Legal

Privacy Policy

Effective date: May 3, 2026

This Privacy Policy explains how Infoproduct Systems s.r.o. processes personal data in connection with the website at fayneos.com, the Fayne platform (including Academies hosted on subdomains of fayneos.com), and any related products, services, and applications (together, the "Service").

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the Slovak Act No. 18/2018 Coll. on the Protection of Personal Data, the California Consumer Privacy Act ("CCPA"/"CPRA"), and other applicable data-protection laws.

1. Controller

The data controller within the meaning of Article 4(7) GDPR is:

Infoproduct Systems s.r.o. Hellova 11/7, 040 11 Košice, Slovak Republic Company ID No.: 55186033 Commercial Register: Municipal Court of Košice, Section: Sro, File No. 55913/V Email: info@fayneos.com

For matters relating to Student Data processed through an Academy operated by a Customer, the Customer is the data controller and Fayne is the data processor. See Section 11 below.

2. Scope

This Policy applies to:

visitors to fayneos.com and any other Fayne-operated marketing and product websites;
prospective and existing Customers of the Service;
Students who interact with the marketing site directly (separate provisions apply to Student Data processed via Academies — see Section 11); and
people who contact us, sign up to receive communications, or apply for a job.

It does not cover:

third-party websites or services that we link to (those have their own policies);
offline interactions outside the Service; or
the practices of Customers when they collect personal data from their Students or other third parties — those Customers are independent controllers and have their own privacy notices.

3. Personal Data We Collect

3.1 Data you provide directly

Account data — name, email address, password (stored as a salted hash or via a third-party identity provider), profile information.
Billing data — name, billing address, VAT/tax identifiers, last four digits and expiry of payment card, transaction history. Full card numbers are processed by our payment processor and are not stored by Fayne.
Customer Content — Academy name, branding, logo, courses, lessons, prompts, configurations, and other content you upload or create.
Communications — the content of messages you send us (support requests, sales enquiries, survey responses, feedback).
Marketing preferences — opt-ins and opt-outs.

3.2 Data we collect automatically

Device and connection data — IP address, browser type and version, operating system, device identifiers, language, timezone, referring URL.
Usage data — pages and features visited, clicks, session duration, interaction events, error logs, and performance data.
Cookies and similar technologies — see our Cookie Policy.

3.3 Data we receive from third parties

Authentication providers (e.g. Google) — basic profile information you authorise them to share.
Payment processor (Stripe) — transaction status, billing country, fraud-risk signals.
Analytics, advertising, and service providers — aggregated or pseudonymised attribution and conversion data.

3.4 AI prompts and outputs

When you use AI features in the Service, we process the prompts you submit, the surrounding content (e.g. the lesson being edited), relevant Academy metadata, and the outputs returned by the AI provider. See Sections 5 and 9.

We process personal data for the following purposes and on the following lawful bases under Article 6 GDPR.

Purpose	Lawful basis
Provide, maintain, and improve the Service; create and manage accounts; deliver Customer Content; provide AI-assisted features.	Performance of a contract (Art. 6(1)(b))
Process payments, billing, and renewals; manage trials and refunds.	Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c))
Send service communications (security alerts, billing notices, product updates that affect your account).	Performance of a contract (Art. 6(1)(b)); legitimate interest (Art. 6(1)(f))
Send marketing emails and newsletters; show personalised marketing.	Consent (Art. 6(1)(a)); legitimate interest where permitted by law
Measure and analyse use of the Service; understand how features perform; debug, monitor security, and prevent abuse.	Legitimate interest (Art. 6(1)(f))
Comply with tax, accounting, and other legal obligations.	Legal obligation (Art. 6(1)(c))
Establish, exercise, or defend legal claims.	Legitimate interest (Art. 6(1)(f)); legal obligation (Art. 6(1)(c))
Process Student Data on behalf of a Customer.	The Customer's lawful basis (Fayne acts as processor — see Section 11)

You may withdraw any consent you have given at any time, without affecting the lawfulness of processing prior to withdrawal.

