Fiskl AI official logo
Start for free
Sign in
Start for free
  • Home
  • Customer Specific Supplement

Customer Specific Supplement

This Customer-Specific Supplement (the “Supplement”) supplements and forms part of the Customer Terms of Service between you (the Customer) and the relevant member of the Fiskl Group (“Fiskl”). It applies to specific categories of Customer set out below. Where you fall within more than one category, the relevant provisions of each apply.

In the event of conflict between this Supplement and the Customer Terms of Service in respect of a category covered by this Supplement, this Supplement prevails, except where the Customer Terms of Service or applicable mandatory law grants stronger protection to you.

Defined terms in the Customer Terms of Service apply here unless otherwise stated.

1. Sole Traders and Other Customers Who Are Consumers

1.1 Who this section applies to

This section applies if you qualify as a consumer under the law of your jurisdiction. Examples:

  • United Kingdom — a consumer under the Consumer Rights Act 2015 (typically a sole trader acting wholly or mainly outside their business);
  • European Economic Area — a consumer under EU consumer protection law (Directive 2011/83/EU and equivalents);
  • United States, Canada, Australia, and other jurisdictions — equivalent consumer-protection regimes.

If you are a registered company, partnership, or other organisation acting in the course of business, you do not qualify as a consumer under this section.

1.2 Consumer rights preserved

Nothing in the Customer Terms of Service, this Supplement, the Acceptable Use Policy, the Atlas Terms Supplement, or any Order Form excludes, restricts, or modifies any consumer right that cannot be excluded, restricted, or modified by contract under applicable mandatory law.

In particular:

  • UK consumers retain rights under the Consumer Rights Act 2015 (services to be performed with reasonable care and skill, supplied within a reasonable time, and at a reasonable price), the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (right of withdrawal where applicable), and other consumer-protection law.
  • EU/EEA consumers retain rights under the Consumer Rights Directive, the Unfair Contract Terms Directive, and equivalent national law.
  • Other consumer regimes retain whatever statutory rights apply.

1.3 Cooling-off / right of withdrawal

Where the law of your jurisdiction grants a cooling-off or right of withdrawal in respect of distance contracts for digital content or services, and where that right has not been waived by you (where waiver is permitted), you may exercise that right by contacting support@fiskl.com within the applicable period. Refunds for any amount you have paid are processed in line with the applicable law.

1.4 Consumer disputes

Where you are a consumer in the UK, EEA, or another jurisdiction whose mandatory law grants you the right to bring proceedings in your local courts, that right is preserved. The English-law / English-courts provisions in section 16 of the Customer Terms of Service apply where compatible with that mandatory law.

2. Regulated Professionals

2.1 Who this section applies to

This section applies if you are an accountant, bookkeeper, lawyer, financial adviser, tax adviser, auditor, healthcare provider, or other regulated professional using the Fiskl Platforms in the course of your professional practice. It also applies to professional firms employing such professionals.

2.2 Your professional obligations

Your use of the Fiskl Platforms must comply with the rules of your professional regulator, including:

  • accountancy bodies (such as ICAEW, ACCA, AICPA, CPA Australia, CPA Canada, CA ANZ, SAICA, IFAC member bodies);
  • legal regulators (such as the SRA, BSB, equivalent state bar associations, Law Society of England and Wales, and equivalents);
  • financial-services regulators (such as the FCA, SEC, FINRA, ASIC, MAS, and equivalents — to the extent your activity is regulated by them);
  • healthcare regulators (such as the GMC, GDC, NMC, state medical boards, CQC, HCPC, and equivalents);
  • tax-adviser regulation (such as HMRC standards, Circular 230 in the United States, and equivalents).

2.3 Confidentiality and your clients

You acknowledge that the Fiskl Platforms are a tool you choose to use in your professional practice. Your duties of confidentiality, conflict-of-interest avoidance, professional secrecy, and fiduciary care toward your own clients are matters between you and your clients. Fiskl does not become a party to your professional engagement.

2.4 No reliance on Fi for professional advice

Fi outputs and other AI-generated content in the Fiskl Platforms are tools to support your work. They are not substitutes for your own professional judgement, training, qualifications, and verification, and they are not regulated advice in any jurisdiction. You must apply your own professional skill and care to all outputs of the Fiskl Platforms before using them for, or communicating them to, your clients.

2.5 Atlas Firm overlap

If you are an accountancy or bookkeeping firm using Atlas, the Atlas Terms Supplement applies to your Atlas-specific activities. This Supplement applies in addition.

