Skip to content
Factled
Legal

Privacy Policy

Last updated 17 June 2026

This policy explains what personal data Factled collects, how we use it, and the choices you have. It covers the Factled web app at factled.com.

The controller responsible for your personal data is Anthon Fredriksson, an individual sole trader established in Sweden, who operates Factled. For any privacy question or request, contact us at privacy@factled.com.

1. Information we collect

  • Account data: the email address you use to sign in via magic link. We do not store passwords.
  • Content you submit: the form fields or transcripts you provide, and the case studies generated from them. These are stored so you can access them in your library.
  • Abuse-prevention data: to apply rate limits and protect sign-in, we store short-lived request counts keyed to your account or to a one-way hash of your email or IP address. Sign-in is also protected by a bot-detection service.
  • Payment data: when you buy credits, our processor (Stripe) handles your card details. We never see or store full card numbers; we store only your credit balance and a record of processed payment events.
  • Usage & logs: standard server logs (e.g. request metadata, IP address, and errors) generated by our hosting provider and used to operate and secure the Service.

2. How we use your data

  • to provide the Service — generating, saving, and displaying stories;
  • to process payments and maintain your credit balance;
  • to prevent abuse, enforce limits, and secure the Service;
  • to communicate with you about your account (e.g. magic links).

We do not sell your personal data, and we do not use the content you submit to train our own models.

3. Service providers (subprocessors)

We share data with vendors strictly to run the Service:

  • Vercel — application hosting and the global content-delivery / edge network; processes request data such as IP addresses and headers to serve the app and detect bots (Vercel Inc., United States). Privacy.
  • Supabase— database, authentication, and storage; our project’s data is hosted in the EU (Ireland, eu-west-1). Privacy.
  • Anthropic — the AI model that generates your case study from the inputs you submit (processed in the United States). Privacy.
  • Stripe — payment processing. Privacy.
  • Email delivery— we send sign-in “magic link” emails through an email-delivery provider, which processes your email address solely to deliver those messages.

4. Legal basis & international transfers

Where the GDPR applies, we process your data to perform our contract with you (providing the Service), to comply with legal obligations, and for our legitimate interests in securing and improving the Service. Some providers (for example Anthropic, Stripe, and Vercel) are based in or process data in the United States; such transfers rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses.

5. Data retention

We keep your account and generated stories until you delete them or close your account. Rate-limit records are short-lived and used only for abuse prevention. We retain payment records as required for accounting and legal purposes.

6. Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, object to or restrict certain processing, and request portability. You can export your data or permanently delete your account at any time from your account page; for anything else, contact us at privacy@factled.com. You also have the right to lodge a complaint with your local data-protection authority; in Sweden this is the IMY (Integritetsskyddsmyndigheten, imy.se).

7. Cookies

We use a small number of strictly-functional cookies:

  • Authentication cookies (set by Supabase) to keep you signed in.

We do not use advertising or cross-site tracking cookies.

8. Security

We use measures such as row-level security, encrypted transport, server-side secrets, and signed payment webhooks. No method of transmission or storage is completely secure, but we work to protect your data.

9. Children

The Service is not intended for anyone under 16, and we do not knowingly collect data from children.

10. Changes & contact

We may update this policy; material changes will be reflected in the date above. Questions or requests can be sent to privacy@factled.com.