PRIVACY POLICY - FASMET ======================= Last updated: February 2026 1. DATA CONTROLLER ------------------ The data controller responsible for data processing under the General Data Protection Regulation (GDPR) is: Denise Mayr Staben 50 39025 Naturns South Tyrol Italy Email: fasmet.app@gmail.com 2. SCOPE OF THIS PRIVACY POLICY ------------------------------- This Privacy Policy explains how we collect, use, store, and protect personal data when you use FASMET. 3. AGE REQUIREMENT ------------------ Our service is intended for users who are at least 16 years old. Users under the age of 16 may only use this service with the consent of a parent or legal guardian. 4. PERSONAL DATA WE COLLECT --------------------------- We collect and process the following personal data: - Email address - Password (stored in hashed form using bcrypt) - Profile data voluntarily provided by you, such as: - Username - Follower count - Number of posts - Niche - Goals 4a. POST REVIEW – UPLOADED IMAGES AND VIDEOS --------------------------------------------- When you use Post Review, you upload images or videos together with your caption. This data may contain personal information (e.g. persons, locations). - Purpose: We process your uploads solely to analyze quality, resolution, and format, and to suggest an improved caption and hashtags. - Storage: Uploads are stored temporarily in memory only, for a maximum of 15 minutes. They are deleted immediately after analysis or when they expire. - No permanent storage: We do not save your images or videos to a database or permanent storage. - No use for training: Your uploads are not used to train AI models. - Processing: Analysis may use AI services (e.g. for caption improvement). Captions and media are processed only for the analysis you requested. By uploading content to Post Review, you confirm that you have the right to use this content and that it does not infringe third-party rights. 5. PURPOSE OF DATA PROCESSING ----------------------------- We process your personal data for the following purposes: - Account creation and authentication - Providing access to the FASMET service - Generating AI-based content ideas and growth strategies - Calculating analytics and recommendations - Sending transactional emails (e.g. verification, welcome emails) - Sending marketing emails only if you have given explicit consent 6. LEGAL BASIS FOR PROCESSING (Art. 6 GDPR) ------------------------------------------- We process personal data based on the following legal grounds: - Art. 6(1)(b) GDPR – Performance of a contract (account access and service functionality) - Art. 6(1)(a) GDPR – Consent (marketing emails, optional features) - Art. 6(1)(f) GDPR – Legitimate interest (security, fraud prevention, service improvement) 7. AI CONTENT & EXTERNAL DATA SOURCES ------------------------------------- - Content ideas are generated by artificial intelligence based on your provided profile data and general trends - We may use publicly available trend data (e.g. Google Trends) for inspiration - No raw external data is republished - All generated content is transformed into original AI-generated suggestions - AI-generated content is for informational and inspirational purposes only - We do not guarantee accuracy, effectiveness, or specific results 8. COOKIES ---------- We use only essential cookies that are required for: - Authentication - Session management - Security These cookies are necessary for the operation of the service and cannot be disabled. Cookie preferences can be managed via our cookie banner where applicable. 9. DATA STORAGE AND RETENTION ----------------------------- Your personal data is stored as long as your account exists. You may delete your account at any time. Inactive accounts may be deleted after prior notice. 10. THIRD-PARTY SERVICES ------------------------ We use the following third-party services: - Hosting: Vercel Inc., USA - Email delivery: Resend, USA - CAPTCHA / Bot protection: Cloudflare Turnstile (Cloudflare Inc., USA), used during registration to distinguish humans from bots; may process signals such as IP address and browser data. See: https://www.cloudflare.com/trust-hub/privacy-and-data-protection/ These providers may process personal data on our behalf. 11. DATA TRANSFERS TO THIRD COUNTRIES ------------------------------------- Some of our service providers are located outside the European Union (e.g. United States). Data transfers are carried out in accordance with GDPR requirements, based on: - Adequacy decisions of the European Commission (where applicable), or - Standard Contractual Clauses (SCCs) 12. YOUR RIGHTS UNDER GDPR -------------------------- You have the right to: - Access your personal data - Rectification of inaccurate data - Erasure of your data - Restriction of processing - Data portability - Object to processing - Withdraw consent at any time To exercise your rights, please contact: fasmet.app@gmail.com 13. RIGHT TO LODGE A COMPLAINT ------------------------------ You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence. Supervisory Authority (Italy): Garante per la Protezione dei Dati Personali www.garanteprivacy.it 14. DISCLAIMER AND LIMITATION OF LIABILITY ------------------------------------------ FASMET is provided "as is" and "as available" without warranties of any kind. We do not guarantee any specific results, growth, engagement, or success. All AI-generated content, analytics, and recommendations are provided for informational and inspirational purposes only. Use of the service is at your own risk. To the fullest extent permitted by law, we are not liable for any direct or indirect damages resulting from the use of this service. 15. CONTACT ----------- For privacy-related questions or requests, contact: fasmet.app@gmail.com