Privacy & Cookies Policy

Last updated: 2025-10-14

This policy explains how FactuLingua™ (“we”, “us”) collects and processes personal data across our websites, apps, and services, including payments via Stripe and PayPal.

1. Controller

Operated by Lukasz Jozwiak (LJ), Sole Trader trading as “FactuLingua”, United Kingdom.
Contact: privacy@factulingua.com

2. Data We Collect

Account data: name, email, password hash, user IDs.
Billing & subscription data (via processors): customer ID, subscription ID, plan, invoices, tokenized card metadata (last4, brand, expiry), status, refunds/disputes info. We never store full card numbers or CVV.
Usage data: logs, device info, app versions, usage counters, crash diagnostics.
AI data: prompts and outputs for abuse prevention and support.
Support data: messages and attachments you send us.
Cookies & similar tech: essential cookies; analytics/ads/maps/reCAPTCHA only with consent.

3. Purposes and Legal Bases

Service delivery (contract): accounts, subscriptions, support.
Payments (contract/legal obligation): Stripe and PayPal processing, tax compliance.
Security & fraud (legitimate interest): abuse prevention and rate-limits.
Analytics & improvement (legitimate interest or consent).
Communications (contract/consent): service emails and notices.
Non-essential cookies (consent): analytics and ads.

4. Payments

4.1 Stripe

Stripe processes card payments and subscriptions as independent controller for some data. We receive metadata (customer/subscription IDs, status, product IDs, tokenized card info, refund/dispute data). Stripe is PCI DSS compliant and may collect device/network data for fraud prevention.

4.2 PayPal

PayPal processes wallet payments and subscriptions. We receive payer IDs, subscription IDs, status, plan IDs, and refund/dispute metadata. PayPal remains responsible for its own KYC/AML obligations.

4.3 What we store in our system

Provider (stripe or paypal), plan ID, status, start/end dates, invoice IDs.
Non-sensitive metadata (last4/brand; no full PAN/CVV).
Webhook event logs (timestamp, type, result).

5. Sharing with Processors

Data is shared only as needed under data-processing agreements:

Cloud hosting, databases, backups, logging/monitoring.
Payments: Stripe, PayPal.
Security/anti-abuse: bot and rate-limit tools (e.g., Google reCAPTCHA).
Analytics (GA4) if you consent.
AI service providers for requested AI features.

6. International Transfers

Transfers outside the UK/EU use Standard Contractual Clauses or adequacy decisions where available.

7. Retention

Account/billing: for account lifetime and per tax law.
Logs and AI content: 12–24 months unless longer retention is required.
Dispute records: kept as needed for legal defence.

8. Your Rights

Access, rectification, erasure, restriction, portability, objection.
Withdraw consent at any time for consent-based processing.
Lodge a complaint with the ICO (UK).

9. Security

Data is encrypted in transit and protected by access controls and audits. No method is 100 % secure.

10. Children

Our services are not directed to children under 16. Do not register if under the age of consent in your jurisdiction.

11. Cookies and Consent (GDPR + Google)

Essential cookies run on legitimate interest; analytics/ads/maps/reCAPTCHA require consent through our CMP banner.

11.1 Categories

Strictly Necessary: auth, security, load-balancing.
Preferences: language, UI settings.
Analytics: GA4 — consent.
Marketing/Ads: Google Ads/AdSense — consent.
Functional Third-Party: Google Maps, reCAPTCHA — consent.

11.2 Consent Management

We use a GDPR-compliant Consent Management Platform (CMP) that blocks non-essential scripts until you consent and sends Google Consent Mode v2 signals. You can change or withdraw consent at any time:

[cmplz-manage-consent]

[cmplz-cookies]

11.3 Google Consent Mode v2

Refused consent sends “denied” signals (e.g., ad_user_data, ad_personalization, analytics_storage); consent switches them to “granted”.

12. Contact

Privacy: privacy@factulingua.com
Support: support@factulingua.com

Privacy Policy