5. AI-Assisted Features and Automated Decisions

Parts of the Service use third-party AI models, currently the Claude API operated by Anthropic, PBC, to assist with editing, customising, and generating content.

When you use these features, we transmit to the AI provider the lesson content, prompts, surrounding context, and Academy metadata that are needed to produce useful output. Outputs returned by the provider are stored as part of your Customer Content.

No solely automated decisions with legal or similarly significant effects. AI features are tools that you direct and review. They do not produce decisions about you or any other individual that have legal or similarly significant effects within the meaning of Article 22 GDPR.

We do not have a special zero-retention or no-training arrangement with the AI provider unless expressly stated in writing. The provider's standard data-handling terms apply, including its retention and abuse-monitoring practices. See Anthropic's privacy policy at https://www.anthropic.com/legal/privacy.

Please do not include sensitive personal data, special-category data, or confidential third-party information in AI prompts unless you have a lawful basis and the necessary consents to do so.

6. Cookies and Similar Technologies

We use cookies, local storage, pixels, and similar technologies for purposes that include keeping you signed in, remembering your preferences, measuring traffic, securing the Service, and (with your consent) marketing. For details, see our Cookie Policy. Where required by law, we ask for your consent before placing non-essential cookies via our cookie banner.

7. Marketing Communications

If you sign up for our newsletter, request a demo, register for an event, or are an existing Customer, we may send you marketing emails about Fayne and related products and services where permitted by law (consent or, where applicable, soft opt-in for similar products to existing Customers).

You can unsubscribe at any time using the link in any marketing email or by contacting info@fayneos.com. Unsubscribing from marketing does not stop transactional or service emails (e.g. billing, security, account-critical updates).

We do not sell personal data. We share personal data only as set out below.

8.1 Service providers (sub-processors)

We use trusted third-party service providers to run the Service. They process personal data only on our instructions and under contract. Our principal categories of sub-processor are:

Category	Examples / providers	Purpose
Cloud hosting and database	Vercel, Inc.; Supabase, Inc.	Application hosting, database, file storage
Payments	Stripe, Inc. / Stripe Payments Europe Ltd	Subscription billing, fraud prevention
Email delivery	Resend, Inc.	Transactional and (with consent) marketing email
AI features	Anthropic, PBC	AI-assisted content editing and generation
Authentication	Google LLC (Sign in with Google, optional)	User authentication
Product analytics	PostHog, Inc. (EU instance)	Usage analytics, feature monitoring (subject to consent where required)
Customer support	Email and helpdesk providers	Responding to enquiries

We may add or change sub-processors as the Service evolves. A current list is available on request to info@fayneos.com.

8.2 Customers and Students

If you interact with an Academy operated by a Customer, your data is shared with that Customer (who is the controller for that processing).

8.3 Authorities and legal requests

We may disclose personal data to public authorities, regulators, or courts where required by law, court order, or to protect our rights, the rights of users, or the safety and integrity of the Service.

8.4 Business transfers

If Fayne is involved in a merger, acquisition, financing, restructuring, sale of assets, or insolvency, personal data may be transferred to the relevant counterparty subject to confidentiality protections.

We may share data with third parties at your direction or with your consent (e.g. integrations you enable).

9. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), in particular in the United States. When we transfer personal data outside the EEA, we rely on appropriate safeguards under Chapter V GDPR, including:

the EU Standard Contractual Clauses (SCCs) and (where applicable) the UK International Data Transfer Addendum;
the EU–U.S. Data Privacy Framework and its UK and Swiss extensions, where the recipient is certified;
supplementary measures (encryption in transit, access controls, contractual restrictions) where required following a transfer impact assessment.

You may request a copy of the safeguards in place by contacting info@fayneos.com.

