Privacy Policy

    Last updated: 2 June 2026

    1. Introduction

    Rolling Sloane Technology Limited ("we", "our", or "us") operates FiscalFox (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

    Company Details:
    Rolling Sloane Technology Limited
    124 City Road
    London EC1V 2NX
    England

    2. Information We Collect

    2.1 Information You Provide

    • Email address (for account creation and authentication)
    • Payment information (processed securely through Stripe)
    • Tax year selection and income information (for tax calculations)

    2.2 Transaction Data Processing

    Important: Built-in broker files are processed in your browser session. For unsupported brokers, the Other Broker AI import is opt-in: after sign-in and explicit consent, the file may be sent to our parser to extract transactions. We do not sell your transaction data.

    2.3 Automatically Collected Information

    • Usage analytics via PostHog (page views, feature usage)
    • Technical information (browser type, device type)
    • File metadata (filename, size, upload timestamp - not the content)

    3. How We Use Your Information

    We use the collected information to:

    • Provide and maintain our Service
    • Process your payments via Stripe
    • Generate capital gains tax reports
    • Send you important updates about the Service
    • Improve our Service through analytics
    • Comply with legal obligations

    4. Data Security

    We implement strong security measures to protect your information:

    • Client-side processing: Built-in broker transaction files are processed locally in your browser
    • AI import consent: Unsupported broker files are only sent to the AI parser after you opt in
    • Encryption: All stored data is encrypted using AES-256-GCM encryption
    • Secure authentication: Via Supabase with industry-standard protocols
    • Payment security: All payment processing handled by Stripe's PCI-compliant infrastructure
    • Session-based encryption keys: Encryption keys are derived from your session and cleared on logout

    5. Data Storage and Retention

    What we store:

    • Account information (email, encrypted settings)
    • Purchase history and payment records
    • File metadata (not content)
    • Generated report data (encrypted)

    What we DON'T store:

    • Your raw transaction files
    • Unencrypted financial data
    • Bank account details

    Data is retained for as long as your account is active. You may request deletion at any time.

    6. Third-Party Services

    We use the following third-party services:

    • Supabase: Authentication and encrypted data storage
    • Stripe: Payment processing (they handle your payment information directly)
    • PostHog: Anonymous usage analytics
    • Google Analytics 4: Website analytics to understand how visitors use our Service. Data is anonymised and we do not use it to personally identify you.
    • Google Ads: Conversion tracking and remarketing to measure the effectiveness of our advertising campaigns. We use Enhanced Conversions, which sends a hashed (irreversible) version of your email address to Google to improve conversion measurement accuracy.
    • CookieYes: Consent management platform that displays our cookie banner and records your consent preferences.

    We do not sell, trade, or otherwise transfer your information to third parties beyond these essential service providers.

    7. Your Rights (UK GDPR)

    Under UK data protection law, you have the right to:

    • Access: Request a copy of your personal data
    • Rectification: Request correction of inaccurate data
    • Erasure: Request deletion of your data
    • Portability: Receive your data in a portable format
    • Object: Object to processing of your data
    • Restrict: Request restriction of processing

    To exercise these rights, contact us at the address provided above.

    8. Cookies and Consent

    We use essential cookies for authentication and session management. Analytics and advertising cookies (including those set by Google Analytics and Google Ads) are only activated after you give your consent via our cookie banner, powered by CookieYes.

    How to manage your preferences: You can change or withdraw your cookie consent at any time by clicking the cookie icon that appears on every page, or by clearing your browser cookies. When consent is denied or withdrawn, Google tags operate in a privacy-safe "Consent Mode" that does not store cookies or collect personal data.

    9. Children's Privacy

    Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

    10. International Transfers

    Your information may be processed by our service providers in countries outside the UK. We ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

    12. Contact Information

    For questions about this Privacy Policy or to exercise your rights, contact us at:

    Rolling Sloane Technology Limited
    124 City Road
    London EC1V 2NX
    England

    13. Complaints

    If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.