Home
About Us
Guides
Features
Download
Pricing
Roadmap
Contact

privacy.html

Privacy & Cookies Policy

Last updated: 2025-10-14

This policy explains how FactuLingua™ (“we”, “us”) collects and processes personal data across our websites, desktop and mobile apps, and cloud services, including payments handled by Stripe and PayPal.

1. Controller

Operated by Lukasz Jozwiak (LJ), Sole Trader trading as “FactuLingua”, United Kingdom.
Contact: privacy@factulingua.com

2. Data We Collect

  • Account data: name, email, password hash, user identifiers.
  • Billing & subscription data: customer/subscription IDs, plan details, invoices, status updates, tokenized card metadata (last4, brand, expiry). We never store full card numbers or CVV.
  • Usage data: logs, device information, app version, session timing, diagnostics.
  • AI usage data: prompts and outputs necessary for abuse detection, rate-limiting and troubleshooting.
  • Support communications: any messages or attachments you send to our support channels.
  • Cookies & similar technologies: essential cookies; analytics/ads/reCAPTCHA only with consent.

3. Purposes and Legal Bases

  • Providing the service (contract): accounts, cloud sync, subscriptions, customer support.
  • Payments (contract/legal obligation): Stripe and PayPal processing, tax compliance.
  • Security & fraud prevention (legitimate interest): abuse control, rate-limit events, login protection.
  • Analytics & improvement (legitimate interest or consent): performance analysis, feature improvement.
  • Communications (contract/consent): service notices and account emails.
  • Non-essential cookies (consent): analytics and marketing technologies.

4. Payments

4.1 Stripe

Stripe processes card payments and subscriptions as an independent controller for certain data elements. We receive metadata such as subscription status, customer IDs, product IDs and dispute/refund details. Stripe may collect device or network information for fraud prevention.

4.2 PayPal

PayPal processes wallet payments and subscriptions. We receive payer IDs, subscription status, plan IDs and dispute/refund metadata. PayPal remains responsible for its own KYC/AML checks.

4.3 Data we store in our system

  • Payment provider (stripe / paypal), plan ID, current status, renewal dates.
  • Non-sensitive card metadata (brand, expiry month/year, last4).
  • Webhook logs: event timestamp, type and processing result.

5. Sharing with Processors

We only share data with trusted processors under written agreements:

  • Cloud hosting, databases, backups and monitoring infrastructure.
  • Payment processors (Stripe, PayPal).
  • Security and anti-abuse services (e.g., reCAPTCHA).
  • Analytics providers (GA4) if you give consent.
  • AI service providers for requested AI features.

6. International Transfers

When data is transferred outside the UK/EU, we rely on adequacy decisions or Standard Contractual Clauses.

7. Retention

  • Account and billing data: for the lifetime of your account and as required by tax law.
  • Logs and AI content: typically 12–24 months unless longer retention is needed for security or legal defence.
  • Support records: as long as required for resolving your issue and for auditing.

8. Your Rights

  • Right to access, rectification and erasure.
  • Right to restriction and data portability.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time.
  • Right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK.

9. Security

We apply technical and organisational safeguards including encryption in transit, access controls and monitoring. No system is perfectly secure, but we continuously improve our defences.

10. Children

Our services are not intended for individuals under 16. Do not register or submit data if you are below the legal age of consent in your region.

11. Cookies and Consent (GDPR + Google Consent Mode v2)

Essential cookies operate under legitimate interest. Analytics, marketing and functional third-party cookies (e.g., maps, reCAPTCHA) are loaded only after you provide consent via our CMP.

11.1 Categories

  • Strictly necessary: authentication, security, load-balancing.
  • Preferences: language and UI settings.
  • Analytics: GA4 — consent required.
  • Marketing/Ads: Google Ads/AdSense — consent required.
  • Functional Third-Party: Maps, reCAPTCHA — consent required.

11.2 Consent Management

We use a GDPR-compliant Consent Management Platform (CMP) which blocks non-essential scripts until consent is provided. You can adjust or withdraw consent at any time:

[cmplz-manage-consent]

[cmplz-cookies]

11.3 Google Consent Mode v2

Refused consent sends “denied” mode signals (e.g., analytics_storage, ad_user_data), while consent changes them to “granted”.

12. Contact

Privacy queries: privacy@factulingua.com
Support: support@factulingua.com

© 2025 FactuLingua™ by LJ. All rights reserved.
Operated by Lukasz Jozwiak, Sole Trader (trading as “FactuLingua”), United Kingdom.
Registered for HMRC Self-Assessment. contact@factulingua.com