3. Healthcare Providers and Customers Processing Health Data

3.1 Who this section applies to

This section applies if you are:

  • a healthcare provider (medical practice, dental practice, mental-health practitioner, allied-health practitioner, veterinary practice, hospital, clinic, pharmacy, or equivalent);
  • a healthcare-adjacent business (medical-billing service, healthcare administrator, practice manager, or equivalent);
  • any other Customer that may submit information about identifiable health-status, treatment, or diagnosis of natural persons through the Fiskl Platforms (including in invoices, customer records, customer notes, expense records, or attachments).

3.2 Fiskl is not a Business Associate and the Fiskl Platforms are not HIPAA-compliant

You acknowledge and agree that:

  • Fiskl is not a “Business Associate” as defined in the United States Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and related regulations;
  • Fiskl does not offer, and will not enter into, a Business Associate Agreement (BAA) for use of the Fiskl Platforms;
  • the Fiskl Platforms are not designed, configured, or certified for the storage, transmission, or processing of “Protected Health Information” (“PHI”) as defined in HIPAA;
  • the Fiskl Platforms are similarly not certified or configured for compliance with the equivalent health-data regimes in other jurisdictions, including (without limitation):
  • UK / EEA — Article 9 of UK GDPR / EU GDPR (data concerning health), the UK Data Protection Act 2018 health-data provisions, and the NHS Data Security and Protection Toolkit;
  • Canada — provincial Personal Health Information Protection Acts (PHIPA in Ontario, equivalents in other provinces);
  • Australia — the Privacy Act 1988 (Cth) health-information provisions and the My Health Records Act 2012;
  • New Zealand — the Health Information Privacy Code 2020;
  • California — the Confidentiality of Medical Information Act (CMIA);
  • South Africa — POPIA’s special-personal-information provisions;
  • and equivalent regimes elsewhere.

3.3 Your obligation: do not submit PHI or equivalent health data

You must not submit PHI or equivalent health data to the Fiskl Platforms, whether intentionally or inadvertently, including in:

  • invoice line-item descriptions or notes;
  • customer (patient) records and customer notes fields;
  • expense records or attachments;
  • bills, receipts, or transaction memos;
  • documents or attachments uploaded to the Fiskl Platforms;
  • inputs to Fi (including conversational queries that reference patient health information);
  • product/service catalogue descriptions;
  • email content sent through the Fiskl Platforms.

If you must record health-related information for legitimate business reasons, use generic, non-identifying descriptors (“Consultation”, “Treatment”, “Procedure code A123” — without the patient’s identity in the same record), and rely on a separate HIPAA-compliant or equivalent practice-management or electronic-health-record system to store the identifiable clinical details.

3.4 Customer responsibility for PHI that does enter the Fiskl Platforms

If PHI or equivalent health data is submitted to the Fiskl Platforms in breach of section 3.3:

  • you remain the Controller of that data under applicable data protection law;
  • Fiskl is not a Business Associate, joint Controller, or joint Processor in respect of that data;
  • you are solely responsible for any consequences of the breach, including notification to data subjects, supervisory authorities, the Office for Civil Rights (HHS) under HIPAA, the ICO under UK GDPR, and equivalent authorities;
  • you will indemnify Fiskl against any claim, fine, or loss arising from PHI submitted in breach of section 3.3 (this is in addition to your indemnity under section 14.3 of the Customer Terms of Service);
  • Fiskl may, at its sole discretion, suspend or terminate your access if PHI is submitted to the Fiskl Platforms after Fiskl has notified you to stop, on the basis of section 12.3 and 12.5 of the Customer Terms of Service.

3.5 Cooperation with deletion of inadvertent PHI

If Fiskl identifies PHI within Customer Data and notifies you, you will promptly remove or anonymise the PHI. Fiskl is not obliged to identify or remove PHI on your behalf, but may remove obviously-identified PHI in response to a complaint or as required by law.

3.6 No medical, clinical, or health-services advice

Fi outputs and other Service outputs are not, and must not be relied on as, medical, clinical, diagnostic, prognostic, treatment-related, or other healthcare advice. Healthcare decisions for your patients are the sole responsibility of you as the qualified healthcare provider.

4. Customers Processing Other Sensitive Data — Cross-Industry, Cross-Jurisdiction

4.1 Why this section exists

Fiskl serves Customers in over 200 countries across many industries. Customers may submit, intentionally or inadvertently, sensitive data of natural persons through the Fiskl Platforms — for example, in invoice descriptions, customer record fields, customer notes, expense memos, attachments, transaction memos, product/service catalogue descriptions, or inputs to Fi.

Section 3 deals specifically with Healthcare Providers and health data. This section deals with all other categories of sensitive data, which carry similar legal exposure under data-protection, sectoral, and country-specific regimes around the world.

4.2 What “sensitive data” means in this section

For the purpose of this section, sensitive data includes any of the following submitted to the Fiskl Platforms:

  • Special categories of personal data — including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data used for unique identification, sex life, sexual orientation, and (as covered separately in section 3) data concerning health (UK GDPR / EU GDPR Article 9, equivalents in LGPD, POPIA, PIPEDA, APP, PDPA, UAE PDPL, India DPDP, and other regimes);
  • Personal data of children — typically under 16 in the UK / EEA, under 13 in the United States under COPPA, and equivalent age thresholds in other jurisdictions;
  • Criminal-conviction and offence data — including criminal records, regulatory infringements, and proceedings (UK GDPR / EU GDPR Article 10, equivalents);
  • Legal-privilege material — attorney-client privileged communications, work-product, and confidences governed by professional secrecy rules in your jurisdiction;
  • Country-specific sensitive identifiers and categories — including (without limitation) Singapore NRIC numbers, US Social Security numbers, UK National Insurance numbers, EU national identification numbers, India Aadhaar numbers, South African ID numbers, Brazilian CPF numbers, China sensitive personal information under PIPL, and equivalent identifiers and special categories elsewhere;
  • Sensitive financial information beyond what is necessary for invoicing and accounting — including full credit-card numbers, online banking credentials, full bank account numbers (beyond standard bank-feed metadata), tax-authority access credentials, and equivalent;
  • Industry-specific sensitive data — examples by industry:
  • Legal practice — client confidential communications, matter-related strategic information, settlement terms;
  • Financial advisory — client investment portfolios, trading strategies, regulator-confidential information;
  • Recruiting and HR consultancy — candidate background-check data, employee disciplinary records, references containing sensitive opinions;
  • Education and tutoring — pupil records and parental information;
  • Beauty, wellness, fitness, and personal-care — client physical condition, body metrics, lifestyle information that approaches health-data territory;
  • Insurance — claims data, underwriting information, beneficiary information;
  • Religious, charitable, and not-for-profit — beneficiary information that reveals religious or political affiliation;
  • Media, journalism, and human-rights — source identities, whistle-blower information, materials covered by source-protection regimes;
  • Other — any other industry-specific category of sensitive data subject to enhanced legal protection.

4.3 Fiskl is not certified or designed for processing sensitive data

You acknowledge and agree that:

  • the Fiskl Platforms are not designed, configured, or certified for the storage, transmission, or processing of sensitive data as defined in section 4.2;
  • Fiskl does not enter into category-specific compliance agreements (such as health-data Business Associate Agreements as covered in section 3, or other category-specific addenda for the data types in section 4.2) for use of the Fiskl Platforms;
  • Fiskl is not certified or accredited for any sectoral data-handling regime that may apply to your industry (for example, legal-sector confidentiality protocols, financial-sector regulator-confidential data regimes, or equivalents);
  • the security and confidentiality measures Fiskl applies to Customer Data are appropriate for accounting and financial-management purposes, but are not represented as sufficient to meet the heightened obligations that may apply to sensitive data in your jurisdiction or industry.

4.4 Your obligations

You must:

  • not submit sensitive data to the Fiskl Platforms unless strictly necessary for legitimate business purposes that fall within the intended use of the Fiskl Platforms (an accounting and financial-management platform);
  • where submission is unavoidable, minimise the data — use generic, non-identifying descriptors (e.g. “Consultation” rather than “[Diagnosis] consultation”; “Client A” rather than the client’s full identity coupled with sensitive descriptors); separate sensitive identifiers from sensitive descriptors where possible; and rely on a separate, sectorally-compliant primary system (an EHR, case management system, secure portfolio management system, etc.) for the identifiable sensitive material;
  • ensure your submission has a lawful basis under the data-protection law of each affected jurisdiction (legitimate interests, explicit consent, contractual necessity, or other applicable basis), and that you have provided required notices to the relevant data subjects;
  • comply with all sectoral and country-specific obligations that apply to you, including professional rules of conduct, mandatory data-residency rules, and any regulator-specific requirements;
  • not submit children’s personal data to the Fiskl Platforms except for the strict purpose of recording an identifiable customer record where the child’s parent or guardian is the underlying customer (and only with appropriate parental authority);
  • not submit criminal-conviction data to the Fiskl Platforms except where strictly necessary and lawful in your jurisdiction.

