Notice: This page was machine-translated on 2026-04-25 and is pending professional legal review. For binding terms, consult the English version.

Privacy Policy

Last updated: 2026-04-25

1. Data Controller

POI369 OÜ, registered at Tallinn, Estonia (set LEGAL_ADDRESS in env for full address) (registry code: PENDING — set LEGAL_REGISTRY_CODE in env), is the data controller for personal data processed through the Faltastik platform. For all privacy matters, contact us at [email protected].

2. Data We Collect

We may process the following categories of personal data when you use our service:

Account and identity data: email address, chosen display name and profile photo.
Profile and reading inputs: date of birth, questions you enter during a reading session, coffee-reading image descriptions and stated intentions.
Payment metadata: card brand, last 4 digits, transaction ID and billing address processed via Stripe. We never store full card numbers; this data lives exclusively within Stripe's infrastructure.
Analytics and technical data: page-view events, feature-usage signals, IP address (anonymised), browser type and operating system.
Support communications: messages you send us via email or contact form.

3. Processing Purposes and Legal Bases

We process your data for the following purposes:

Service delivery (GDPR Art. 6(1)(b) — contract performance): account management, reading generation, subscription billing and customer support.
Legal obligations (GDPR Art. 6(1)(c)): tax and accounting records, evidence retention for potential legal claims.
Legitimate interests (GDPR Art. 6(1)(f)): fraud detection, security monitoring and anonymised analytics to improve platform reliability.
Consent (GDPR Art. 6(1)(a)): optional communications such as marketing emails or campaign notifications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Data Sharing and Recipients

We share data with the following third parties:

Stripe: payment processing and subscription management. Stripe's own privacy policy applies to data processed within their infrastructure.
OpenAI: anonymised reading prompts (stripped of name, email and account identifiers). Under OpenAI's API terms, your data is not used to train their models.
Sentry: application error monitoring and performance tracking. Personal identifiers are scrubbed before transmission.
Resend: transactional email delivery (receipts, password resets, etc.). Only your email address and the relevant email content are transferred.

POI369 OÜ is incorporated in Estonia (Estonia), meaning our company records are held within the European Union and subject to EU data-residency requirements. We do not sell, rent or otherwise commercialise your personal data beyond the processors listed above.

5. Retention Periods

Account data: for as long as your account is active, plus 90 days after deletion (dispute and legal review window).
Reading records: 1 year from creation; automatically deleted thereafter.
Consent records (audit trail): 5 years for compliance audit purposes.
Billing and payment metadata: 10 years in accordance with applicable tax law.

6. Your Rights

Under GDPR Chapter III, you have the following rights:

Right to be informed about how your data is used.
Right of access — to receive a copy of your personal data.
Right to rectification of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) where legal grounds are met.
Right to restriction of processing.
Right to data portability in a machine-readable format.
Right to object to processing based on legitimate interests or for direct marketing.
Rights related to automated decision-making and profiling.

Submit requests to [email protected] or through the /account page. We will respond within 30 days.

7. Children

Faltastik is intended for users aged 18 and over. We do not knowingly collect data from minors. If we become aware that a minor's data has been collected, we will delete it promptly.

8. Security

We apply industry-standard technical and administrative safeguards — including TLS encryption in transit, access control policies, and periodic security reviews — to protect your personal data from unauthorised access, alteration, disclosure or destruction.

9. Policy Changes

We may update this policy from time to time. For material changes, we will send notice to your registered email address at least 14 days before the change takes effect. Continued use of the platform after the notice period constitutes acceptance of the updated policy.

10. Contact

POI369 OÜ
Tallinn, Estonia (set LEGAL_ADDRESS in env for full address)
Email: [email protected]