§ 1. Data Controller

The Data Controller for personal data of fider.in users is:

JWeb Jonasz Walasik

ul. Ignacego Daszyńskiego 11 lok. 43, 95-070 Aleksandrów Łódzki, Poland

NIP: 7282650504 | REGON: 528537910

E-mail: helpdesk@fider.in
Last updated: March 20, 2026

For any matters relating to the processing of personal data, please contact: helpdesk@fider.in. The Data Controller has not appointed a Data Protection Officer (DPO). All data protection inquiries should be directed to the Data Controller at the address above.

§ 2. Definitions

In this Privacy Policy:

• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.
• Personal data – any information relating to an identified or identifiable natural person.
• User – a natural person using the Service.
• Service – the platform available at fider.in.
• External AI Providers – third-party providers of AI model services to which the Service transmits the User’s content at the User’s request for the purpose of generating, editing, or animating content.
• EEA – European Economic Area.

§ 3. Scope and Purposes of Processing

3.1. Registration Data and User Account

Purpose: performance of a contract (Art. 6(1)(b) GDPR).

Scope: full name or company name, email address, login credentials (password stored in hashed form).

Retention period: for the duration of the contract (active Account) and for 12 months following Account deletion (legal basis: legitimate interest of the Data Controller – pursuit and defense of claims, which are subject to a limitation period of up to 3 years), after which the data is permanently deleted.

3.2. Billing and Payment Data

Purpose: processing payments, issuing invoices, fulfilling tax and accounting obligations.

Scope: invoice identification data (full name / company name, address, tax identification number), transaction information (amount, date, subscription number).

Legal basis: Art. 6(1)(b) (performance of a contract) and Art. 6(1)(c) GDPR (legal obligation – tax regulations).

Retention period: 5 years from the end of the tax year in which the invoice was issued (obligation under tax regulations).

3.3. Multimedia Content (Media Library)

Purpose: providing the Service – storing and making the User’s content available, enabling content creation and publishing.

Scope: photos, graphics, and video files uploaded by the User.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Retention period: for the duration of the active Account and for 30 days following Account deletion or permanent expiry of the subscription, after which content is permanently and irreversibly deleted from the Data Controller’s servers.

3.4. Technical Data and Logs

Purpose: ensuring the security and proper functioning of the Service, error diagnostics.

Scope: IP address, browser data, timestamps, activity logs.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Data Controller – system security).

Retention period: up to 12 months.

3.5. Communications (Complaints, Support)

Purpose: handling complaints and support requests, responding to inquiries.

Scope: email address, content of correspondence.

Legal basis: Art. 6(1)(b) GDPR (complaints – performance of a contract) and Art. 6(1)(f) GDPR (general inquiries – legitimate interest of the Data Controller).

Retention period: for the duration of the subscription and 1 year after its termination.

3.6. Social Media Platform Authentication Tokens (OAuth)

Purpose: enabling the publication of content on Social Media Platforms on behalf of the User.

Scope: OAuth access tokens issued by Social Media Platform operators (Facebook, Instagram, TikTok, YouTube, LinkedIn). The Data Controller does not store the User’s passwords for Platform accounts.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract – provision of the publishing feature).

Retention period: for the duration of the active integration and for 30 days following disconnection or Account deletion, after which tokens are permanently deleted.

3.7. Children’s Data

The Service is intended solely for persons aged 18 and over. The Data Controller does not knowingly collect personal data from children under the age of 13. If the Data Controller becomes aware that an Account has been created by a person under the age of 13, the Account and all associated data will be deleted immediately. Parents or legal guardians who believe that their child has submitted personal data to the Service may contact helpdesk@fider.in to request deletion of such data.

§ 4. Recipients of Data

Users’ personal data may be transferred to the following categories of recipients:

• Payment operator – Stripe, Inc. (USA) – payment processing, invoice issuance. Data transfers to the USA are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission or on the basis of an adequacy decision.
• IT infrastructure providers – entities providing hosting, servers, database systems, and CDN, with whom the Data Controller has concluded data processing agreements.
• External AI Providers – providers of artificial intelligence services – entities providing visual and textual content generation, editing, and animation services, to which the Service transmits the User’s content exclusively at the User’s request for the purpose of performing the requested AI operations. Data transfers to entities outside the EEA are made on the basis of Standard Contractual Clauses (SCCs) or other mechanisms in accordance with Art. 46 GDPR.
• Reel rendering tool providers – technical entities involved in the process of generating animated reels.
• Social Media Platform integration providers – entities providing connectivity between the Service and external platforms (Facebook, Instagram, TikTok, YouTube, LinkedIn).
• Public authorities – only where applicable law obliges the Data Controller to disclose data.

The Data Controller does not sell Users’ personal data to third parties for marketing purposes or within the meaning of the CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act). The current list of entities processing data on behalf of the Data Controller is available on request at helpdesk@fider.in. The Data Controller enters into data processing agreements with entities processing personal data on its behalf in accordance with Art. 28 GDPR, ensuring an adequate level of protection.

§ 5. Transmission of Content to External AI Providers

1. Fider acts as a technical intermediary (orchestrator) in the process of AI-based content processing. The Service uses external AI systems within the meaning of Regulation (EU) 2024/1689 (the EU AI Act). AI-generated content constitutes suggestions that require human review – detailed liability rules are set out in the Terms of Service.

