Privacy Policy
Last updated: 7 July 2026
1. Who We Are
FSGen ("FSGen", "we", "us", "our") is a software delivery company established in Portugal, acting as the data controller for personal data processed in connection with the FSGen platform and services. Registered address and contact details: FSGen, Portugal Email: privacy@fsgen.com Website: fsgen.com This Privacy Policy applies to all personal data collected through the FSGen website (fsgen.com), platform, and related services. It should be read alongside our Cookie Policy and Terms & Conditions. FSGen services are directed exclusively at businesses and professionals. Our platform is not intended for use by individuals under the age of 18. By using FSGen, you confirm that you are at least 18 years of age and are acting in a business or professional capacity.
2. Personal Data We Collect
We collect and process the following categories of personal data: Account data: name, email address, preferred language, and account credentials when you register. Business and project data: company name, project requirements, uploaded files and documents, and responses to scoping questions submitted through the platform. Billing and payment data: billing name, company details, tax identification number, and billing address. Payment card data is processed exclusively by Stripe and is not stored by FSGen. Technical and usage data: IP address, browser type, operating system, pages visited, session duration, and interaction logs collected automatically when you use the platform. Communications data: records of emails, support requests, and other communications between you and FSGen. We do not intentionally collect special category data (sensitive personal data). Please do not include sensitive personal information in project submissions.
3. Legal Basis for Processing
We process your personal data on the following legal bases: Performance of a contract (Article 6(1)(b) GDPR): processing your account data, project data, and billing information is necessary for us to provide the services you have ordered. Legitimate interests (Article 6(1)(f) GDPR): we process technical and usage data to improve platform security and performance and to detect and prevent fraud. Our legitimate interests do not override your fundamental rights and freedoms. Compliance with a legal obligation (Article 6(1)(c) GDPR): we retain billing and transaction records as required by Portuguese and EU tax law. Consent (Article 6(1)(a) GDPR): where you have opted into analytics cookies or session recording, we process the resulting data on the basis of your consent. You may withdraw consent at any time through the cookie preferences panel.
4. How We Use Your Data
We use your personal data for the following purposes: • To create and manage your account • To assess the feasibility of your project submission • To deliver the agreed software application • To process payments and manage billing • To send transactional communications (project status, delivery notifications, invoices) • To respond to your support requests • To detect, investigate, and prevent fraud, abuse, and security incidents • To improve and optimise the FSGen platform • To comply with our legal and regulatory obligations • To deliver and measure advertising campaigns on Google Ads and Meta Ads, including conversion tracking and remarketing (only where you have given cookie consent via the cookie banner) • To build remarketing and lookalike audiences on Google and Meta platforms based on your website interactions (only where you have given cookie consent) We do not sell your personal data to any third party. You may opt out of personalised advertising at any time: — Google Ads Settings: adssettings.google.com — Meta Ad Preferences: facebook.com/settings?tab=ads — EU industry opt-out: youronlinechoices.eu
5. Data Sharing & Subprocessors
We do not sell, rent, or trade your personal data. We share data only with the following recipients, each bound by appropriate data protection obligations: • AWS (Amazon Web Services): cloud hosting, storage, and infrastructure. AWS acts as a data processor under a Data Processing Agreement with FSGen. • Stripe: payment processing. Stripe is an independent controller for payment data processed under their own privacy policy. • Anthropic: project requirements may be processed by Anthropic's AI models during feasibility analysis. Anthropic acts as a data processor under a Data Processing Agreement with FSGen. • LogRocket: session recording and analytics (where you have given consent via the cookie banner). • AWS SES: transactional email delivery. • Google LLC: analytics and advertising measurement through Google Analytics and Google Ads, subject to your cookie consent. Google acts as a data processor for analytics data and as an independent controller for Google Ads advertising data. Google Privacy Policy: policies.google.com/privacy. • Meta Platforms Ireland Limited: advertising measurement and remarketing through Meta Pixel (Facebook), subject to your cookie consent. Meta acts as an independent controller for advertising data. Meta Data Policy: facebook.com/privacy/policy. All subprocessors are required to maintain appropriate technical and organisational security measures and to process data solely for the specified purpose.
6. International Data Transfers
Several of our subprocessors are based in the United States or other countries outside the European Economic Area (EEA). We ensure all such transfers comply with GDPR Chapter V using Standard Contractual Clauses (SCCs) approved by the European Commission. Processors and applicable transfer mechanisms: • AWS (Amazon Web Services): Standard Contractual Clauses • Stripe: Standard Contractual Clauses • Anthropic: Standard Contractual Clauses • LogRocket: Standard Contractual Clauses • Google LLC: Standard Contractual Clauses (see business.safety.google/adsprocessorterms) • Meta Platforms Ireland Limited: Standard Contractual Clauses For details of the specific safeguards in place, contact us at privacy@fsgen.com.
7. Data Retention Periods
We retain personal data for only as long as necessary: • Account data: retained for the duration of your account, plus two (2) years after account closure. • Rejected or unstarted projects: all uploaded files and project data are permanently deleted within three (3) calendar days of rejection or abandonment. • Completed or cancelled projects: temporary project files and documents are retained for thirty (30) calendar days, then permanently deleted. • Billing and transaction records: retained for ten (10) years as required by Portuguese and EU tax law. • Communications and support records: retained for two (2) years from the date of the last communication. • Technical logs: retained for ninety (90) days for security and fraud detection purposes. After the applicable retention period, data is permanently and securely deleted or anonymised.
8. Your Rights Under GDPR
As a data subject, you have the following rights, exercisable free of charge: • Right of access: request a copy of all personal data we hold about you. • Right to rectification: request correction of inaccurate or incomplete personal data. • Right to erasure: request deletion of your data where it is no longer necessary, subject to legal retention obligations. • Right to restriction: request that we limit processing of your data in certain circumstances. • Right to data portability: request your data in a structured, machine-readable format. • Right to object: object to processing based on legitimate interests. • Rights regarding automated decision-making: the right not to be subject to decisions based solely on automated processing that produce significant effects. • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time. To exercise any right, contact us at privacy@fsgen.com. We will respond within thirty (30) days. You may also lodge a complaint with the Portuguese data protection authority (CNPD — cnpd.pt) or the supervisory authority in your country of residence.
9. Security
FSGen implements appropriate technical and organisational measures to protect your personal data, including: • Encrypted data transmission (TLS/HTTPS) for all communications • Encryption at rest for sensitive data stored on AWS • Access controls limiting data access to authorised personnel only • Regular security reviews and vulnerability assessments • Secure credential management via AWS Secrets Manager No method of transmission over the internet is completely secure. While we use commercially reasonable means to protect your data, we cannot guarantee absolute security. In the event of a personal data breach likely to result in a high risk to your rights, we will notify you without undue delay as required by GDPR Article 34.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always published at fsgen.com/legal/privacy, with the effective date displayed. If we make material changes to how we process your personal data, we will notify you by email (if you have an account) or by displaying a notice on the platform before the changes take effect. Your continued use of FSGen following publication of an updated Privacy Policy constitutes acknowledgement of the changes.
11. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or the exercise of your data subject rights, please contact: FSGen — Data Privacy Email: privacy@fsgen.com Website: fsgen.com Portugal We aim to respond to all privacy-related enquiries within five (5) business days and to fulfil all valid data subject requests within thirty (30) calendar days.
