AT Austria DE Germany EN International
Legal

Privacy policy

Stand: April 2026

This privacy policy explains how we process personal data in connection with the website usefynoai.com and the fynoAI offering. It is based on Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and applicable national law (including the Austrian Data Protection Act, “DSG”), as amended.

1. Controller

The controller within the meaning of the GDPR is:

clickpuls eCommerce GmbH
Leonard-Bernstein-Straße 10, 1220 Vienna, Austria
Email: [email protected]
Web: usefynoai.com

We have not appointed a dedicated data protection officer. You may address privacy requests to the contact details above.

2. General information on processing

We process personal data only where necessary to operate a functional website and deliver our content and services, or where you have given consent.

Legal bases may include in particular:

  • Art. 6(1) lit. a GDPR — consent,
  • Art. 6(1) lit. b GDPR — contract / pre-contractual measures,
  • Art. 6(1) lit. c GDPR — legal obligation, where applicable,
  • Art. 6(1) lit. f GDPR — legitimate interests (e.g. website security, aggregated usage insights, product improvement).

3. Hosting, database and email infrastructure

We use the following services for operation, storage and delivery. Where they process personal data on our behalf, they do so typically as processors under Article 28 GDPR (data processing agreements where required). Legal bases include Art. 6(1) lit. b and/or lit. f GDPR (performance / legitimate interests in secure operation).

3.1 Application hosting (Fly.io)

Our website and backend run on Fly.io infrastructure (parent company based inter alia in the USA). Our production region is Frankfurt (eu-central), so processing related to hosting and delivery takes place in the EEA. We process technical data required for delivery and for security/stability. More information: fly.io/legal/privacy-policy.

3.2 Database (Supabase / PostgreSQL)

Database, sessions, queues and caches are stored in a managed PostgreSQL environment via Supabase. Our project uses the Frankfurt (EU) region – storage and processing therefore take place in the EEA. Processing is governed by a data processing agreement under Art. 28 GDPR. More information: supabase.com/privacy.

3.3 Transactional email (Resend)

Transactional emails (e.g. newsletter double opt-in, system notifications) are sent via Resend. For our configuration, processing related to sending takes place in Ireland (EU/EEA), so there is no transfer of personal data to a third country outside the EEA for this step. We process recipient email addresses and mailing metadata. More information: resend.com/legal/privacy-policy.

4. First-party usage analytics without identifying profiles

We operate a first-party, pseudonymous measurement approach. A daily-rotating hash may be derived from the IP address and technical signals; identifying you as a person is not intended. We may process paths visited, coarse technical characteristics (device/browser), timestamps and campaign parameters (UTM).

Legal basis: Art. 6(1) lit. f GDPR (legitimate interests in aggregated reach and product insight). You may object as described under “Your rights”.

5. Google Analytics 4 (on consent)

Where you consent via our consent banner, we use Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) for analytics. GA4 may use cookies or similar technologies. Data may be transferred to third countries (notably the USA); Google relies on Standard Contractual Clauses and supplementary measures where applicable.

Legal basis for consent-based use: Art. 6(1) lit. a GDPR together with Art. 49(1) lit. a GDPR where transfers occur without an adequacy decision. Without consent, analytics storage categories stay disabled (Consent Mode).

Further information: policies.google.com/privacy.

6. Cookies, consent storage and sessions

We use technically necessary mechanisms for site operation and security (e.g. session/CSRF via our web framework). Your marketing/analytics consent choice may be stored in browser localStorage when you interact with the banner.

Where non-essential cookies or similar technologies are used, we rely on your consent (Art. 6(1) lit. a GDPR). You may withdraw consent via browser settings or by clearing stored consent values and revisiting the site.

7. Newsletter

If you subscribe to our newsletter, we process the data you provide (at minimum your email address, optionally your name) to send information about fynoAI. We use double opt-in (confirmation link). Technical delivery may use Resend (see section 3.3). Legal basis: Art. 6(1) lit. a GDPR and Art. 7 GDPR. You may unsubscribe at any time with future effect (link in each email or by contacting us).

8. Contact and demo / beta requests

If you use forms (e.g. demo/beta request), we process the information you submit to handle your inquiry and, where appropriate, to follow up commercially. Legal basis: Art. 6(1) lit. b GDPR (pre-contractual measures) and, where applicable, Art. 6(1) lit. f GDPR for related internal processes (e.g. documentation, quality).

9. Recipients and processors

Key providers are described in sections 3.1–3.3: Fly.io (hosting, Frankfurt), Supabase (database, Frankfurt), Resend (email, Ireland). For this setup, processing by these services takes place in the EEA – with no third-country transfer within the meaning of Arts. 44 ff. GDPR for these steps. If you consent to Google Analytics (section 5), an additional transfer to a third country (including the USA) may occur with the safeguards described there. We enter into data processing agreements pursuant to Art. 28 GDPR where required.

10. Storage periods

We keep personal data only as long as necessary for the respective purposes or as required by statutory retention periods.

11. Your rights

Subject to legal requirements, you have in particular the following rights: access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and objection (Art. 21 GDPR). Where processing is based on consent, you may withdraw consent with future effect (Art. 7(3) GDPR).

12. Complaints before a supervisory authority

You have the right to lodge a complaint with a supervisory authority. In Austria, this includes the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, www.dsb.gv.at.

13. Changes

We update this privacy policy when legal requirements or our processing change. The version published at usefynoai.com applies.

We use cookies for analytics.

With your consent, anonymised statistics help us make fynoAI better. Learn more