4.5 Customer responsibility for sensitive data that does enter the Fiskl Platforms

If sensitive data is submitted to the Fiskl Platforms in breach of section 4.4, or if you choose to submit sensitive data despite Fiskl’s lack of certification:

  • you remain the Controller of that data under applicable data-protection law (and the corresponding role under sectoral regimes);
  • Fiskl is not a joint Controller, joint Processor, or specially-positioned party in respect of that data, and Fiskl does not assume any sectoral obligations that may attach to the data;
  • you are solely responsible for any consequences of the submission, including notifying data subjects, supervisory authorities, sector regulators, and equivalent parties as required by law;
  • you will indemnify Fiskl, the Fiskl Group, and Fiskl’s Sub-processors against any claim, fine, regulatory penalty, professional liability, or other loss arising from sensitive data submitted in breach of section 4.4 (this is in addition to your indemnity under section 14.3 of the Customer Terms of Service and section 3.4 of this Supplement);
  • Fiskl may, at its sole discretion and without incurring liability, suspend or terminate your access if sensitive data continues to be submitted to the Fiskl Platforms after Fiskl has notified you to stop, on the basis of section 12.3 and 12.5 of the Customer Terms of Service.

4.6 Cooperation with deletion of inadvertent sensitive data

If Fiskl identifies sensitive data within Customer Data and notifies you, you will promptly remove or anonymise the sensitive data. Fiskl is not obliged to identify or remove sensitive data on your behalf, but may remove obviously identified sensitive data in response to a complaint, regulatory inquiry, or as required by law.

4.7 No sectoral or specialist advice

Fi outputs and other Service outputs are not, and must not be relied on as, legal, regulatory, sectoral, professional, or specialist advice in any category covered by this section. You remain solely responsible for compliance with the law and standards applicable to your industry, your data, and your jurisdiction.

4.8 Relationship with section 3 (Healthcare)

Section 3 is the more specific and detailed treatment for health data. Where you process both health data and other sensitive data (for example, a wellness practitioner who processes both health information and client physical-condition information), section 3 governs the health-data aspects and this section 4 governs the rest.

5. Patent Assertion Entities

5.1 Definition

A “Patent Assertion Entity” (sometimes called a “non-practising entity” or “patent troll”) is:

  • any entity that derives or seeks to derive a substantial portion of its revenue from the offensive assertion of patent rights, rather than from the manufacture or sale of goods or the provision of services that practise the patent; or
  • any entity that directly or indirectly controls, is controlled by, or is under common control with an entity described in (a).

5.2 Prohibition

You agree that if you are a Patent Assertion Entity, or are acting on behalf of, or for the benefit of, a Patent Assertion Entity:

  • you must not use the Fiskl Platforms;
  • you will not assert, or authorise, assist, encourage, or enable any third party to assert, any claim, or pursue any actions, suits, proceedings, or demands, against Fiskl, the Fiskl Group, any AI Provider, any banking partner, any payment processor, or any other Sub-processor that allege that the Fiskl Platforms or any feature of it (including Fi or any other AI feature) infringes, misappropriates, or otherwise violates any intellectual property right (including patents).

5.3 Termination right and survival

If Fiskl reasonably determines that you are a Patent Assertion Entity, Fiskl may terminate the Contract immediately under section 12.3 of the Customer Terms of Service. This section 5 survives termination of the Contract.

5.4 Reciprocal protection

You acknowledge that this section is essential consideration for the Fiskl Platforms. The licence to use the Fiskl Platforms are granted on the express condition that you and your Affiliates do not engage in conduct described in section 5.2.

6. Conflict and contact

6.1 Conflict

Where this Supplement conflicts with the Customer Terms of Service or the Atlas Terms Supplement in respect of a category to which it applies, this Supplement prevails. Where it conflicts with mandatory law (including consumer-rights law and data-protection law), mandatory law prevails.

6.2 Contact

Topic Email
Questions about this Supplement legal@fiskl.com
Data protection and DPO matters dpo@fiskl.com
Healthcare data inquiries dpo@fiskl.com
Customer support support@fiskl.com

Fiskl Limited (and the wider Fiskl Group) 6A Thirlmere Road London, N10 2DN United Kingdom Company number: 0933029

Effective: 15 March 2026

Quick Navigation

Terms & Policies