Privacy Policy

FIScom AI is the Data Controller responsible for your personal data under the General Data Protection Regulation (GDPR).

Data Controller Information:

• Name: FIScom AI

• Country: North Macedonia

• Service Type: AI-powered business intelligence and reporting platform

• Contact: privacy@fiscom-ai.com

As the Data Controller, FIScom AI determines the purposes and means of processing your personal data and is responsible for ensuring compliance with applicable data protection laws.

We collect information you provide directly to us, including:

• Account information (name, email, company name, phone number)

• Payment information (processed securely through third-party payment processors)

• Data you upload to our platform for analysis and report generation

• Communications with our support team

• Usage data and analytics (pages visited, features used, time spent)

• Device information (IP address, browser type, operating system)

We use the information we collect to:

• Provide, maintain, and improve our services

• Process your data and generate reports

• Send you technical notices, updates, and support messages

• Respond to your comments and questions

• Detect, prevent, and address technical issues and security threats

• Comply with legal obligations and enforce our terms

• Analyze usage patterns to improve user experience

Under GDPR, we process your personal data based on the following legal grounds:

• Contractual necessity: To provide our services as agreed in our Terms of Service

• Legitimate interests: To improve our services, ensure security, and prevent fraud

• Legal obligation: To comply with applicable laws and regulations

• Consent: Where you have explicitly consented to specific processing activities

You have the right to withdraw consent at any time where processing is based on consent.

We implement industry-standard security measures to protect your data:

• AES-256 encryption for data at rest

• TLS 1.3 encryption for data in transit

• SOC 2 Type II certified infrastructure

• Regular security audits and penetration testing

• Access controls and authentication mechanisms

• Data is stored in secure, redundant data centers in the EU and US

• Automatic backups with 30-day retention

• Employee access is logged and monitored

We retain your data for as long as necessary to provide our services:

• Account data: Retained while your account is active

• Uploaded data: Retained according to your plan (30-90 days for deleted files)

• Generated reports: Retained for 12 months or as specified in your plan

• Backup data: Retained for 30 days

• Upon account deletion, all data is permanently deleted within 30 days

• Legal compliance may require longer retention in specific cases

We do not sell your personal data. We may share information in limited circumstances:

• Service providers: Third-party vendors who assist in providing our services (hosting, payment processing, analytics)

• Legal requirements: When required by law, court order, or government request

• Business transfers: In connection with a merger, acquisition, or sale of assets

• With your consent: When you explicitly authorize us to share information

• All third-party service providers are contractually bound to protect your data

As the Data Controller, FIScom AI ensures you have the following rights under GDPR:

• Right of access: Request a copy of your personal data we hold

• Right to rectification: Correct inaccurate or incomplete personal data

• Right to erasure ("right to be forgotten"): Request deletion of your personal data

• Right to restriction of processing: Limit how we process your data

• Right to data portability: Receive your data in a structured, machine-readable format

• Right to object: Object to processing based on legitimate interests or direct marketing

• Right to withdraw consent: Withdraw consent at any time where processing is based on consent

• Right to lodge a complaint: File a complaint with your national data protection authority

To exercise any of these rights, contact us at privacy@fiscom-ai.com. We will respond within 30 days as required by GDPR.

We use cookies and similar technologies to:

• Essential cookies: Required for the platform to function

• Analytics cookies: Understand how users interact with our platform

• Preference cookies: Remember your settings and preferences

• You can control cookies through your browser settings

• Disabling certain cookies may limit platform functionality

Important information about AI-generated content:

• Your data is processed by AI models to generate reports and insights

• AI models are trained on aggregated, anonymized data only

• Your specific data is never used to train models for other customers

• Each organization's AI processing is isolated and secure

• AI-generated outputs should be reviewed by qualified professionals before use

• We do not guarantee 100% accuracy of AI-generated content

• You are responsible for verifying AI outputs before making business decisions

Your data may be transferred to and processed in countries other than your own:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission

• Data transfers comply with GDPR and applicable data protection laws

• Enterprise customers can specify data residency requirements

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered email address

• Prominent notice on our platform

• Updating the "Last Updated" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy.

For privacy-related questions, to exercise your GDPR rights, or to contact the Data Controller:

• Data Controller: FIScom AI

• Email: privacy@fiscom-ai.com

• Data Protection Officer: dpo@fiscom-ai.com

• Country: North Macedonia

We will respond to all requests within 30 days as required by GDPR.

If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority.