Privacy Policy

Last updated: April 2026

faktry ("we", "us", "our") is operated by a company registered in Austria. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our Service. It applies to all users worldwide. Where you are located in the European Economic Area (EEA), the UK, or other regions with data protection law, additional rights and obligations apply as described below.

1. Information We Collect

1.1 Personal Information

We collect information you provide directly to us, including:

• Name and email address when you create an account
• Profile information including first name, last name, birthday, location, company, industry, and website
• Payment information for processing transactions (handled securely by Stripe)
• Communications you send to us

1.2 Account & Authentication

When you create an account, we store:

• Email address and encrypted password (managed by Supabase Auth)
• Account creation date and last login timestamp
• Subscription tier and account status

1.3 Usage Information

We automatically collect certain information when you use our Service:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies
• Log data (access times, pages viewed, app crashes)
• API usage statistics (endpoints called, operations performed)

1.4 Content Information

When you upload files for processing, we temporarily store and process this content. This includes:

• Uploaded files (images, videos, audio, PDFs, and other media)
• Generated content from AI processing
• Processing parameters, prompts, and settings

We do not use your content to train AI models. Content is shared with our AI providers only to the extent necessary to fulfill your specific processing request.

1.5 Content Moderation Data

When a submitted prompt is flagged or blocked by our content moderation system, we log the prompt text, the moderation category triggered, the endpoint used, and the AI model selected. This data is used for safety auditing, policy enforcement, and moderation system improvement. Moderation logs are accessible only to authorized faktry staff via our admin interface. For more detail on how moderation works, see our EU AI Act Compliance Statement.

1.6 Financial Information

For payment processing, we collect and store:

• Credit balance and transaction history
• Stripe customer ID for payment processing
• Purchase history, payment status, and credit expiration dates

Actual payment card data is never stored on our servers. All payment processing is handled securely by Stripe.

1.7 API Keys

When you create API keys for programmatic access:

• We store a cryptographic hash of your API key (never the plain text key)
• We store the key prefix for identification purposes
• We track key creation date, last usage, and active status
• API keys can be revoked at any time from your account settings

2. Feature-Specific Data Collection

2.1 Media Library

Your media library stores uploaded and generated files. We track storage usage per subscription tier with defined limits. Files remain in your library until you delete them or your account is terminated.

2.2 Brand Guidelines

When you create brand guidelines, we store:

• Brand name, description, tagline, and logo
• Color palettes (primary, secondary, accent colors)
• Typography settings and font pairings
• Brand voice information (mission, vision, values, personality)
• Target audience and buyer persona information
• Mood images and design system specifications

2.3 Workflows

For workflow automation features, we store:

• Workflow names, descriptions, and configurations
• Node configurations and connection settings
• Execution history including status, timestamps, and error logs
• Step results and output URLs

2.4 Video Editor

Video projects include:

• Project names, descriptions, and video ideas
• Scene configurations with scripts, images, and video URLs
• Style settings, format preferences, and length specifications

2.5 Prompt Gallery

Content submitted to the Prompt Gallery is publicly visible. This includes:

• Prompt text and category
• Generated images or videos
• Your display name as submitter
• Model used and generation parameters

By submitting to the Prompt Gallery, you grant us permission to display this content publicly with attribution.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service (contract performance)
• Process transactions and manage credit balances (contract performance)
• Send technical notices, updates, and support messages (contract performance / legitimate interests)
• Respond to your comments, questions, and requests (contract performance)
• Monitor and analyze usage patterns and trends (legitimate interests)
• Enforce storage quotas and subscription limits (contract performance)
• Apply content moderation and prevent harmful use (legitimate interests / legal obligation)
• Detect, prevent, and address technical issues and abuse (legitimate interests)
• Process media files through AI providers to deliver results you request (contract performance)
• Execute automated workflows (contract performance)
• Comply with legal obligations (legal obligation)

For users in the EEA and UK, the legal basis for each processing activity is noted in italics above, pursuant to GDPR Article 6.

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except in the following circumstances:

• AI Processing Providers: Your content and prompts are transmitted to AI providers to process your requests (see Section 5 for the full list)
• Payment Processing: Stripe processes your payments; we share only necessary payment information
• Infrastructure Services: Supabase provides database, authentication, and storage services
• Analytics Services: With your consent, we use Hotjar and Google Analytics for usage analytics
• Legal Requirements: We may disclose information if required by law, court order, or to protect our rights and user safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity
• With Your Consent: For any other purpose with your explicit consent

5. Third-Party Services

Our Service integrates with the following third-party providers. When you use AI features, your prompts and uploaded content are transmitted to the relevant provider to fulfill your request.

AI Processing — Direct Integrations

• OpenAI — image generation (gpt-image models), text generation (gpt-5.4 series), speech-to-text (Whisper), text-to-speech
• Black Forest Labs — image generation and editing (Flux 2 series, including EU-hosted variants)

AI Processing — via fal.ai (API Aggregator)

The following AI systems are accessed through fal.ai, which acts as an intermediary API provider:

• Kuaishou (Kling Video) — video generation
• OpenAI via fal.ai (Sora 2) — video generation
• Google / DeepMind via fal.ai (Veo 3.1) — video generation
• Lightricks via fal.ai (LTX 2.3) — video generation
• Alibaba via fal.ai (Wan v2.7, Qwen-3 TTS) — video generation, text-to-speech
• ElevenLabs via fal.ai — text-to-speech, speech-to-text
• Google via fal.ai (Gemini TTS) — text-to-speech
• Minimax via fal.ai — music generation

Each provider processes data according to their own privacy policy. We encourage you to review the privacy policies of these providers. fal.ai's privacy policy governs data handling for all models accessed via their infrastructure.

