Privacy Policy

1. Introduction

FactBinder ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how your personal data is collected, used, disclosed, and safeguarded when you visit our website or use our application (the "Service").

We adhere strictly to the principles enshrined in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and other applicable EEA data protection frameworks. We act as a Data Processor on your behalf regarding the electronic evidence files you upload. You, the user, act as the Data Controller.

2. Data We Collect

2.1 Account Data

When you register, we collect necessary identifiers including your email address. If you purchase a premium subscription, our third-party payment processors (e.g., Stripe) collect your billing information. We do not store full credit card numbers on our servers.

2.2 User-Uploaded Evidence Data

To provide our core timeline extraction Service, we process the unstructured text documents (such as WhatsApp TXT exports, emails, and PDFs) that you voluntarily upload. This data routinely contains Personally Identifiable Information (PII) of third parties. You confirm that you possess a lawful basis under Art. 6 GDPR to upload this data for processing.

2.3 Automated Usage Data

Like most SaaS applications, we automatically collect metadata regarding your interaction with the Service. This includes IP addresses, browser types, timestamps, and error logs, used exclusively for debugging and security auditing.

3. How We Process Your Data (LLM Integration)

We utilize highly secure APIs from industry-leading Large Language Model (LLM) providers (such as OpenAI or Google Cloud) to perform the automated extraction of chronological events.

4. Data Storage, Security, and Sub-Processors

We implement robust, state-of-the-art technical and organizational measures to secure your data.

• Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
• Infrastructure: We utilize Supabase and modern cloud infrastructure explicitly hosted within secure data centers. Where possible, we default to EU-based data residency.
• Access: Internal engineering access to customer data is strictly gated, logged, and permitted solely for resolving explicit customer support tickets.

5. Data Deletion and Retention

We retain Account Data for as long as your account is active. We retain User-Uploaded Evidence Data only as long as the specific "Case" exists within your dashboard.

You possess complete autonomy over your data lifecycle. Deleting a Case, or deleting your Account, triggers a cascading hard-delete across our primary backend databases (Supabase). For compliance and backup integrity, encrypted archives may retain fragments of data for up to irreducible 30-day backup cycles before absolute destruction.

6. Your Rights Under GDPR

If you are a resident of the European Economic Area, you possess explicit rights regarding your personal data:

• Right of Access: You may request an export of all Account Data and Evidence Data tied to your identity.
• Right to Erasure ("Right to be Forgotten"): You may initiate an account deletion from within your billing dashboard.
• Right to Rectification: You may correct inaccurate personal data.
• Right to Restrict Processing: You may request we cease applying AI extraction to your files.

To exercise any of these rights, please contact our designated Data Protection Officer (DPO) at the contact details provided below.

7. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection practices, or the features of our Service. We will notify active users of material changes via the email address on file prior to the changes taking effect. Your continued use of the Service designates your acceptance of the updated policy.

8. Contact Us

If you have any questions about this Privacy Policy, please contact our Data Protection team at: privacy@factbinder.com.