Privacy Policy

Ficzd Limited ("Ficzd", "we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at ficzd.com or use our AI-powered marketing automation platform (collectively, the "Services").

Please read this Privacy Policy carefully. If you disagree with its terms, please discontinue use of our Services. For questions, contact us at privacy@ficzd.com.

Information you provide to us:

• Account registration data (name, email address, company name, role)
• Payment and billing information (processed securely via our payment processors)
• Communications you send us (support requests, feedback, survey responses)
• Content you create or upload within the platform (brand profiles, campaign data, assets)
• Waitlist and lead capture form submissions

Information collected automatically:

• Log data (IP address, browser type, pages visited, time spent, referring URLs)
• Device information (hardware model, operating system, unique device identifiers)
• Cookie data and similar tracking technologies (see Section 7)
• Usage data (features used, actions taken within the platform, session duration)
• Performance data (error reports, crash logs, response times)

Information from third parties:

• Authentication providers (if you choose to sign in via third-party SSO)
• Analytics partners
• Marketing and advertising partners

We use the information we collect to:

• Provide, operate, maintain, and improve our Services
• Create and manage your account and process your transactions
• Send you transactional communications (invoices, account alerts, service updates)
• Send you marketing communications about Ficzd products and features (with your consent where required)
• Respond to your inquiries and provide customer support
• Monitor and analyse usage patterns to improve the platform
• Detect, prevent, and address fraud, security incidents, and technical issues
• Comply with legal obligations and enforce our Terms of Service
• Carry out research and product development

We do not use your content data to train AI models without your explicit consent.

For users in the European Economic Area (EEA) and United Kingdom, our legal bases for processing personal data include:

• Contract performance: Processing necessary to fulfil our contractual obligations to you
• Legitimate interests: Processing for our business operations, fraud prevention, and service improvement, where these interests are not overridden by your rights
• Consent: Where you have given explicit consent (e.g., for marketing emails or optional analytics)
• Legal obligation: Where processing is required to comply with applicable law

We may share your information with:

• Service providers: Third-party vendors who assist in providing the Services (cloud hosting, payment processing, email delivery, analytics, customer support). These providers are contractually bound to protect your data and process it only as instructed.
• Business partners: With your consent, where integrations with third-party platforms are required (e.g., CRM, ad platforms, email marketing tools).
• Legal authorities: Where required by law, court order, or governmental authority.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notification to you.

We do not sell your personal data to third parties for advertising purposes.

We retain your personal data for as long as necessary to provide the Services and fulfil the purposes described in this Policy, or as required by law. When you close your account, we will delete or anonymise your personal data within 90 days, unless we are required to retain it longer for legal or regulatory reasons.

Content data (brand profiles, campaign content) is deleted upon account termination. Aggregated, anonymised analytics data may be retained indefinitely.

We use cookies and similar tracking technologies to collect and store information about how you use our Services. These include:

• Essential cookies: Required for the Services to function (authentication, session management). Cannot be disabled.
• Analytics cookies: Help us understand how visitors use our website (page views, user flows, performance metrics).
• Marketing cookies: Used to measure the effectiveness of our advertising and to deliver relevant ads. Only set with your consent.

You can control cookie preferences through your browser settings or our cookie consent tool. Disabling non-essential cookies will not affect your ability to use the core platform.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request a machine-readable export of your data
• Restriction: Request that we restrict processing of your data in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdrawal of consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@ficzd.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

Ficzd operates globally and your data may be transferred to and processed in countries outside your own. For transfers from the EEA or UK to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards.

A copy of our standard data transfer mechanisms is available on request via legal@ficzd.com.

We implement industry-standard technical and organisational security measures to protect your personal data, including:

• AES-256 encryption for data at rest
• TLS 1.2+ encryption for data in transit
• Multi-factor authentication for all internal systems
• Regular security audits and penetration testing
• Access controls and least-privilege principles
• Incident response procedures with breach notification protocols

Despite these measures, no transmission over the internet is 100% secure. We encourage you to use strong passwords and to notify us immediately if you suspect unauthorised access to your account.

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice in the platform at least 14 days before the changes take effect. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

For any privacy-related questions, requests, or concerns, please contact: