Facetize.io

Privacy Policy

Last updated: November 18, 2025

1. Introduction

Facetize.io ("we", "our", or "us"), operated by Finqu, is committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Data Controller: Finqu
Contact: For privacy-related inquiries, please contact us through our website at finqu.com

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Account credentials (encrypted)
  • API keys (generated for your use)

2.2 Usage Information

We collect information about how you use our Service:

  • API requests and queries sent to our Service
  • Request timestamps and frequency
  • API response data
  • Usage patterns and statistics

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your full credit card information. Stripe collects and processes payment information according to their privacy policy.

2.4 Technical Information

We automatically collect certain technical information:

  • IP addresses
  • Browser type and version
  • Device information
  • Log data and error reports

3. How We Use Your Information

We use the collected information to:

  • Provide, operate, and maintain our Service
  • Process your API requests and deliver results
  • Manage your account and authenticate access
  • Process billing and payments
  • Monitor usage for billing purposes
  • Improve and optimize our Service
  • Detect and prevent fraud or abuse
  • Respond to customer support inquiries
  • Send administrative and service-related communications
  • Comply with legal obligations

3A. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service, including account management, API request processing, and billing
  • Legitimate Interest (Art. 6(1)(f)): Fraud prevention, security monitoring, service improvement, and technical support
  • Legal Obligation (Art. 6(1)(c)): Tax compliance, accounting records, and responding to legal requests
  • Consent (Art. 6(1)(a)): Analytics cookies and optional marketing communications (where applicable)

4. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy. Specific retention periods:

  • Account Information: Duration of your account plus 30 days after deletion (except where legal obligations require longer retention)
  • Usage Logs (IP addresses, user agents): 24 months from the date of collection, then automatically deleted
  • API Request Data: 90 days for operational purposes
  • Billing and Transaction Records: 7 years from the date of transaction (required for tax and accounting purposes)
  • Authentication Sessions: Duration of session or 30 days, whichever is shorter
  • Cookie Data: As specified in Section 8 (Cookies and Tracking)

When you delete your account, we will permanently delete or anonymize your personal information within 30 days, except where we are legally required to retain it (e.g., billing records for tax purposes, data needed for ongoing legal proceedings).

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

5.1 Service Providers

We share information with the following third-party service providers who perform services on our behalf:

  • Payment Processor (Stripe): Securely processes payment transactions and stores payment method information under PCI-DSS compliance standards
  • Cloud Infrastructure Providers: Hosting and storage of application data in secure, SOC 2 compliant data centers
  • Analytics Provider (Vercel Analytics): Website analytics and performance monitoring (only with your consent)

All service providers are contractually bound to protect your data and use it only for the purposes we specify. We carefully select processors that meet high security and privacy standards.

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal processes, such as subpoenas or court orders.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls and monitoring

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right to Access (Art. 15): Request a copy of your personal data we hold
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON) and transmit it to another controller
  • Right to Restrict Processing (Art. 18): Request limitation of processing of your personal data
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time for processing based on consent (e.g., analytics cookies)
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority

To exercise these rights:

  • Access your account settings at /account/profile
  • Use the data export feature in your privacy settings
  • Contact us through our website at finqu.com

We will respond to your request within 30 days (as required by GDPR Article 12).

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies in accordance with the ePrivacy Directive. We categorize cookies as follows:

8.1 Essential Cookies (No Consent Required)

These cookies are strictly necessary for the website to function:

  • Authentication cookies: Maintain your logged-in session (better-auth session tokens)
  • Security cookies: Protect against CSRF attacks and ensure secure connections
  • User interface cookies: Remember your sidebar preferences (sidebar_state, max 7 days)

8.2 Analytics Cookies (Consent Required)

These cookies help us understand how visitors interact with our website:

  • Vercel Analytics: Collects anonymous usage data (page views, referrers, device type) to improve our service. These cookies are only set after you provide consent.

8.3 Managing Cookies

You can manage your cookie preferences:

  • Through our cookie consent banner when you first visit
  • In your browser settings (though this may affect functionality)
  • By visiting your privacy settings in your account

Cookie consent is stored for 12 months, after which you will be asked again.

9. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with all processors that transfer data outside the EEA
  • EU-US Data Privacy Framework: Where applicable, we work with providers certified under the EU-US Data Privacy Framework
  • Data Processing Agreements: All third-party processors have signed data processing agreements that ensure GDPR-level protection
  • Security Measures: All data transfers use encryption in transit and at rest

We continuously monitor the adequacy of these safeguards and update our data protection measures as needed to ensure your data receives equivalent protection regardless of where it is processed.

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Any automated processing we conduct (e.g., fraud detection, usage analytics) is subject to human oversight and does not result in automated decisions about your access to the Service.

13. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
  • Provide information about the nature of the breach, its likely consequences, and measures taken to address it

14. Supervisory Authority

If you have concerns about our data processing practices or wish to lodge a complaint, you have the right to contact your local data protection supervisory authority. For users in the EU, you can find your supervisory authority at https://edpb.europa.eu/about-edpb/board/members_en

We are committed to resolving any complaints or concerns you may have and encourage you to contact us first so we can address your issue directly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us through our website at finqu.com.