· LEGAL · 03 · PRIVACY ·
Privacy Policy
Last updated: May 27, 2026
1. Data controller
The personal data controller is Dogan Sezer, publisher of FichePro AI. For any question about your data, contact us at: contact@fichepro.ai
2. Data collected
We collect the following data:
- Account data: email address, hashed password, registration date
- Usage data: number of generated listings, subscription plan, generation history
- Payment data: processed directly by Stripe — we do not store any banking information
- Technical data: IP address, browser type, pages visited (via analytics cookies if consented)
3. Processing purposes
Your data is used to:
- Create and manage your user account
- Provide the product listing generation service
- Process payments and manage subscriptions
- Send service-related communications (confirmations, invoices)
- Improve the service via anonymized usage analysis
4. Legal basis
Processing of your data is based on the performance of the service contract (art. 6.1.b GDPR) for data necessary for the operation of the service, and on your consent for marketing communications.
5. Sub-processors
We use the following sub-processors for the operation of the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU / United States (DPA signed) |
| Stripe | Payment processing | United States (DPA signed, PCI-DSS certified) |
| OpenAI | AI content generation (sheets, marketing, video scripts) and AI analyses (Ad Spy insights, hook classification, angle suggestions) | United States (DPA signed) |
| Anthropic | AI models for autonomous agents (Sofia, Marc, etc.) | United States (DPA signed) |
| Vercel | Hosting and CDN | United States / EU (DPA signed) |
| Resend | Transactional and marketing email delivery | United States (DPA signed) |
| Upstash | Rate limiting and 24-hour caching of AI analyses (key: public identifier of the analyzed advertisement, with no personal data) | EU / United States (DPA signed) |
| DiceBear (Avataaars) | Generation of anonymous geometric avatars displayed on Ad Spy cards (input: public page name, no user data) | Public CDN |
| Meta Ad Library | Public data source for the Ad Spy module (read-only access to Meta Platforms Inc.'s public advertising database) | United States (public source) |
5.1 Clarification on OpenAI Usage
We use the OpenAI API (GPT models, notably gpt-4o-mini for lightweight analyses and gpt-4o for long-form generation) with the option to not use data for training enabled by default. Your data is not used to train third-party AI models.
Only data necessary for the requested analysis is transmitted to OpenAI:
- Product sheet generation: product name, characteristics, tone, target marketplace, output language
- Ad Spy insights: public text of the analyzed advertisement, advertiser page name, public metrics (days active, platforms, estimated audience)
- Niche Finder, Persona Simulator, Predictive Winning: entered keyword, category, product context
No identifying personal data (email, user identifier, payment data) is transmitted to OpenAI. Ad Spy analyses are cached anonymously for 24 hours via Upstash to avoid redundant calls to the same public content.
5.2 Public Source: Meta Ad Library
The Ad Spy module queries the Meta Ad Library — a public database made available by Meta Platforms Inc. for advertising transparency purposes. No user data is transmitted to Meta during these requests: only the keyword entered by the user and the country code are sent.
6. Data retention
Your data is kept for the entire duration of your account, then deleted within 30 days after closure of your account, except for legal retention obligations (billing data: 10 years).
7. Your rights
In accordance with the GDPR, you have the following rights:
- Right of access — obtain a copy of your data
- Right of rectification — correct inaccurate data
- Right to erasure — request deletion of your data
- Right to portability — receive your data in a structured format
- Right to object — object to processing for marketing purposes
You can exercise your portability and erasure rights directly from your account dashboard (« Export my data » and « Delete my account » buttons).
For any other request, contact us at contact@fichepro.ai. You also have the right to lodge a complaint with the French data protection authority (CNIL).
8. Cookies and analytics
We use cookies strictly necessary for the operation of the service (authentication, session). No advertising cookies are used.
On your first visit, a consent banner allows you to accept or refuse analytics cookies. Your choice is recorded in a cookie_consent cookie (duration: 365 days).
If you consent, we activate Vercel Analytics and Vercel Speed Insights. These tools measure visited pages and technical performance (Core Web Vitals). Data is aggregated and anonymous. No advertising cookies are placed.
Regardless of your choice, we collect strictly anonymous and aggregated audience metrics (page visited, device type, country) without any cookie or identifier. This measurement is exempt from consent under the GDPR exception for strictly necessary audience analytics.
9. Marketing emails and right to object
We may send marketing emails (activation reminders, monthly reactivation) to users who have not exercised their right to object. Each marketing email includes a one-click unsubscribe link. You can also unsubscribe from your account dashboard.
10. Security
We implement appropriate technical measures to protect your data: TLS encryption of communications (HTTPS), secure authentication via Supabase Auth, restricted data access. OAuth tokens (Shopify, Google Search Console) and app passwords are encrypted at rest with AES-256-GCM. Outbound webhooks are signed with HMAC-SHA256 and automatically disabled after 5 consecutive failures. User content moderation (cluster comments) uses the OpenAI Moderation API to detect spam and inappropriate content.
11. Modifications
This policy may be updated. Any significant change will be notified by email or via a banner on the site.