Only what's needed to run the service.
When you sign up, we collect your email address. When you use the product, we collect your organization name, user names, email addresses, uploaded financial files, workflow configurations, and computed results. We also store AI chat conversations — messages you send to and receive from Fiscle's AI features, including workflow setup assistance and the Assistant — within your organization's account.
Solely to deliver Fiscle to you.
We use your data to process your workflows, produce your deliverables, and communicate with you about your account. We never use your data for training AI models, advertising, or any purpose unrelated to delivering the service.
Encrypted, isolated, AWS-backed.
Data is stored on Supabase infrastructure backed by AWS, exclusively within the United States. Fiscle does not transfer customer data outside the US. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Logical isolation of each organization's data at the database layer, designed to prevent cross-organization access.
California privacy rights.
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights with respect to your personal information:
- Right to know what personal information we collect, use, disclose, and the sources and purposes.
- Right to delete personal information we have collected about you, subject to legal exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing for cross-context behavioral advertising. Fiscle does not sell or share customer data for cross-context behavioral advertising.
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising your privacy rights.
To exercise any of these rights, email privacy@fiscle.ai. We will confirm receipt by email and complete reasonable identity verification (matching the requesting email against the account on file, and a confirmation reply from that address) before fulfilling the request. We respond to verifiable requests within the timeframes required by California law.
Children's privacy.
Fiscle's Service is directed at fiscal and program staff at nonprofit organizations, not at children. Fiscle does not knowingly collect personal information from individuals under 13. If your nonprofit's programs serve children and you upload data about children to Fiscle, you are responsible under your own privacy obligations to those data subjects; Fiscle processes such data only as a service processor under the Data Processing Agreement.
Personnel access.
Fiscle personnel access customer data only when necessary to provide technical support you have requested, investigate a security incident, or comply with a legal obligation. Access is restricted to authorized personnel with multi-factor authentication enabled. We do not access customer data for marketing, training, sales prospecting, or any purpose unrelated to operating the Service.
Service providers we use.
Fiscle uses a small set of US-based service providers — Vercel (hosting), Supabase (database, authentication, file storage), Anthropic (AI processing), Resend (transactional email), and Stripe (billing) — to operate the platform. Each is bound by their respective data processing agreements. Per their commercial terms, these providers do not use Fiscle customer data to train generalized AI models, and do not resell customer data. The full, current list with locations and DPA links is published at fiscle.ai/subprocessors.
Fiscle also uses Sentry for application error monitoring. When an application failure occurs, Sentry receives an error stack trace and minimal runtime context (sanitized URL paths, request methods, error timestamps). Fiscle's Sentry integration is configured to suppress IP addresses, scrub authentication headers and token-like query parameters before send, and apply default sensitive-field scrubbing (passwords, credit card numbers, email patterns). Sentry is listed at fiscle.ai/subprocessors with full details.
We don't sell, rent, or share your data.
Your data is never shared with third parties beyond the service providers listed above. The only other exception is when required by law.
AI processing happens within your organization's scope.
Fiscle uses AI providers (Anthropic) to extract data from uploaded files and assist with workflow configuration. Anthropic does not train on Fiscle customer data per their commercial terms. AI extraction results are stored in Fiscle's database as workflow output, scoped to your organization, and retained while your subscription is active.
Peer benchmarks.
Fiscle computes aggregate statistics across customer organizations from de-identified categorical metadata about workflow corrections — including reason categories (e.g., “user error,” “Fiscle error,” “data issue”), regulation tags, and timing information. Underlying financial values, personally identifiable information, and tenant-specific identifiers are never included in aggregate computations.
Aggregate statistics may be displayed within Fiscle (e.g., showing your organization's correction patterns alongside anonymized peer ranges) or published in industry reports. Individual organizations are never identifiable in published statistics.
You may opt out at any time from organization settings. Categorical metadata captured while enabled remains in the aggregate dataset and contributes to historical computations; no further metadata from your organization will be added after opt-out.
Export and deletion.
You can request a full export of your data at any time by emailing privacy@fiscle.ai.
When you delete an unverified item in Fiscle (a workflow, file, chat, draft period, or run), the underlying database row is hard-deleted from active systems immediately — no soft-delete, no internal archive. Library files and workflow files are also removed from object storage at the same time.
Verified periods are an exception: they are retained as immutable audit records and cannot be deleted via the app. Self-service deletion preserves your verified audit log by design. For complete erasure including verified audit records and the versioned disclosure attestations tied to them, contact privacy@fiscle.ai — Fiscle will execute a manual purge upon written request, within a reasonable timeframe.
When an admin deletes the organization (Settings → Organization, available once any active Stripe subscription has been cancelled), Fiscle hard-deletes the entire organization record from active systems. This cascades to all workflows, workflow steps, periods, runs, files, chats, team-member records, invitations, and audit metadata. Object storage tied to the organization is also removed at the time of deletion.
Database backups taken by our database provider (Supabase) before the deletion are retained for 7 days, after which they are permanently overwritten. Object storage is not included in database backups; storage objects deleted from active systems are not recoverable.
Anthropic, our LLM provider, retains API request and response data for up to 30 days for abuse monitoring under their Commercial Terms; Anthropic does not train on Fiscle customer data. Sentry, our error monitoring provider, retains scrubbed error events for 30 days. Stripe, our payment provider, retains your billing history per their standard financial recordkeeping requirements; the Stripe customer record is intentionally preserved when a Fiscle organization is deleted, so that prior billing records remain available to you for tax and accounting purposes.
To exercise your CCPA / CPRA rights (including deletion of personal information, separate from organization deletion), see California privacy rights above.
Essential cookies only.
We use cookies for authentication and session management only. No advertising cookies, no behavioral tracking cookies, no third-party analytics cookies.
We do not use third-party analytics, behavioral tracking, or advertising tools. We do use Sentry for application error monitoring (see Service providers above) — error monitoring captures runtime failures, not user behavior or page-view tracking.
Material changes get 30 days advance notice.
We may update this policy from time to time. Non-material updates (clarifications, formatting, corrections) take effect when posted. Material changes — changes that expand the categories of personal information we collect, expand how we use or disclose personal information, or otherwise reduce your privacy rights — require at least 30 days advance email notice to administrators of active accounts before the change takes effect. Continued use of Fiscle after the effective date constitutes acceptance.
Questions? Reach out.
If you have questions about this policy, email us at privacy@fiscle.ai.
Fiscle LLC, a California limited liability company.
Version 2026-05-27, effective 2026-05-27.