2. The User’s content (photos, videos) is transmitted to External AI Providers exclusively:

• at the User’s explicit request (by using the AI features in the Service),
• for the purpose of performing operations requested by the User (animation, image editing, visual content generation).

3. The Data Controller does not process the content of materials on its own servers. The only technical operation performed locally after receiving the finished file from the External AI Provider’s API is cropping (adjusting aspect ratio to template requirements) – this does not alter the visual content of the material.

4. External AI Providers process transmitted content in accordance with their own terms of service and privacy policies. By using the AI features in the Service, the User accepts that their content will be transmitted to external AI systems. Information about the specific AI providers currently used by the Service is available on request at helpdesk@fider.in.

5. Transfers of content outside the EEA (to providers located outside the European Economic Area, including AI model providers based in the USA) are made on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission or other mechanisms ensuring an adequate level of data protection in accordance with Art. 46 GDPR. Users may obtain information about the specific transfer mechanisms applied by contacting helpdesk@fider.in.

6. By uploading content to the Service and using the AI features, the User represents that they hold all necessary rights and consents with respect to such content, including the right for it to be processed by External AI Providers. The User further represents that such content does not contain the likeness or personal data of children under the age of 13 without the consent of their parents or legal guardians.

§ 6. User Rights

Under the GDPR, Users have the following rights:

• Right of access – the right to obtain information about what personal data the Data Controller processes.
• Right to rectification – the right to request correction of inaccurate or completion of incomplete data.
• Right to erasure – the right to request deletion of data (“right to be forgotten”), subject to exceptions under the GDPR (e.g., the obligation to retain data for tax purposes).
• Right to restriction of processing – the right to request restriction of processing in certain circumstances.
• Right to data portability – the right to receive data in a structured, commonly used format.
• Right to object – the right to object to the processing of data on the basis of the Data Controller’s legitimate interest.
• Right to withdraw consent – where processing is based on consent, the User may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

Requests regarding the above rights should be submitted to: helpdesk@fider.in.

The Data Controller responds to requests within 30 days. For complex requests, this period may be extended by a further 60 days – the User will be informed of any such extension.

The User has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

§ 7. Cookies and Tracking Technologies

1. The Service uses cookies and similar technologies for the purpose of:

• ensuring the proper functioning of the Service (essential cookies – legal basis: legitimate interest / technical necessity),
• supporting the payment process via Stripe (payment operator cookies).

2. Users may manage cookies through their browser settings. Disabling essential cookies may prevent use of the Service.

§ 8. Data Security

1. The Data Controller applies technical and organizational measures to protect personal data appropriate to the risk, including:

• encryption of data transmission (HTTPS/TLS protocol),
• passwords stored in hashed form (hashing),
• access controls for systems processing personal data,
• regular data backups.

2. Payment card data is not stored by the Data Controller – payment processing is handled entirely by Stripe, Inc.

3. In the event of a personal data breach that may result in a risk to the rights and freedoms of natural persons, the Data Controller will notify the President of the UODO within 72 hours and, where the risk is high, will also notify affected Users.

§ 9. Social Media Platform Integrations

1. Using integrations with Social Media Platforms (Facebook, Instagram, TikTok, YouTube, LinkedIn) requires logging in to those platforms outside the Service and granting the relevant permissions.

2. The Data Controller does not store the User’s passwords for Social Media Platform accounts.

3. Data transmitted to Social Media Platforms (content published via the Service) is subject to the privacy policies of those platforms. The Data Controller is not responsible for the manner in which Social Media Platform operators process such data.

4. Users may disconnect a Social Media Platform integration at any time in the Service Settings.

§ 10. Changes to This Privacy Policy

1. The Data Controller reserves the right to amend this Privacy Policy.

2. Users will be notified of any material changes by email at least 14 days in advance.

3. The current version of this Privacy Policy is always available at fider.in/en/privacy.

4. The date of the last update is indicated at the top of this document.

§ 11. Rights of US Users

1. This section applies primarily to residents of the state of California (USA) using the Service within the meaning of the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Similar rights may also apply to residents of other US states with their own privacy laws (including Virginia, Colorado, Connecticut, and Texas).

2. California residents have the right to:

• obtain information about the categories and specific personal data collected by the Data Controller,
• request deletion of personal data, subject to exceptions provided by law,
• request correction of inaccurate personal data,
• opt out of the sale or sharing of personal data with third parties (the Data Controller does not sell users’ personal data).

3. The Data Controller does not sell Users’ personal data within the meaning of the CCPA/CPRA. Data transmitted to External AI Providers and to the payment operator (Stripe) constitutes the provision of services necessary for the operation of the Service, not a sale of data.

4. Requests regarding rights under the CCPA/CPRA should be submitted to: helpdesk@fider.in, with the subject line “CCPA Request”. The Data Controller will respond within 45 days, with the possibility of a further 45-day extension in justified cases.

5. The Data Controller does not discriminate against Users who exercise their rights under the CCPA/CPRA.

§ 12. Final Provisions

1. This Privacy Policy enters into force on March 20, 2026.

2. Matters not covered by this Privacy Policy are governed by the GDPR and applicable Polish law.

3. The binding language for the interpretation of this Privacy Policy is Polish.