Privacy Policy

1. Who we are

The data controller for this Privacy Policy is KONNECTE LTD, a company incorporated in England & Wales, with its registered office at 124 City Road, London EC1V 2NX, United Kingdom (“we”, “us”, “our”, or “KONNECTE”). FiscalEyes is a service provided by KONNECTE LTD.

For privacy inquiries, data-subject requests or any general concerns about how your personal data is processed, contact us at privacy@fiscaleyes.com or through our parent company at info@konnecte.com.

2. Scope

This Privacy Policy describes how we collect, use, share and safeguard personal data when you:

• visit the FiscalEyes website, including our landing pages;
• register for, subscribe to, or otherwise use the FiscalEyes platform (“Service”);
• contact us by email, the contact form, chat or phone; or
• interact with FiscalEyes marketing, webinars, partner programs or events.

This policy applies globally and is supplemented, where applicable, by regional privacy notices and, for enterprise customers, by a separate Data Processing Agreement (see Data Processing Agreement).

3. Personal data we collect

We collect only the data we need to operate, secure and improve the Service. The categories of data include:

3.1 Data you give us

• Account details: first name, last name, email address, company name, job title, phone number (including dial-in country code), hashed password.
• Billing details: billing address, VAT / tax ID, payment card last-4 and expiry (full card numbers are tokenized by our PCI-DSS-certified payment processor and never stored by us).
• Workspace content: structures, jurisdictions, scenarios, documents you upload to the knowledge base, AI prompts and responses, notes, comments, and any other material you create or store in the Service.
• Support communications: the contents of messages submitted via our contact form, support channels, or correspondence with our team.

3.2 Data collected automatically

• Log data: IP address, device identifiers, browser type and version, operating system, referring URL, the pages or features you use, and timestamps.
• Usage data: AI credit consumption, feature usage analytics, error events and performance telemetry.
• Cookies and similar technologies: as described in our Cookie Policy.

3.3 Data from third parties

• Sign-in providers (e.g. Google) if you use social sign-in — only the fields they expose (name, email, profile picture).
• Payment processors (Stripe) for subscription, dunning and billing status.
• Enrichment and anti-fraud signals used to protect the Service from abuse.

4. How we use personal data

We use personal data for the following purposes and only for as long as needed:

• Provide the Service — authenticate users, deliver jurisdictional data, execute AI analyses, persist your workspace, invoice subscriptions.
• Customer care — respond to contact-form submissions, support tickets, and sales inquiries.
• Product improvement — measure performance, debug errors, build features, run aggregated analytics.
• Security & fraud prevention — detect abuse, enforce rate limits, maintain audit logs, preserve data integrity.
• Legal & compliance — comply with tax law, sanctions, KYC / AML obligations, and lawful requests from public authorities.
• Marketing — send service updates and, where permitted, product newsletters. You can unsubscribe at any time.

5. Legal bases (UK / EU GDPR)

We rely on the following legal bases under Articles 6 and 9 of the UK GDPR and EU GDPR:

• Contract — to deliver the Service you sign up for.
• Legitimate interests — to secure, improve, and commercialize the Service, provided your rights do not override these interests.
• Consent — for optional cookies, marketing emails, and certain processing described in the cookie banner.
• Legal obligation — to meet our tax, accounting, and regulatory duties.

6. AI processing

FiscalEyes relies on proprietary and third-party large language models to deliver its analysis tools. When you submit a prompt or document:

• your input is transmitted to the model provider over an encrypted channel and is processed solely to generate the response you requested;
• we configure providers to not use your inputs or outputs for model training and, where available, to enforce zero-retention policies;
• responses are cached on our infrastructure to accelerate repeat queries and maintain audit-grade history on your account;
• you remain the sole owner of the prompts, uploaded documents and resulting outputs generated on your account.

7. Sharing of personal data

We do not sell personal data. We share it only with carefully-selected recipients and only when necessary:

• Sub-processors supporting hosting (Vercel, AWS, Neon), authentication, analytics, AI inference, customer support, payment processing, email delivery, and security. A current list is available on request at privacy@fiscaleyes.com.
• Professional advisers (auditors, lawyers, insurers) under appropriate confidentiality obligations.
• Authorities where disclosure is required by law, court order, or valid regulatory request.
• Corporate transactions — in the context of a reorganization, merger, or sale of assets, subject to equivalent safeguards.

8. International transfers

Personal data may be processed outside the UK / EEA, including in the United States. When this happens, we rely on recognised transfer mechanisms: Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where relevant, adequacy decisions (UK-US Data Bridge, EU-US Data Privacy Framework). We also perform transfer impact assessments where appropriate.

9. Retention

We keep personal data only for as long as needed to provide the Service and to meet our legal obligations:

• Active accounts: for the lifetime of the subscription.
• Workspace content: up to 90 days after account deletion, to allow recovery; then irreversibly deleted.
• Billing & tax records: at least 7 years, as required by HMRC and applicable tax authorities.
• Contact-form submissions: up to 24 months from the last interaction.
• Security and audit logs: up to 24 months.

10. Security

We apply industry-standard technical and organisational measures, including: AES-256 encryption at rest, TLS 1.2+ in transit, hardened cloud infrastructure, least-privilege role-based access control, multi-factor authentication for staff, SOC 2 Type II aligned controls, continuous vulnerability scanning, and incident-response procedures. While no system is perfectly secure, we strive to align with the highest standards of the industry at all times.

11. Your rights

Subject to applicable law, you have the right to:

• access a copy of the personal data we hold about you;
• correct inaccurate or incomplete data;
• request erasure, subject to our legal and accounting retention duties;
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent where processing is based on consent;
• lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email privacy@fiscaleyes.com.

12. Children

FiscalEyes is intended for tax and finance professionals and is not directed to individuals under 18. We do not knowingly collect data from children. If you believe a minor has shared personal data with us, contact us immediately and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect operational, legal or regulatory changes. Material changes will be notified by email or through an in-app notice at least 14 days in advance. The most current version is always available at fiscaleyes.com/privacy.

14. Contact

KONNECTE LTD
124 City Road, London EC1V 2NX, United Kingdom
info@fiscaleyes.com · privacy@fiscaleyes.com