Privacy Policy
Effective from: 23 czerwca 2026
1. Data controller
The controller of your personal data is Fattly. The controller's full registration details will be provided soon. Contact for personal data matters: contact@fattly.app.
2. What data we process
- Account data — email address, encrypted password, registration date.
- Billing data — information about credit purchases. Payments are handled by Stripe; we don't store card data.
- Content — the prompts you enter, uploaded files and generated results (generation history).
- Technical data — IP address, browser information, security logs and events, cookies.
3. Purposes and legal bases (GDPR)
- Providing the services (account, generation, billing) — Art. 6(1)(b) GDPR (performance of a contract).
- Legal obligations (e.g. billing, complaints) — Art. 6(1)(c) GDPR.
- Security, abuse prevention, pursuing claims — Art. 6(1)(f) GDPR (legitimate interest).
- Marketing / optional cookies — Art. 6(1)(a) GDPR (consent), where given.
4. Data recipients and processors
We use trusted providers acting as processors:
- Supabase — authentication and database,
- Stripe — payment processing,
- fal.ai and AI model providers — performing the Generation,
- Cloudflare R2 — storage of generated files,
- Upstash — rate limiting (security),
- Sentry — application error monitoring.
Some providers may process data outside the European Economic Area (e.g. in the USA). In such cases the transfer takes place on the basis of appropriate safeguards, in particular standard contractual clauses approved by the European Commission.
5. Retention period
We keep account data and Content for the duration of the account. After account deletion, data is deleted or anonymised, except for data we must retain under the law (e.g. billing records) or until any claims become time-barred.
6. Your rights
You have the right to:
- access your data and obtain a copy,
- rectification (correction) of data,
- erasure of data (the “right to be forgotten”),
- restriction of processing,
- data portability,
- object to processing based on legitimate interest,
- withdraw consent at any time (without affecting the lawfulness of prior processing).
To exercise your rights, write to contact@fattly.app. You also have the right to lodge a complaint with the competent data protection supervisory authority (in Poland: the President of the Personal Data Protection Office, PUODO).
7. Cookies
The Service uses cookies necessary for its operation (e.g. keeping the login session) and — with consent — analytics or functional cookies. You can change cookie settings in your browser.
8. Security
We apply technical and organisational measures to protect data, including encrypted transmission, access restrictions, storing files in private storage accessed via temporary signed links, and mechanisms that limit abuse.
9. Changes to the Policy
The Policy may be updated. We will inform you of significant changes in the Service or by email. The remaining rules are described in the Terms.