Privacy Policy

1. Introduction

Fiscalo (“we”, “us”, or “our”) operates fiscalo.app, an AI-powered financial monitoring platform built for accounting firms. This Privacy Policy explains what information we collect, how we use it, and the choices you have regarding your data.

By using Fiscalo, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account information

• Name and email address of firm administrators and team members
• Firm name, country, and contact details
• Password (stored as a bcrypt hash — never in plain text)

QuickBooks data

• OAuth access and refresh tokens for connected QuickBooks Online companies (encrypted at rest using AES-256-GCM)
• Financial report data fetched from QuickBooks: Aged Receivables, Profit & Loss, Balance Sheet
• QuickBooks company name and Realm ID

Usage data

• IP addresses and request logs for security and rate limiting
• Timestamps of logins and sync operations

3. How We Use Your Information

• To provide, operate, and improve the Fiscalo platform
• To connect to your clients' QuickBooks accounts and generate financial insights
• To power AI-generated analysis using the OpenAI API (financial data is sent to OpenAI solely to generate insights)
• To authenticate users and maintain session security
• To send transactional communications related to your account
• To enforce rate limits and protect against abuse

4. Third-Party Services

Fiscalo uses the following third-party services to operate:

• Intuit QuickBooks Online — OAuth 2.0 integration to access client financial data on your behalf
• OpenAI — Financial report data is processed by OpenAI's API to generate AI insights. OpenAI's data usage policy applies.
• MongoDB Atlas — Database hosting for all application data (AWS infrastructure)
• Render — Backend API hosting
• Vercel — Frontend hosting

We do not sell your data to any third party. Data shared with the above providers is strictly necessary to operate the service.

5. Data Retention

We retain your account data for as long as your subscription is active. Financial insight data synced from QuickBooks is retained to provide historical analysis within the platform. You may request deletion of your account and associated data at any time by contacting us.

6. Security

We take the security of your data seriously. QuickBooks OAuth tokens are encrypted using AES-256-GCM before being stored. Passwords are hashed with bcrypt. All data in transit is protected by TLS. Access to production systems is restricted to authorised personnel only.

No method of electronic transmission or storage is 100% secure. In the event of a data breach, we will notify affected users as required by applicable law.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Disconnect your QuickBooks integration at any time from within the platform

To exercise any of these rights, contact us at fiscalo.app@gmail.com.

8. Cookies

Fiscalo uses session cookies strictly necessary for authentication (NextAuth.js). We do not use tracking, advertising, or analytics cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For any questions about this Privacy Policy, contact us at: