Polsia, Inc. ("Polsia," "we," "our," or "us") operates the Fiscal platform and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Fiscal's services ("Services"). By using Fiscal, you agree to the practices described in this policy.
1. Information We Collect
1.1 Information You Provide
- Account information: Name, email address, company name, and password when you register
- Billing information: Credit card details processed securely by Stripe — we do not store payment card data
- Communications: Emails, support tickets, and feedback you send to us
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, clicks, and interaction patterns
- Device data: Browser type and version, operating system, device identifiers
- Log data: IP address, access times, and referring URLs
1.3 Information from Third Parties
- Plaid: When you connect a bank account via Plaid, we receive transaction data (dates, amounts, merchant names, categories) on your behalf. We do not receive your bank login credentials.
- Stripe: Subscription and billing confirmation data from Stripe's payment processing platform.
2. How We Use Your Information
We use the information we collect to:
- Deliver, operate, and improve the Services
- Detect and flag expense anomalies (duplicate charges, subscription creep, vendor overpayments, threshold violations)
- Send you account-related emails (usage alerts, reports, billing notifications)
- Process payments via Stripe
- Respond to your support requests and questions
- Generate aggregate analytics and insights (never identifying you individually without consent)
- Prevent fraud, enforce our Terms of Use, and comply with legal obligations
3. Bank Connections and Plaid
Fiscal uses Plaid, Inc., a licensed provider of bank connectivity, to access your financial institution data. When you connect an account through Plaid:
- We receive read-only transaction data as authorized by your bank
- We do not store your bank login credentials — these are held exclusively by Plaid
- We do not initiate payments, modify account settings, or transfer funds through bank connections
- You may disconnect a bank connection at any time through your Fiscal account settings or by revoking access in your Plaid dashboard
Review Plaid's Privacy Policy for details on how they handle your data.
4. Cookies and Tracking
We use cookies and similar tracking technology to:
- Keep you logged in to Fiscal (session cookies)
- Understand how you use the platform (analytics cookies)
- Remember your preferences and settings
We do not use tracking cookies for cross-site advertising, and we do not share tracking data with third-party advertising networks.
5. Data Sharing
We do not sell your personal data. We share information only in the following limited circumstances:
- Service providers: Trusted third parties who process data on our behalf — Stripe (payments), Plaid (bank connectivity), Neon (database hosting). These providers are contractually bound to use your data only as necessary to provide their services.
- Legal compliance: When required by law, court order, or government request, or when necessary to protect our rights and the safety of users.
- Business transfers: If Polsia is acquired by or merged with another company, your data may transfer to the successor entity under the same privacy protections.
6. Data Security
We take security seriously:
- All data encrypted in transit using TLS 1.2+
- Sensitive data (tokens, credentials) encrypted at rest using AES-256-GCM
- OAuth tokens for service connections encrypted before storage
- Access controls restrict data access to authorized personnel only
- Regular security reviews and infrastructure updates
No security measure is 100% impenetrable. If you become aware of a security vulnerability, contact us immediately at security@polsia.com.
7. Data Retention
We retain your data for as long as your account is active, and for a period afterward as necessary to comply with legal obligations, resolve disputes, and enforce agreements. Specifically:
- Active accounts: Data retained for the duration of your subscription
- After cancellation: Your data is retained for 90 days, then permanently deleted from our production servers unless a legal hold applies
- Bank transaction data: Deleted within 30 days of account cancellation or data disconnection
- Analytics data: Retained in aggregate form indefinitely for service improvement; individual session data anonymized after 12 months
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of the personal data we hold about you
- Correct: Request correction of inaccurate or incomplete data
- Delete: Request deletion of your personal data ("right to be forgotten")
- Port: Request export of your data in a machine-readable format
- Object: Opt out of certain data processing (e.g., marketing emails)
- Restrict: Request that we limit how we process your data
To exercise any of these rights, email privacy@polsia.com. We will respond within 30 days. For EU users, our Data Protection Officer can be reached at the same address.
Note for EU/UK users: Polsia is not currently subject to GDPR enforcement as we do not have established operations in the EU. However, we follow GDPR principles as a matter of practice and will honor individual rights requests regardless of your location.
9. Children's Privacy
Fiscal is not directed to or intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that data promptly.
10. International Data Transfers
Fiscal operates from the United States. If you access the Services from outside the US, your data will be transferred to and processed in the US. By using Fiscal, you consent to such transfers. For users in jurisdictions with specific transfer requirements (e.g., the EU), we use Standard Contractual Clauses and other safeguards as appropriate.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email to your registered address and/or by posting a notice on this page. Material changes take effect 30 days after notice. Continued use of Fiscal after the notice period constitutes acceptance of the updated policy.
12. Contact
Questions about this Privacy Policy or our data practices?
Polsia, Inc.
Attn: Privacy
Delaware, USA
Email: privacy@polsia.com
We will respond within 30 days of receipt.
This Privacy Policy was last updated on April 24, 2026. Previous versions are available upon request.