What we collect and what we do with it.

1. Who we are

thefaqapp is operated by okbrk, a sole proprietorship based in Amsterdam, Netherlands. The data controller is okbrk (hello@thefaq.app).

2. What we collect

• Account data: email, name (from Google OAuth or email signup), and the organizations you create.
• Content data: questions, answers, categories, translations, and API keys you create.
• Billing data: subscription state, plan tier, and Polar customer ID. We don't store card details — Polar does.
• Operational logs: API request metadata (timestamp, endpoint, status, organization slug). Retained 30 days.
• Site analytics: aggregated page views via consent-gated analytics. Anonymized IPs.

3. What we use it for

• Running the service you signed up for (API, dashboard, billing)
• Sending transactional email (sign-in, billing receipts, account notifications)
• Detecting abuse (rate limits, security alerts)
• Improving the product based on aggregated usage patterns

We don't sell your data. We don't train AI models on it. We don't share it with advertisers.

4. Where it lives

Primary database: Neon Postgres, EU region (eu-central-1, Frankfurt). Edge cache: Cloudflare Workers globally. Email: Resend (US). Billing: Polar (US). Site analytics: Cloudflare Web Analytics or PostHog (your choice via consent banner).

5. Your rights (GDPR / UK GDPR)

• Access: request a copy of your data
• Rectification: correct anything wrong
• Erasure: delete your account and content (30-day grace, then purged)
• Portability: export everything in JSON
• Object: opt out of non-essential processing

Email hello@thefaq.app with what you need. We respond within 14 days.

6. Cookies

We set a session cookie for sign-in. Analytics cookies require explicit consent — refusing them doesn't break anything. We don't use third-party tracking cookies.

7. Changes

We'll email all customers when we update this policy materially. Minor wording edits go in the changelog without notification.