Legal

Privacy Policy

Last updated: [date]

This is a working template covering how FacelessContent actually processes data (Supabase, Stripe, AI providers). Review it and fill each [placeholder] before launch. This is not legal advice — have a professional check GDPR compliance for your jurisdiction.

1. Who is responsible

The controller for data processing on this website is [Legal name], [address], reachable at support@facelesscontent.ai. See our Imprint for full details.

2. What we collect and why

3. Processors and third-party services

To run the service we share the minimum necessary data with:

These providers act as processors under data-processing agreements. Some are located outside the EU; transfers rely on EU Standard Contractual Clauses or an equivalent safeguard.

4. Cookies and storage

We use only cookies/local storage strictly necessary to keep you logged in and to run the app. We do not use advertising or cross-site tracking cookies. If you add analytics later, disclose it here.

5. How long we keep data

Account and generated content are kept while your account is active. Billing records are retained as required by tax and commercial law (typically up to [10] years). You can request deletion of your account at any time, subject to those legal retention duties.

6. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and port your data, and to object to processing based on legitimate interest. You may withdraw consent at any time and lodge a complaint with a supervisory authority. To exercise any right, email support@facelesscontent.ai.

7. Data security

Access to provider APIs runs server-side; provider API keys are never exposed in your browser. Connections are encrypted in transit (TLS). Passwords are handled by our authentication provider and stored only in hashed form.

8. Changes

We may update this policy as the service evolves. The current version is always available at this URL, with the date shown above.