Fissure Privacy Policy

Effective date: April 27, 2025

1. Who we are

Legal entity	Vincere Software Inc.
Privacy contact	aedin@getfissure.com ·+1 763‑339‑9936

2. Scope & audience

This Policy applies to information we collect from U.S. construction businesses that sign up for Fissure and from their authorized employees and contractors (“Users”). We do not knowingly serve or collect data from anyone under 16 years old.

3. Information we collect

Category	Examples	Source	Purpose*
Account & Identity	Name, e‑mail, phone, company name, EIN, job title	User onboarding forms	A, B
Financial	Bank‑account tokens, account & routing numbers, card spend, job‑cost codes	Plaid Link, Stripe APIs, in‑app entries	A, B, C
Support	E‑mails, chat/call recordings, attachments	User communications	D

*Purpose codes—see §4 below: A = Provide & secure the service; B = Comply with law/KYC; C = Improve product; D = Support & QA.

We do not collect government‑issued IDs, device fingerprinting data, or analytics cookies at this time.

4. How we use your information

Provide & operate Fissure —create accounts, display transactions, generate reports, and handle receipt uploads.
Issue & service payment instruments through Stripe Issuing, including fraud monitoring and regulatory reporting.
Bank connectivity via Plaid to retrieve balances and transactions you explicitly connect.
Legal & compliance such as AML, bookkeeping, and tax obligations.
Product improvement using aggregated, de‑identified usage patterns (never for advertising).
Support & training by reviewing tickets and recordings to troubleshoot issues and improve quality.

5. Sharing & disclosure

Recipient	Role	Data shared	Safeguards
Stripe, Inc.	Card issuing, payments	Cardholder PII, tokenized PAN, spend data	PCI‑DSS L1, SOC 2
Plaid Inc.	Bank connectivity	Account tokens, balances, transactions	SOC 2
Supabase, Inc.	Cloud database & storage	All in‑app data	Encryption at rest & in transit

We may also disclose information to regulators, auditors, or advisors when legally required. We never sell or share data for cross‑context behavioral advertising.

6. Data retention & deletion

Active customer data are retained for the life of the account. When an account is closed, all personal and financial data are automatically deleted 30 days later, except (i) information Stripe or Plaid must keep under card‑network or banking regulations, and (ii) backups retained for 30 additional days before secure purge.

7. Security measures

AES‑256 encryption at rest; TLS 1.3 in transit
Role‑based access controls and least‑privilege employee permissions
Continuous monitoring, vulnerability scanning, and annual penetration tests
PCI‑DSS compliance via Stripe; Plaid tokenization—no raw bank credentials stored

8. International transfers

All data are stored on U.S. servers. We do not market or provide services outside the United States. If that changes, we will update this Policy and implement appropriate transfer mechanisms.

9. Your privacy choices & rights

Regardless of U.S. state, you have the right to access, correct, or delete your personal data. You can also opt out of marketing emails via the “unsubscribe” link or by contacting us. Exercising these rights will not affect service levels or pricing.

10. Cookies & similar technologies

Fissure uses only essential cookies for session management and CSRF protection. We do not use advertising or analytics cookies.

11. Children’s privacy

Fissure is directed to adults 16 years or older. We do not knowingly collect data from anyone under 16. If you believe a minor has provided information, contact us and we will delete it.

12. Changes to this policy

We will post any revisions on this page and update the effective date above. For material changes, we will also email account owners at least 15 days in advance.

13. Contact us

Questions or concerns? Email aedin@getfissure.com, Attn: Privacy. You may also call +1 763‑339‑9936.