EN DE

Privacy Policy

How we collect, use, and protect your data

Last updated: August 2025

1. Introduction

This Privacy Policy describes how fasan.app ("we," "our," or "us") collects, uses, and protects your personal information when you use our OKR (Objectives and Key Results) management platform.

By using fasan.app, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and ensuring the security of your personal data.

2. Data Controller

Florian Osterhus

Sole Proprietor

Email: support@fasan.app

3. Information We Collect

3.1 Personal Information

  • Account Information: First name, last name, email address, password
  • Workspace Information: Company name, workspace settings, team structures
  • OKR Data: Objectives, Key Results, progress updates, comments, reflections
  • Activity Data: Login history, user actions, system interactions

3.2 Payment Information

Payment processing is handled by Stripe. We do not store your credit card information directly. Stripe collects and processes:

  • Payment method details (credit card, SEPA direct debit)
  • Billing address information
  • Transaction history

3.3 Technical Information

  • Log Data: IP addresses, browser type, operating system, access times
  • Cookies: Session cookies for authentication and functionality
  • Error Data: Application errors and performance metrics (via Honeybadger)

4. How We Use Your Information

  • Service Provision: To provide and maintain our OKR management platform
  • User Management: To create and manage user accounts and workspaces
  • Communication: To send important service updates and notifications
  • Support: To provide customer support and respond to inquiries
  • Improvement: To analyze usage patterns and improve our services
  • Security: To detect and prevent fraud, abuse, and security threats
  • Compliance: To comply with legal obligations and enforce our terms

5. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds pursuant to Art. 6 GDPR:

  • Contract Performance (Art. 6(1)(b) GDPR): To fulfill our contractual obligations to you
  • Consent (Art. 6(1)(a) GDPR): When you voluntarily consent to specific processing purposes
  • Legitimate Interest (Art. 6(1)(f) GDPR): For improving our services and security measures
  • Legal Obligation (Art. 6(1)(c) GDPR): To fulfill legal obligations such as retention periods

6. Third-Party Services

We use the following third-party services as data processors pursuant to Art. 28 GDPR to operate our platform:

Stripe

Payment processing and billing management. Stripe's privacy policy applies to payment data.

Slack

Integration for sending OKR updates and reminders. Only activated when you connect your Slack workspace.

AWS S3

Secure file storage for documents and attachments.

Honeybadger

Error tracking and application monitoring to improve service reliability.

UI Avatars

Avatar generation based on user names for profile pictures.

Supabase

PostgreSQL database hosting for application data storage.

Fly.io

Application hosting and Redis caching services.

7. Data Retention

  • Account Data: Retained for the duration of your account plus 30 days after deletion
  • OKR Data: Retained for the duration of your workspace membership
  • Payment Data: Retained by Stripe according to their retention policies
  • Log Data: Retained for 90 days for security and debugging purposes
  • Error Data: Retained by Honeybadger for 30 days

8. Your Rights

Under GDPR and other applicable data protection laws, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Portability: Request transfer of your data to another service
  • Restriction: Request limitation of data processing
  • Objection: Object to processing of your personal data

To exercise these rights, please contact us at support@fasan.app. We will process your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure hosting infrastructure
  • Regular backups and disaster recovery procedures

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Certification schemes and codes of conduct

11. Cookies

We use cookies to enhance your experience:

  • Session Cookies: Essential for authentication and session management
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use our platform (only with consent)

You can control cookie settings through your browser preferences.

12. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

14. Sharing with Authorities

We only share your data with authorities when legally required or necessary for law enforcement.

15. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@fasan.app

Data Controller: Florian Osterhus

You also have the right to lodge a complaint with the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia: https://www.ldi.nrw.de

Back To Home