FikrahBack to home

Privacy Policy

Last updated: April 17, 2026

1. Overview

Fikrah, operated by BLOQ AI ("we", "us"), is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your data when you use our AI-powered financial operations platform.

2. Data We Collect

Account data: Name, email, organization name, provided during registration via Supabase Auth.

Financial data: Transactions, invoices, bank records, and accounting entries synced from connected providers (Stripe, Xero, bank feeds). This data is processed to deliver reconciliation, categorization, and reporting.

Usage data: Pages visited, features used, and interaction patterns to improve the Service.

3. How We Use Your Data

  • Deliver AI-powered financial operations (reconciliation, categorization, reporting)
  • Generate Morning Briefs and financial insights
  • Process ZATCA e-invoicing compliance submissions
  • Improve AI model accuracy and Service quality
  • Send transactional notifications you have opted into

4. Data Storage and Security

Financial data is stored in Supabase PostgreSQL with row-level security (RLS) scoped to your organization. API keys and credentials are encrypted using Fernet symmetric encryption. All data is transmitted over TLS.

We follow the principle of least privilege: AI models receive only the data necessary to perform the requested operation.

5. Data Residency

By default, data is stored in Supabase's cloud infrastructure. For organizations with data residency requirements (GCC, EU), we support region-specific deployment configurations. Contact us for details.

6. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — Authentication, database, and storage
  • Google AI (Gemini) — Transaction categorization and document parsing
  • Anthropic (Claude) — Chat and narrative generation
  • Resend — Transactional email delivery
  • Stripe — Payment processing and data sync

Each provider is bound by their own privacy policies and data processing agreements.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Request rectification or erasure
  • Object to or restrict processing
  • Data portability
  • Withdraw consent at any time

Exercise these rights via our GDPR compliance endpoints or by emailing privacy@fikrah.ai.

8. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we erase your financial data within 30 days. Anonymized, aggregated data may be retained for analytics.

9. Contact

For privacy inquiries, contact our Data Protection Officer at privacy@fikrah.ai.