Content Moderation

• OpenAI Moderation API — borderline prompts are evaluated by OpenAI's moderation model before generation proceeds

Analytics (loaded only with your consent)

• Hotjar (User analytics ID: 6629887) — heatmaps, session recordings
• Google Analytics (ID: G-KVXRTV48RP) — website analytics

Infrastructure

• Supabase — authentication, database, and file storage
• Stripe — payment processing (Stripe customer ID stored; card data not stored by us)

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit (TLS/HTTPS) and at rest
• API keys stored as cryptographic hashes (bcrypt)
• Row-level security policies on all database tables
• Regular security audits and access controls
• Secure authentication via Supabase Auth with encrypted passwords

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service or as required by law:

• Account Data: Retained for the duration of your account; deleted upon account deletion request
• Credits: 1 year from purchase date (credits expire automatically)
• Transaction History: 7 years for legal and tax compliance
• API Keys: Until revoked by you or account deletion
• Workflow, Brand & Project Data: Until deleted by you or account deletion
• Media Files: Until deleted by you or storage limit enforcement
• Moderation Logs: Up to 12 months for safety auditing purposes
• Public Gallery Content: Until deleted by you or removed for policy violations
• Analytics Data: 26 months (Google Analytics default)

When we no longer need your information, we securely delete or anonymize it.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze site usage and performance (with your consent)
• Provide personalized content and features
• Ensure security and prevent fraud
• Remember your cookie consent preferences

Analytics cookies (Hotjar, Google Analytics) are only loaded after you grant consent via our cookie banner. You can manage or withdraw cookie consent at any time via our cookie settings. Disabling certain cookies may affect the functionality of our Service.

9. International Data Transfers

faktry operates globally. Your information may be transferred to and processed in countries other than your own, including the United States and other countries where our AI providers and infrastructure partners operate. Where such transfers involve personal data from the EEA or UK, we rely on appropriate transfer mechanisms including the EU Standard Contractual Clauses (SCCs) adopted under GDPR Article 46(2)(c), and adequacy decisions where applicable. By using our Service, you acknowledge that your data may be processed in these countries.

10. Storage Quotas and Limits

We enforce storage limits based on your subscription tier. When storage limits are reached, you will be unable to upload new files and processing jobs that create output files may fail. Existing files remain accessible. You can free up storage by deleting files from your media library or upgrading your subscription.

11. Children's Privacy

Our Service is not directed at children under 16 years of age. We do not knowingly collect personal information from minors under 16. If you become aware that a child under 16 has provided us with personal information, please contact us at [email protected] and we will take steps to delete such information. Users are responsible for ensuring they meet the minimum age requirement applicable in their jurisdiction.

12. Your Rights

Depending on your location, you may have rights regarding your personal information. EEA and UK users have rights under the GDPR and applicable national data protection law. Users in other jurisdictions may have rights under local law (e.g., CCPA for California residents). These rights may include:

• Access: Request a copy of the personal information we hold about you
• Rectification: Correct inaccurate or incomplete information via your profile settings or by contacting us
• Erasure: Request deletion of your account and personal data
• Portability: Export your data including brand guidelines (Markdown/JSON), media library files, and transaction history
• Restriction: Request that we limit processing of your information in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for analytics and non-essential cookies at any time
• Lodge a Complaint: EEA users may lodge a complaint with the Austrian data protection authority (Datenschutzbehörde, dsb.gv.at) or the supervisory authority in their EU member state of residence

To exercise any of these rights, contact us at [email protected] or use the account settings within the application.

13. Account Deletion

When you delete your account:

• Your profile and personal information are permanently deleted
• Your media library files are deleted
• All API keys are revoked and deleted
• Your workflows, brand guidelines, and video projects are deleted
• Any remaining credits are forfeited without refund
• Your Stripe customer ID may be retained for fraud prevention and legal compliance
• Transaction records are retained for 7 years as required by tax law
• Public Prompt Gallery submissions may be retained; contact us to request removal

Account deletion is irreversible. Please export any data you wish to keep before deleting your account.

14. AI and Content Processing

faktry is an AI-driven platform. When you use our generation or processing tools, your prompts and uploaded files are transmitted to third-party AI models to produce the requested output. faktry does not train any AI models on your data. For a full description of the AI systems we use, our content moderation approach, and our obligations under the EU AI Act, please see our EU AI Act Compliance Statement.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes affecting your rights, we will provide at least 30 days' notice by email or in-app notification before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree to a material change, you may delete your account before it takes effect.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or want to report a data protection concern:

You can also manage most preferences and data directly within the application via your account settings. Our Terms of Service and EU AI Act Compliance Statement are available in our legal section.