Privacy Policy

FAL Digital ("FAL Digital", "we", "us", "our") operates the website fal-digital.com and related services (the "Service"), including interactive e-books, audio features, and educational games.

This Privacy Policy explains how we collect, use, share, and protect personal information when you use our Service, and the choices you have.

1) Who we are (Controller)

For the purposes of UK data protection law, the controller is:

Rashid Mustafa
Location: Reading, UK
Email: [email protected]

2) Information we help collect

We collect information in three ways: (a) information you provide, (b) information collected automatically, and (c) information from third parties you choose to use (like Google Sign-In).

A) Information you provide

• Account information: email address, display name, first name, last name, phone number (optional), and basic account details required to access the Service.
• Payment and subscription information: If you purchase a subscription, we receive subscription-related data from our payment processor, including subscription status, order IDs, and transaction information. We do not store your payment card details (these are handled by the payment processor).
• Support communications: messages you send us (and information you include) when contacting us.

B) Information collected automatically

• Device and usage data: pages viewed, features used, timestamps, basic performance and error data.
• Log data: IP address, browser type, device information, referring pages, and request timestamps (typically collected as part of normal website operation and security).

C) Information from third-party services

Google Sign-In (if you use it):

If you choose Sign in with Google, we receive basic account data from Google such as:

• your email address
• your name
• your profile picture (if available)

We do not receive your Google password.

Important: We only use Google Sign-In to authenticate you. We do not request access to sensitive Google data (like Gmail, Google Drive, contacts, etc.).

Payment processor:

When you purchase a subscription, our payment processor provides us with:

• subscription status and identifiers
• order IDs and transaction details
• customer portal URLs (for subscription management)
• email address associated with the purchase (to match with your account)

We do not receive or store your payment card details, which are processed directly by the payment processor in accordance with applicable payment security standards.

3) How we use your information

We use personal information to:

• Provide and operate the Service (login, access control, and delivering content/features).
• Process and manage subscriptions, including granting and revoking access based on subscription status.
• Authenticate users and maintain session security.
• Provide customer support and respond to requests (including payment and subscription inquiries).
• Improve reliability and fix issues (debugging, error monitoring, performance).
• Prevent fraud/abuse and enforce our policies.
• Comply with legal obligations where applicable (including tax and financial reporting requirements).
• Send transactional communications related to your subscription (payment confirmations, renewal notices, cancellation confirmations).

4) Legal bases for processing

We process your personal information under the following legal bases:

• Contract: to provide the Service you request (e.g., account access, processing subscriptions, fulfilling payment obligations).
• Legitimate interests: to secure, maintain, and improve the Service (e.g., preventing abuse, debugging, fraud prevention).
• Consent: where required by law (e.g., certain non-essential cookies/analytics, marketing communications if opted in).
• Legal obligation: where we must comply with law (e.g., tax reporting, financial record keeping, responding to legal requests).

UK/EU users: These bases apply under UK GDPR and EU GDPR. You have the right to object to processing based on legitimate interests and to withdraw consent at any time (where applicable).

5) Sharing your information

We do not sell your personal information.

We may share information with service providers who help run the Service, such as:

• Payment processor: Payment processing, subscription management, fraud prevention, tax collection where applicable, and merchant of record services. The payment processor handles payment card data in accordance with applicable security standards.
• Cloudflare: Hosting, CDN, security, and performance services.
• Supabase: Authentication, database, and access control services.
• Google: Only for Google Sign-In authentication (if you use it).

We may also share information:

• If required by law or a valid legal request (including tax authorities, law enforcement, or regulatory bodies).
• To protect rights and safety (e.g., investigating abuse, security incidents, fraud).
• Business changes: if the Service is reorganised, transferred, or acquired (you'll be notified where required by law).
• Payment disputes: with payment processors and financial institutions to resolve payment disputes or chargebacks.

We do not sell your personal information to third parties.

6) International transfers

Your information may be processed in countries outside the UK/EU depending on where our service providers operate. For example:

• Payment processor: May process data in the United States and other jurisdictions. They use appropriate safeguards for international data transfers where required.
• Cloudflare and Supabase: May process data in multiple regions including the US and EU.

Where required by law (including UK GDPR and EU GDPR), we rely on appropriate safeguards to protect your information, such as:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Adequacy decisions by the UK or EU Commission
• Certification schemes and binding corporate rules

By using the Service, you consent to these transfers. If you have concerns, please contact us at [email protected].

7) Cookies and similar technologies

We use cookies and similar technologies as needed for:

• Strictly necessary functions like login sessions and security.
• Preferences (where applicable).

We may use privacy-friendly analytics (such as platform or hosting analytics) to understand basic site usage and performance. Where legally required, we will request consent for non-essential cookies.

You can control cookies through your browser settings. If you disable certain cookies, some parts of the Service (like login) may not work properly.

8) Children's privacy

FAL Digital is designed for educational use. It may be used by children with involvement or consent from a parent/guardian, or by adults (parents/teachers) on a child's behalf.

If you believe a child has provided personal information without appropriate consent, contact us at [email protected] and we will take steps to delete it.

9) Data retention

We keep personal information only as long as necessary to:

• provide and operate the Service,
• maintain security and prevent abuse,
• comply with legal obligations (including tax and financial record keeping requirements, which may require retention for up to 7 years in some jurisdictions),
• resolve disputes and enforce agreements.

Subscription and payment data: We retain subscription and transaction records as required by law (typically 7 years for tax and accounting purposes in the UK) and to manage your subscription relationship.

If you request deletion, we will remove or anonymise personal data where feasible unless we must keep certain information for legal, security, or legitimate business reasons (such as maintaining subscription records for active subscribers).

After account deletion, some anonymised or aggregated data may be retained for analytics and legal compliance purposes.

10) Security

We use reasonable technical and organisational measures to protect your information. However, no online system is 100% secure, and we cannot guarantee absolute security.

11) Your rights

Depending on your location and applicable law (including UK GDPR, EU GDPR, CCPA, and other data protection laws), you may have rights to:

• Access: request a copy of the personal data we hold about you (including subscription and payment information).
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your personal data (subject to legal and contractual obligations).
• Restriction: request that we limit how we process your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format (where technically feasible).
• Objection: object to processing based on legitimate interests.
• Withdraw consent: withdraw consent at any time (where processing is based on consent).
• Complain: lodge a complaint with your local data protection authority (in the UK: ICO; in the EU: your national DPA).

Payment data: For payment and subscription-related data processed by our payment processor, you may need to exercise some rights directly with that processor. Contact us if you need help identifying the correct provider for your purchase.

To exercise your rights, email [email protected]. We will respond within one month (or as required by applicable law). We may request proof of identity to protect your privacy.

12) Third-party links

Our Service may link to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies.

13) Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top. If changes are significant, we may post a notice on the website.

14) Contact

Email: [email protected]
Location: Reading, UK

Report a Bug