Privacy Policy

Effective: 2026-05-04 · Last updated: 2026-05-04

1. Who we are

Fiscademy is a financial-education site providing free calculators and articles. For the personal data described below, Fiscademy is the data controller.

2. What this policy covers

The site at fiscademy.com, including calculators, blog, chatbot, saved snapshots, shareable links, and accounts.

3. Data we collect

You provide

  • Email and password (when you create an account).
  • Calculator inputs — these stay in your browser unless you save a snapshot to your account.
  • Chatbot messages — stored against your account if signed in.

Automatic

  • Device and browser metadata (user agent, screen size).
  • IP address — used by our hosting provider for server logs and abuse prevention; sent to Google Analytics where it’s used briefly for approximate geolocation and discarded (GA4 does not store IP addresses).
  • Pages visited and interaction events — full event tracking only after you accept analytics on the cookie banner. See Section 5 for what’s collected before that.

Cookies

See Section 5.

4. Why we use it

  • Provide the service (auth, calculation, snapshot storage).
  • Save and load your scenarios.
  • Debug errors and prevent abuse.
  • Measure aggregate usage to improve the site.
  • Communicate about your account (email verification, password reset).

5. Cookies & analytics

Strictly necessary

Always on.

  • Session cookies (NextAuth).
  • CSRF tokens.
  • Theme preference.

Consent cookie

Set by us.

  • consent — records your banner choice (granted or denied). Expires after 1 year.

Analytics

Google Analytics 4 (_ga, _ga_<measurement_id>).

  • We use Google Consent Mode v2.
  • Before you accept: no analytics cookies are set. Google receives a minimal cookieless ping per page (no event payload, no identifiers) used only to estimate aggregate traffic. Nothing else is sent.
  • After you accept: cookies are set and the events listed below are sent.

What we send to GA4 (when consent is granted):

  • Page views.
  • Calculator events — calculator_view, calculator_run,calculator_input_changed, calculator_error — with the calculator id, bucketed counts and durations. Never raw input values.
  • Snapshot events — snapshot_saved, snapshot_loaded,snapshot_deleted, share_link_created, share_link_visited — with the calculator id only.
  • Chatbot events — chatbot_opened, chatbot_message_sent,chatbot_response_received, chatbot_session_ended — with bucketed message length and latency. Never message content.
  • Auth events — sign_up_started, sign_up_completed, login,logout, password_reset_requested — with the auth method only.
  • Content events — blog_post_view, scroll_depth — with slug and depth.
  • Engagement — outbound_click — with the destination domain only.

What we never send:

  • Raw values from calculator inputs (income, savings, age, etc.).
  • Chatbot message content.
  • Email addresses, names, or any direct identifier.
  • Hashed user IDs (we don’t link analytics to your account).

Manage cookie preferences

Use this button to reopen the consent banner and change your choice at any time:

6. Sharing

We use service providers as processors:

  • Google (Google Analytics 4) — when you’ve accepted analytics.
  • DigitalOcean — hosting infrastructure and server logs.
  • Our authentication provider — account credentials and sessions.

We do not sell personal data. We do not run ads.

7. Retention

  • Account data: until you delete your account.
  • Snapshots: until you delete them.
  • Analytics in GA4: Google’s default retention period (currently 14 months, configurable in GA4).
  • Server logs: 30 days.

8. Your rights

You have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your data.
  • Withdraw analytics consent at any time (via the Manage cookie preferences button above).
  • Lodge a complaint with your local data-protection authority.

EU and UK users have rights under GDPR / UK-GDPR. California users have rights under the CCPA / CPRA. Canadian users have rights under PIPEDA. To exercise any right, email [email protected].

9. Children

Fiscademy is not directed at children under 13 (United States) or 16 (European Union). We do not knowingly collect personal data from children. If you believe a child has provided us data, email [email protected] and we will delete it.

10. Changes & contact

We may update this policy. The effective date at the top will change when we do; material changes will be communicated in-product. Questions: [email protected].