Privacy Policy
Last updated: January 2024
1. Introduction
FiscFlowAI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our financial tracking platform.
2. Information We Collect
2.1 Account Information
When you register, we collect your email address and username. Your password is hashed and never stored in plain text.
2.2 Financial Data
We collect transaction data from your connected financial institutions. All financial data is encrypted end-to-end using your password-derived encryption key.
3. How We Use Your Information
We use your information to:
- Provide and maintain our services
- Process and display your financial transactions
- Generate financial summaries and insights
- Communicate important service updates
- Improve our platform and user experience
4. Data Security
We implement industry-leading security measures to protect your data:
- End-to-End Encryption: All transaction data is encrypted with AES-256-GCM before leaving your device
- Zero-Knowledge Architecture: We cannot decrypt your financial data without your password
- Secure Transport: All connections use TLS 1.3 encryption
- Access Controls: Strict access controls and audit logging
- Regular Security Audits: Ongoing security assessments and penetration testing
5. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:
- With Plaid: We use Plaid to connect to your financial institutions. Plaid's privacy policy applies to their data handling.
- Legal Requirements: When required by law or to protect our legal rights
- Service Providers: With trusted service providers who assist in operating our platform (under strict confidentiality agreements)
6. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your account and data
- Export your transaction data
- Opt-out of non-essential communications
7. AI Assistant Privacy & Data Usage
Privacy-First AI Architecture
Our AI Financial Assistant is built with privacy at its core. We use advanced anonymization techniques to ensure your personal information never reaches any AI system.
7.1 What Data is NEVER Shared with AI
The following personally identifiable information (PII) is completely stripped before any AI processing:
- Your Identity: Name, email address, username, phone number
- Account Information: Bank account numbers, routing numbers, card numbers
- Merchant Details: Specific merchant names, store locations, addresses
- Bank Information: Bank names, financial institution identifiers
- Transaction Details: Exact transaction dates/times, transaction IDs
- Personal Notes: Any custom notes or tags you've added to transactions
7.2 What Data IS Used by AI (Anonymized)
Only the following anonymized, aggregated data is used to provide AI insights:
- Aggregated Amounts: Total spending by category (e.g., "Category A: $500")
- Date Ranges: Time periods only (e.g., "Last 30 days", not specific dates)
- Categories: Generic spending categories (Food, Transportation, etc.)
- Statistics: Averages, totals, counts (no individual transaction details)
- Patterns: High-level trends and patterns (not tied to specific merchants)
7.3 How AI Anonymization Works
When you ask the AI Assistant a question, here's what happens:
7.4 AI Provider Information
We use third-party AI services to power our Financial Assistant. Important details:
- No PII Transmission: As detailed above, no personal information is ever sent to AI providers
- No Training on Your Data: Your anonymized data is not used to train AI models
- Temporary Processing: AI providers do not store or retain your query data
- Encrypted Transit: All API calls to AI providers use TLS 1.3 encryption
7.5 Your AI Privacy Controls
You have full control over AI feature usage:
- Optional Feature: AI Assistant is a premium feature you can choose to use or not
- Chat History: Stored locally in your browser, not on our servers
- Clear Anytime: You can clear your chat history at any time
- Account Deletion: Deleting your account removes all data, including any AI interaction logs
7.6 Example: What AI Sees
Your Question: "What did I spend the most on last month?"
What AI Receives:
{
"question": "What did I spend the most on last month?",
"context": {
"time_period": "last_30_days",
"categories": {
"Food & Dining": {"total": 450.00, "transaction_count": 23},
"Transportation": {"total": 200.00, "transaction_count": 8},
"Entertainment": {"total": 150.00, "transaction_count": 5}
},
"total_spending": 800.00,
"average_daily_spending": 26.67
}
}❌ No names, no merchant details, no account numbers, no specific dates
7.7 Questions About AI Privacy?
If you have any questions about how we protect your privacy when using AI features, please contact us at privacy@fiscflowai.com
8. Data Retention
We retain your data for as long as your account is active. Upon account deletion, we securely delete all your personal and financial data within 30 days, except where retention is required by law.
9. Cookies and Tracking
We use essential cookies to maintain your session. We do not use tracking cookies or third-party analytics that compromise your privacy.
10. Children's Privacy
Our service is not intended for users under 18 years of age. We do not knowingly collect information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our platform.
12. Contact Us
If you have questions about this Privacy Policy, please contact us at:
Email: privacy@fiscflowai.com
Customer Service: customerservice@fiscflowai.ca