Privacy Policy

MB One Corp (registration code 307480747)
Laisves pr. 60-1107, Vilnius, LT-05120, Lithuania
Contact: team@faindo.com

1. Who we are and how to contact us

The data controller for personal data processed in connection with the Faindo platform and this website is MB One Corp, a limited liability company registered in Lithuania (registration code 307480747), with its registered office at Laisves pr. 60-1107, Vilnius, LT-05120, Lithuania.

For all privacy inquiries, requests to exercise your rights, or questions about this policy, please write to team@faindo.com. We aim to respond within 30 days of receiving a verifiable request.

2. Data we collect and why

We collect only the personal data that is necessary to provide the Faindo service.

2.1 Account data

When you register or are invited to the platform we collect: full name, business email address, company name, and account credentials managed via Firebase Authentication. Legal basis: contract performance (GDPR Art. 6(1)(b)).

2.2 Usage and telemetry data

We collect information about how you interact with the product, including pages visited, features used, session duration, device type, browser type, and IP address (anonymised after 90 days). This data is used solely to improve the product and diagnose issues. Legal basis: legitimate interests (GDPR Art. 6(1)(f)) — we have a legitimate interest in understanding how our product is used in order to improve it. You may object to this processing at any time.

2.3 Content you provide

You provide brand names, competitor names, and buyer question prompts as inputs to the Faindo service. This content is associated with your account and team, processed to run AI model queries on your behalf, and stored to show you historical results. Legal basis: contract performance (GDPR Art. 6(1)(b)).

2.4 Inferred and derived data

Faindo queries third-party AI language models using prompts derived from the content you provide. The AI model outputs (mention rankings, citation URLs, sentiment assessments) are stored and associated with your brand workspace. This inferred data does not contain personal data about you; it describes AI model outputs about third-party products and brands. Legal basis: contract performance (GDPR Art. 6(1)(b)).

2.5 Communications data

If you contact us by email or book a meeting via our scheduling tool (Calendly), we retain those communications to respond to you and to improve our support. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

2.7 Prospect data (welcome gate)

When you start an audit request on our application before creating a full account, we collect: brand name, website URL, a browser identifier stored in localStorage (pistachioClientId, used only to resume your request in the same browser), hashed IP address, browser user agent string, and optional landing-page context (e.g. referrer or UTM tags). This helps us prepare for your walkthrough and prevent abuse. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

2.6 Analytics and marketing cookies (with consent)

If you accept non-essential cookies, we use PostHog, Google Analytics, and Meta Pixel to collect anonymised product analytics and track marketing campaign effectiveness. See Section 9 for full details. Legal basis: consent (GDPR Art. 6(1)(a)). You may withdraw consent at any time.

3. How long we keep your data

When your account or team subscription is terminated, we will delete or anonymise your personal data within the grace window described above, unless we are required by law to retain it for longer.

4. Your rights under GDPR

As a data subject in the EU/EEA you have the following rights, which you may exercise by contacting us at team@faindo.com:

• Access — you may request a copy of the personal data we hold about you.
• Rectification — you may ask us to correct inaccurate data.
• Erasure ("right to be forgotten") — you may ask us to delete your personal data where there is no legal basis for us to continue holding it.
• Restriction — you may ask us to restrict the processing of your data in certain circumstances.
• Portability — you may request your account data in a machine-readable format.
• Objection — you may object to processing based on legitimate interests at any time. We will stop unless we can demonstrate compelling legitimate grounds that override your interests.
• Withdrawal of consent — where processing is based on consent (e.g. analytics cookies), you may withdraw consent at any time by clicking "Decline non-essential" in the cookie banner, or by visiting the cookies section of this page.

You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (VDAI): vdai.lrv.lt. If you are based in another EU member state you may also complain to your local supervisory authority.

5. Who we share your data with

We do not sell personal data. We share it only with the following categories of recipients:

• Subprocessors listed in Section 8 who process data on our behalf under binding contractual obligations.
• Law enforcement or regulatory bodies where we are legally required to disclose.
• Successors in the context of a merger, acquisition, or sale of assets — in which case we will notify you before your data is transferred to and becomes subject to a different privacy policy.

6. International transfers

Some of our subprocessors are based outside the EEA (notably in the United States). Where personal data is transferred outside the EEA we rely on one of the following safeguards:

• EU Standard Contractual Clauses (SCCs) — approved by the European Commission under Decision 2021/914.
• Adequacy decision — where the European Commission has determined that the recipient country provides an adequate level of protection.

You may request copies of the relevant SCCs by writing to team@faindo.com.

7. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• TLS 1.2 or higher encryption for all data in transit.
• Encryption at rest provided by our infrastructure and database hosting providers.
• Access control: least-privilege principle; staff access to production data is audited.
• Secure authentication via Firebase Authentication (password hashing, multi-factor authentication support).
• Vulnerability disclosure: see our Trust & Security page.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact team@faindo.com immediately.

8. Subprocessors {#subprocessors}

We use the following subprocessors to operate the Faindo platform. Each is bound by a data processing agreement that requires them to process data only on our instructions and to implement appropriate security measures.

We will notify you of any material changes to this list at least 30 days before a new subprocessor begins processing your data, giving you the opportunity to object.

9. Cookies {#cookies}

Essential cookies

Essential cookies are required for the platform to function (e.g. session management, CSRF protection). These are set automatically and cannot be declined without breaking core functionality.

We also store pistachioClientId in localStorage on the application domain so we can resume an in-progress audit request in your browser. This identifier is not used for advertising and is treated as strictly necessary for that flow.

Non-essential cookies (analytics and marketing)

With your consent, we use PostHog, Google Analytics, and Meta Pixel to collect anonymised analytics about how the product is used and to measure marketing campaign effectiveness. These services may set the following cookies or use local storage identifiers:

• PostHog — ph_* cookies for session tracking and feature flag evaluation
• Google Analytics — _ga, _ga_* cookies for analytics tracking (14–26 months)
• Meta Pixel — _fbp cookie for conversion tracking (90 days)

No personal data is sold or shared for advertising beyond the consent-gated analytics and attribution described above.

To opt out: click the button below, or decline the cookie banner the next time you visit. Opting out removes any existing analytics identifiers from your browser.