This Privacy Policy describes how Fiscal.ia SAS collects, uses, stores and protects personal data processed through the platform. It is aligned with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act (loi Informatique et Libertés). Matter facts submitted by professional users are treated under confidentiality undertakings and are never used to train AI models.
Fiscal.ia SAS is the data controller for personal data collected through the IFG platform, as defined in Article 4(7) of the GDPR. For data processing questions, right requests, or incident reporting, contact privacy@ifg.tax.
Where a professional user submits personal data relating to their own clients through the platform (for example, within a tax matter brief), the professional user acts as data controller in respect of that client data, and Fiscal.ia SAS acts as data processor within the meaning of Article 4(8) of the GDPR. A Data Processing Agreement aligned with Article 28 GDPR is available on request and is executed by default for Team engagements.
We collect only what is strictly necessary to provide the service, operate the platform securely, and meet our legal obligations.
Each processing activity has a defined purpose, a lawful basis under Article 6 of the GDPR, and a retention period. The following summary applies to personal data processed by Fiscal.ia as controller:
Where we rely on legitimate interests, we have conducted a documented balancing test and made the opt out available. Where we rely on consent, it can be withdrawn at any time without affecting prior lawful processing.
Access to personal data is restricted to Fiscal.ia personnel who need it to carry out their duties, and to the sub-processors listed below. Each sub-processor is bound by a written agreement meeting the requirements of Article 28 GDPR, including confidentiality, security, audit rights and assistance with data subject requests.
An updated list of sub-processors is available on request and is disclosed in advance to Team customers before onboarding a new sub-processor.
Personal data is primarily processed within the European Union. Certain AI inference operations may involve transfer to the United States when OpenAI US endpoints are used. Such transfers rely on one or more of the following safeguards under Chapter V of the GDPR:
If these safeguards cannot be maintained for a particular module, the module is either discontinued or reconfigured to run on an EU endpoint.
We implement technical and organisational measures aligned with Article 32 GDPR and the state of the art.
The IFG platform is used by tax counsel, accountants, and corporate tax teams. We recognise that information submitted in a matter may be covered by professional secrecy or legal privilege under the applicable bar or professional rules.
Accordingly: matter content is not used to train AI models; access within Fiscal.ia is restricted to personnel bound by confidentiality; matter content is not disclosed to any third party without the user’s instruction or a binding legal order; and where a binding legal order is received, we will where lawful notify the user before disclosure so counsel may assert applicable privilege.
Users retain full responsibility for whether, and how much, client information is submitted to the platform. We recommend redaction of client identifiers where not necessary to the research question.
IFG uses large language models to generate research memos, source rankings and risk flags. The memo is a first pass research document intended for counsel review. It is not a legal opinion, not a regulated decision, and does not produce automatic legal effect on the user or on any third party within the meaning of Article 22 GDPR.
All substantive professional decisions remain with the human counsel using the tool. The user is responsible for reviewing the output, verifying sources, and exercising independent professional judgement before any advice is rendered to a client.
Content submitted by users, including questions and attachments, is not used to train the underlying AI models. Contractual no training and reduced retention settings are enabled with AI sub-processors where available.
Subject to the conditions set out in the GDPR, you may exercise the following rights over personal data that Fiscal.ia processes as controller:
To exercise these rights, contact privacy@ifg.tax. We respond within one month of a valid request. We may request reasonable verification of your identity before processing.
IFG uses only strictly necessary cookies to operate the platform. Analytics and audience measurement cookies, where used, are activated only after explicit consent and may be declined without affecting access to the service.
The platform is restricted to tax professionals acting in a business capacity. We do not knowingly collect personal data from individuals under 18. If we become aware of such collection, we delete the data without delay.
You may lodge a complaint with the competent data protection authority if you believe that processing of your personal data infringes the GDPR. In France, the supervisory authority is the CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, www.cnil.fr. Residents of other EU member states may also lodge a complaint with their local supervisory authority.
We may update this Privacy Policy to reflect changes in law, service, or data protection practice. Material changes are communicated by email and through an in platform notice at least fifteen days before they take effect. The current version is always available at ifg.tax/privacy-policy.