Data Processing Agreement

Fiscov processes Personal Data on behalf of Customer solely to provide the Fiscov platform as described in the main agreement, for the duration of Customer's subscription plus any wind-down period.

Personal Data is processed to operate the platform, including authentication, integration sync with Stripe, Square, QuickBooks, and Shopify, financial reporting, forecasting, and customer support.

Customer's employees, contractors, customers, and other individuals whose data Customer chooses to import or sync.

Identification data (name, email), business contact data, transaction metadata, and any additional categories Customer chooses to provide via connected integrations.

Fiscov uses vetted sub-processors for hosting, database, email, and analytics. A current list is available on request and updated with at least 30 days' notice for material changes. Customer may object to a new sub-processor on reasonable grounds.

Fiscov implements appropriate technical and organizational measures including encryption in transit and at rest, role-based access control, row-level security, HMAC-signed OAuth state, audit logging, and least-privilege administration. See our Security overview.

Where Personal Data is transferred outside the EEA, UK, or Switzerland, Fiscov relies on the EU Standard Contractual Clauses and the UK Addendum, supplemented by additional safeguards where required.

Fiscov assists Customer in responding to data subject access, correction, deletion, and portability requests within statutory timelines.

Fiscov notifies Customer without undue delay (and in any event within 72 hours) of becoming aware of a Personal Data breach affecting Customer Data.

Customer may audit Fiscov's compliance with this DPA once per year on reasonable notice, or more often if required by a supervisory authority. Fiscov may satisfy audit obligations through independent third-party reports (e.g., SOC 2).

Upon termination, Fiscov deletes or returns Customer Personal Data within 30 days, except where retention is required by law.

For California residents, Fiscov acts as a “Service Provider” under the CCPA/CPRA and will not retain, use, or disclose Personal Information for any purpose other than the specific business purpose of providing the platform.

To execute this DPA, email legal@fiscov.com from an authorized signatory of your organization. A counter-signed copy will be returned for your records.