trips as needed
• Account closure: Export your data first, then we'll remove it within 90 days
• Anonymized analytics: May be retained indefinitely

Note: We recommend keeping financial records for 7 years for IRS compliance, but you maintain full control over your data retention.

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications
• Restriction: Limit how we process your data

To exercise these rights, contact us at hello@fiscura.ai

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential cookies: Required for the Service to function
• Analytics cookies: To understand usage and improve our Service
• Preference cookies: To remember your settings

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

12. GDPR Compliance

For users in the European Economic Area, we comply with GDPR requirements:

• Lawful basis for processing (consent, contract, legitimate interests)
• Data minimization and purpose limitation
• Rights to access, rectification, erasure, and portability
• Data protection by design and default

13. AI and Machine Learning

We use AI to improve our services. Here's how:

• Receipt data is processed by AI for categorization
• Patterns are learned to improve accuracy for your account
• Anonymized data may be used to improve overall system performance
• You can opt-out of data use for AI improvement in settings

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance.

15. Contact Us

For privacy-related questions or concerns: