Privacy Policy · FiskalScan

The short version

Hi, I'm Vjori Hoxha — a solo developer in Albania. I built FiskalScan because I was tired of stuffing receipts in shoeboxes. Here's what's actually true about your data:

Yours stays yours. I store your scanned receipts so you can search them later. I don't sell your data, ever, to anyone.
Minimal tracking. No ad networks. The website uses Google Analytics — only after you accept the cookie banner. Decline and nothing is sent. The mobile app uses no analytics at all.
A handful of standard providers do the heavy lifting — hosting in Germany, email delivery in the EU, Google Sign-In if you choose it, and Apple Sign-In on iOS. Full list below.
Delete anytime. One tap in the app, 30-day grace period, then everything is permanently erased.
You have full GDPR rights (access, deletion, portability, etc.) — exercise them by emailing contact@fiskalscan.com.

The formal version below is the same thing in legal language, written so app stores, lawyers, and the EU's data protection authority can find what they need. If a question isn't answered there, just email me.

1. Who is responsible for your data

FiskalScan ("FiskalScan", "we", "us") is operated independently by Vjori Hoxha, an individual sole operator based in Albania. Vjori Hoxha is the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and the Albanian Law on the Protection of Personal Data (Law No. 9887/2008, as amended).

For any privacy-related question, contact us at contact@fiskalscan.com. We aim to reply within 30 days, as required by Article 12(3) GDPR.

2. What this policy covers

This policy applies to the FiskalScan mobile app (iOS and Android), the website at https://fiskalscan.com, and the supporting backend services. It does not cover third-party services we link out to — for example, the official Albanian tax authority portal at tatime.gov.al, Google Sign-In, or Apple Sign-In, which have their own privacy policies.

3. The data we collect

We collect only what we need to run the service. There is no advertising, and no data is sold to anyone, ever. The only behavioural data is the optional website analytics described in §3.5.

3.1 Account information

Email address (required) — used to identify your account, send security and operational emails, and recover access.
First and last name — used inside the app to personalise the interface.
Hashed password — stored using the bcrypt algorithm. We never see, log, or have any way to recover your plaintext password.
Google account identifier — if you sign in with Google, we store the Google-issued user ID and the email address Google returns. We do not request or store any other Google profile data.
Apple account identifier — if you sign in with Apple on iOS, we store the Apple-issued user ID (the stable sub claim from the Apple identity token) and the email Apple returns. If you choose "Hide My Email", that email is Apple's privaterelay.appleid.com proxy address; we record a flag so we know it may change if you later revoke the relay. Apple does not return a profile picture or any other profile data.
Avatar URL — the URL of any profile picture you upload or that Google returns; the image itself is hosted by Google or our object storage. Apple Sign-In does not provide a profile picture.
Language preference (English or Albanian).
Push notification token — issued by Apple Push Notification service or Google/Expo for delivering in-app notifications.

3.2 Session and security data

IP address of the device making each request.
User-agent string (operating system, OS version, app version, device model, browser if applicable).
Device identifier — a UUID generated by the app on first launch, used so you can see and revoke individual devices on your "active sessions" screen.
Session timestamps — when a session was created, last seen, and signed out.

3.3 Receipt and invoice data

When you scan a fiscal QR code, FiskalScan reads the identifiers contained in the code and submits them to the official Albanian tax authority (General Directorate of Taxation). The tax authority responds with the full official invoice, which we store on your account so you can browse, search, and export it later. This includes:

Seller name, address, town, and tax identification number.
Invoice number, type, items, quantities, prices, VAT breakdown, totals, and currency.
Operator, business unit, and cash register codes, and the fiscal and invoice identifiers issued by the tax authority.
The verbatim response received from the tax authority, kept for audit and debugging purposes.

3.4 Diagnostic and support data

We keep short-lived server-side request logs containing the IP address, user-agent, request method, path, and response code. We do not log request bodies, passwords, tokens, or one-time codes — those are explicitly redacted before anything is written. Logs are retained for up to 30 days and then deleted.

3.5 Analytics (only with your consent, website only)

We use Google Analytics 4 on the website at https://fiskalscan.com to count visits, understand which pages people use, and measure how the product performs. We do not load it until you grant consent by clicking Accept on the cookie banner. Until then, no Google identifiers are stored and no analytics data is sent.

The FiskalScan mobile app does not use Google Analytics or any other behavioural analytics SDK. No usage data is collected from the app.

You can change your mind at any time. Use Cookie preferences in the footer; declining or revoking removes the related cookies (_ga, _ga_*) from your browser and stops further data collection in the current session.

When granted, Google Analytics processes pseudonymous usage data: the page viewed, referrer, approximate location derived from your IP address, device and browser/OS type, language, and an analytics identifier. Google Analytics 4 truncates the IP address before it is stored. Data is retained for 14 months. The legal basis is your consent under Art. 6(1)(a) GDPR.

4. Why we use your data, and the legal basis

Under GDPR Article 6 we process personal data on the following grounds:

Contract performance — Art. 6(1)(b): creating and managing your account, signing you in, scanning and storing your invoices, generating exports, and sending operational emails such as email verification, password reset, and account deletion confirmation.
Legitimate interest — Art. 6(1)(f): keeping the service secure, detecting abuse, debugging issues, and notifying you of new sign-ins on your account. Our legitimate interest is the secure operation of FiskalScan; we balance it against your rights and you can object at any time (see Section 8).
Legal obligation — Art. 6(1)(c): responding to lawful requests from competent authorities and complying with applicable Albanian and EU law.
Consent — Art. 6(1)(a): where required, for example to enable Google Analytics (see §3.5). You can withdraw consent at any time.

5. Who we share your data with

We share data only with the service providers ("processors") we need to run FiskalScan. We have a written processing agreement with each, and none of them are permitted to use your data for their own purposes. The current list:

Processor	What it does	Location
Hetzner Online GmbH	Hosting of the application server and database.	Germany (EU)
Amazon Web Services (AWS S3)	Stores generated export files temporarily so you can download them.	Germany / EU region
Google LLC (Google Sign-In)	Authenticates you when you choose to sign in with Google.	United States
Apple Inc. (Sign in with Apple)	Authenticates you when you choose to sign in with Apple on iOS.	United States
Google LLC (Google Analytics)	Aggregate usage statistics for the website only, with cookie banner consent. Not used in the mobile app.	United States
Expo / Apple / Google Push Notification services	Deliver push notifications to your device.	United States
Transactional email provider (SMTP relay)	Delivers account, security, and export-ready emails.	European Union

We do not use any third-party advertising networks or marketing platforms. The only analytics is the Google Analytics described in §3.5, used only with your prior consent.

6. International data transfers

Where a processor is based outside the European Economic Area (for example Google in the United States), the transfer is covered by the European Commission's Standard Contractual Clauses (SCCs) and the EU–U.S. Data Privacy Framework where applicable. We do not transfer data to countries that lack an adequate level of data protection without these safeguards in place.

7. How long we keep your data

Account data: kept for as long as your account exists. When you delete your account, the record is soft-deleted immediately and permanently erased after a 30-day grace period (see Section 8.4).
Invoice and export records: deleted together with your account.
Server logs: up to 30 days, then deleted.
Email verification and password reset codes: deleted within minutes of being used or expiring.

8. Your rights

Under GDPR (and the equivalent Albanian law) you have the following rights, free of charge, at any time:

Access — request a copy of the personal data we hold about you.
Rectification — correct anything inaccurate. Most fields you can edit yourself in the app under Profile.
Erasure ("right to be forgotten") — delete your account from inside the app, or write to us.
Restriction — ask us to pause processing while a dispute is resolved.
Portability — receive your invoice data in a machine-readable format. The in-app Export feature already provides this in CSV, Excel, or JSON.
Objection — object to processing based on legitimate interest (Section 4).
Withdraw consent — where processing is based on your consent.
Lodge a complaint with a supervisory authority. In Albania this is the Office of the Information and Data Protection Commissioner of the Republic of Albania (IDP) (https://www.idp.al). EU residents may also complain to the supervisory authority in their member state.

8.1 How to exercise your rights

The fastest way is to email contact@fiskalscan.com from the address on file. We will verify your identity and respond within 30 days. If we need longer, we will tell you and explain why.

8.2 Account deletion

You can delete your account at any time by opening the FiskalScan app and going to Profile → Delete account. The deletion flow re-verifies your identity (password, Google, or Apple), then immediately marks your account as deleted, signs you out of every device, and starts a 30-day grace period. During those 30 days you can recover the account by writing to contact@fiskalscan.com. After 30 days, your user record and all linked data — invoices, exports, sessions, verification tokens — are permanently deleted from our database. The action is irreversible at that point.

A standalone walkthrough is available at /account/delete, including the option to request deletion by email if you no longer have access to the app.

9. Security

All traffic to the FiskalScan API is encrypted in transit with TLS. Passwords are stored as bcrypt hashes and are never logged. The database and application servers run on a private network behind a firewall in an EU data centre, and are accessible only over SSH with key-based authentication. We follow the principle of least privilege for both human and automated access. No security system is perfect, but we treat your data as carefully as we'd want our own treated.

10. Children

FiskalScan is not directed at children under 13 (or under 16 in jurisdictions where that is the relevant age). We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account.

11. Changes to this policy

We may update this policy from time to time — for example, when we add a new service provider or change a feature. Material changes will be announced inside the app and by email to your registered address before they take effect. The current version is always the one published on this page; the "Last updated" date at the top reflects the most recent revision.

12. Contact

Questions, requests, or complaints about this policy or your data: contact@fiskalscan.com.