10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements. Indicative retention periods are:

Account and Customer Content — for the duration of your account, plus a reasonable wind-down period (typically up to 90 days) to allow recovery, after which Customer Content is deleted or de-identified;
Billing and tax records — at least 10 years from the end of the relevant accounting period, as required by Slovak tax and accounting law;
Marketing data — until you withdraw consent or object, plus reasonable suppression-list retention;
Support communications — typically 24 months after closure of the matter;
Server and security logs — typically up to 12 months;
Cookies — see our Cookie Policy for retention of individual cookies.

When personal data is no longer needed, we delete it or irreversibly anonymise it, unless retention is required or permitted by law.

11. Customer Academies — Roles and Student Data

When a Customer uses the Service to operate an Academy and enrol Students, the Customer is the data controller with respect to Student Data and Fayne is the data processor within the meaning of Article 28 GDPR.

In that role, Fayne processes Student Data only on the Customer's documented instructions, including:

enabling Students to authenticate, access enrolled courses, and track progress;
generating completion certificates;
providing analytics to the Customer about Student usage; and
maintaining the security, integrity, and availability of the Service.

If you are a Student and have questions about how your data is used in a particular Academy, please contact the operator of that Academy in the first instance. We can help you identify the controller on request to info@fayneos.com.

A Data Processing Addendum (DPA) is available to Customers on request to info@fayneos.com.

12. Your Rights

Subject to the conditions set out in applicable law, you have the following rights:

Access — confirm whether we process your personal data and request a copy (Art. 15 GDPR);
Rectification — ask us to correct inaccurate or incomplete data (Art. 16 GDPR);
Erasure — ask us to delete your data ("right to be forgotten") (Art. 17 GDPR);
Restriction — ask us to restrict processing in certain circumstances (Art. 18 GDPR);
Portability — receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible (Art. 20 GDPR);
Object — object to processing based on our legitimate interests, or to direct marketing at any time (Art. 21 GDPR);
Withdraw consent — where processing is based on consent, you may withdraw it at any time (Art. 7(3) GDPR);
Not be subject to a solely automated decision with legal or similarly significant effects — see Section 5 (Art. 22 GDPR).

To exercise any of these rights, contact us at info@fayneos.com. We will respond within one month, with the possibility of a two-month extension where the request is complex.

You also have the right to lodge a complaint with a supervisory authority. The competent authority in Slovakia is the Office for Personal Data Protection of the Slovak Republic:

Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava 27, Slovak Republic Tel: +421 2 32 31 32 14 Email: statny.dozor@pdp.gov.sk Web: https://dataprotection.gov.sk

You may also contact the data protection authority in your country of residence or place of work.

13. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to:

know the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of recipients;
delete personal information we have collected from you, subject to certain exceptions;
correct inaccurate personal information;
opt out of the sale or sharing of personal information for cross-context behavioural advertising;
limit the use of sensitive personal information; and
non-discrimination for exercising your rights.

We do not sell personal information for money. We may "share" personal information for cross-context behavioural advertising (e.g. via marketing pixels) where you have consented through our cookie banner. You can withdraw that consent at any time using the cookie banner or your browser settings.

To exercise California rights, email info@fayneos.com. We will verify your request using the contact information associated with your account or other reasonable means.

14. Children

The Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, please contact info@fayneos.com and we will take reasonable steps to delete it. Customers operating Academies are responsible for the age of their Students and for obtaining any required parental consents.

15. Security

We maintain technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include encryption in transit, access controls, least-privilege permissions, secure development practices, monitoring, and vendor due diligence. No system is perfectly secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with Article 33 and 34 GDPR.

16. Changes to this Policy

We may update this Policy from time to time. The "Effective date" at the top reflects the most recent version. If changes are material, we will notify you by email or through the Service before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

17. Contact

For any questions about this Privacy Policy or about how we handle personal data, contact us at:

Infoproduct Systems s.r.o. Hellova 11/7, 040 11 Košice, Slovak Republic Email: info@fayneos.com

See also our Terms of Service and Cookie Policy.

More legal

Cookie Policy →Terms of Service →