Your privacy matters to us.
This policy explains how we collect, use and protect your personal data in accordance with GDPR.
1. Data Controller
Fiscal.ia SAS
17 Chemin du Prieuré, 79260 La Crèche
Email: contact@ifg.tax
2. Data Collected
2.1 Identification Data
- Email (required to create an account)
- First and last name (optional)
2.2 Usage Data
- Tax questions asked (anonymized to improve the service)
- Connection logs (IP address, dates, times)
- Conversation history
2.3 Payment Data
- Payment information (processed by Stripe, not stored on our servers)
- Transaction history
3. Purposes of Processing
Your data is used to:
- Provide and improve the IFG service
- Manage your user account
- Process your payments
- Send service-related communications
- Ensure security and prevent fraud
- Comply with legal obligations
4. Legal Basis
We process your data based on:
- Contract performance: providing the requested service
- Consent: marketing communications (revocable at any time)
- Legitimate interest: service improvement, security
- Legal obligation: accounting, taxation
5. Data Sharing
Your data may be shared with:
- Supabase (Frankfurt, Germany): database and storage hosting (EU)
- Railway (Amsterdam, Netherlands): application hosting (EU)
- Stripe (Ireland): payment processing (PCI-DSS certified)
- Anthropic (USA): AI processing via API with pseudonymized and minimized data
Zero retention on AI provider side: AI APIs are configured under contractual “zero retention / no-training” terms for customer data sent to providers.
EU hosting: except AI inference, the platform (application, database, logs) is hosted in the European Union.
We never sell your data to third parties.
6. Your Rights (GDPR)
Under GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure: delete your data (“right to be forgotten”)
- Right to restriction: restrict processing of your data
- Right to data portability: receive your data in a structured format
- Right to object: object to processing
- Right to withdraw consent: at any time
To exercise these rights: contact@ifg.tax
7. Data Retention
- Account data: for the duration of your subscription + 3 years
- Payment data: 10 years (accounting obligation)
- Connection logs: 12 months (security)
8. Security
We implement appropriate security measures:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest
- Secure authentication
- Restricted access to personal data
- Monitoring and incident detection
- Processor selection based on recognized controls (e.g., ISO/IEC 27001, SOC 2, PCI-DSS where applicable)
9. Cookies
We use essential cookies required for website operation (session, authentication). Audience measurement cookies are optional and only activated after explicit consent.
10. Complaints
If you believe your rights are not respected, you may lodge a complaint with the CNIL (French Data Protection Authority):
CNIL
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07
www.cnil.fr
11. Changes
This policy may be updated. We will inform you of any material changes by email.